You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@hive.apache.org by "Thejas M Nair (JIRA)" <ji...@apache.org> on 2016/04/04 21:50:25 UTC
[jira] [Created] (HIVE-13418) HiveServer2 HTTP mode should support
X-Forward-For header for authorization/audits
Thejas M Nair created HIVE-13418:
------------------------------------
Summary: HiveServer2 HTTP mode should support X-Forward-For header for authorization/audits
Key: HIVE-13418
URL: https://issues.apache.org/jira/browse/HIVE-13418
Project: Hive
Issue Type: New Feature
Components: Authorization, HiveServer2
Reporter: Thejas M Nair
Assignee: Thejas M Nair
Apache Knox acts as a proxy for requests coming from the end users. In these cases, the IP address that HiveServer2 passes to the authorization/audit plugins via the HiveAuthzContext object is the IP address of the proxy, and not the end user.
For auditing and authorization purposes, the IP address of the end use is more meaningful.
HiveServer2 should pass the information from 'X-Forward-For' header to the HiveAuthorizer plugins if the request is coming from a trusted proxy.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)