You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@knox.apache.org by "Shi Wang (JIRA)" <ji...@apache.org> on 2017/04/06 20:37:41 UTC
[jira] [Commented] (KNOX-817) Gateway service defintion for Avatica
[ https://issues.apache.org/jira/browse/KNOX-817?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15959708#comment-15959708 ]
Shi Wang commented on KNOX-817:
-------------------------------
Hi [~elserj],
<policies>
<policy role="webappsec"/>
<policy role="authentication"/>
<policy role="rewrite"/>
<policy role="authorization"/>
</policies>
is lacking the identity-assertion role, which will append "doAs" or "user.name" in the end. Either we can remove the policies and use the default ones, which include the identity-assertion filter, or add identity-assertion in the policy.
Or the dispatched avatica url do not have the "doAs" as params and calcite-1539 wont work for avativa through knox. :)
> Gateway service defintion for Avatica
> -------------------------------------
>
> Key: KNOX-817
> URL: https://issues.apache.org/jira/browse/KNOX-817
> Project: Apache Knox
> Issue Type: Improvement
> Reporter: Josh Elser
> Assignee: Josh Elser
> Fix For: 0.11.0
>
> Attachments: KNOX-817.001.patch
>
>
> Apache Avatica, an Apache Calcite sub-project, is an HTTP-based JDBC server and corresponding JDBC driver (which uses that server). It is meant to act as a proxy to some database. Avatica is presently used by a number of projects, Apache Phoenix and Apache Drill to name two prominent ones, and has a number of community-developed drivers in languages other than Java.
> As far as authentication goes, Avatica only provides authentication based on the authentication capabilities of the database. Knox is a natural fit for Avatica, specifically the centralized authentication, SSL support, and auditing are all enticing features.
> With the help of [~lmccay] (and https://github.com/moresandeep/knox-dev-docker), I got some service files working very quickly. Would be nice to contribute these back to enable Phoenix, Drill and others to use Knox out of the box.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)