You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@knox.apache.org by "Shi Wang (JIRA)" <ji...@apache.org> on 2017/04/06 20:37:41 UTC

[jira] [Commented] (KNOX-817) Gateway service defintion for Avatica

    [ https://issues.apache.org/jira/browse/KNOX-817?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15959708#comment-15959708 ] 

Shi Wang commented on KNOX-817:
-------------------------------

Hi [~elserj], 
  <policies>
        <policy role="webappsec"/>
        <policy role="authentication"/>
        <policy role="rewrite"/>
        <policy role="authorization"/>
  </policies>

is lacking the identity-assertion role, which will append "doAs" or "user.name" in the end. Either we can remove the policies and use the default ones, which include the identity-assertion filter, or add identity-assertion in the policy. 

Or the dispatched avatica url do not have the "doAs" as params and calcite-1539 wont work for avativa through knox. :)

> Gateway service defintion for Avatica
> -------------------------------------
>
>                 Key: KNOX-817
>                 URL: https://issues.apache.org/jira/browse/KNOX-817
>             Project: Apache Knox
>          Issue Type: Improvement
>            Reporter: Josh Elser
>            Assignee: Josh Elser
>             Fix For: 0.11.0
>
>         Attachments: KNOX-817.001.patch
>
>
> Apache Avatica, an Apache Calcite sub-project, is an HTTP-based JDBC server and corresponding JDBC driver (which uses that server). It is meant to act as a proxy to some database. Avatica is presently used by a number of projects, Apache Phoenix and Apache Drill to name two prominent ones, and has a number of community-developed drivers in languages other than Java.
> As far as authentication goes, Avatica only provides authentication based on the authentication capabilities of the database. Knox is a natural fit for Avatica, specifically the centralized authentication, SSL support, and auditing are all enticing features.
> With the help of [~lmccay] (and https://github.com/moresandeep/knox-dev-docker), I got some service files working very quickly. Would be nice to contribute these back to enable Phoenix, Drill and others to use Knox out of the box.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)