You are viewing a plain text version of this content. The canonical link for it is here.

Posted to gitbox@hive.apache.org by GitBox <gi...@apache.org> on 2019/06/19 22:20:57 UTC

[GitHub] [hive] prasanthj commented on a change in pull request #678: HIVE-21892: Trusted domain authentication should look at X-Forwarded-For header as well

prasanthj commented on a change in pull request #678: HIVE-21892: Trusted domain authentication should look at X-Forwarded-For header as well
URL: https://github.com/apache/hive/pull/678#discussion_r295547689
 
 

 ##########
 File path: service/src/java/org/apache/hive/service/cli/thrift/ThriftHttpServlet.java
 ##########
 @@ -150,16 +150,35 @@ protected void doPost(HttpServletRequest request, HttpServletResponse response)
           LOG.info("Could not validate cookie sent, will try to generate a new cookie");
         }
       }
+
+      // Set the thread local ip address
+      SessionManager.setIpAddress(clientIpAddress);
+
+      // get forwarded hosts address
+      String forwarded_for = request.getHeader(X_FORWARDED_FOR);
+      if (forwarded_for != null) {
+        LOG.debug("{}:{}", X_FORWARDED_FOR, forwarded_for);
+        List<String> forwardedAddresses = Arrays.asList(forwarded_for.split(","));
+        SessionManager.setForwardedAddresses(forwardedAddresses);
+      } else {
+        SessionManager.setForwardedAddresses(Collections.<String>emptyList());
+      }
+
       // If the cookie based authentication is not enabled or the request does not have a valid
       // cookie, use authentication depending on the server setup.
       if (clientUserName == null) {
         String trustedDomain = HiveConf.getVar(hiveConf, ConfVars.HIVE_SERVER2_TRUSTED_DOMAIN).trim();
-
+        final boolean useXff = HiveConf.getBoolVar(hiveConf, ConfVars.HIVE_SERVER2_TRUSTED_DOMAIN_USE_XFF_HEADER);
+        if (useXff && !trustedDomain.isEmpty() &&
+          SessionManager.getForwardedAddresses() != null && !SessionManager.getForwardedAddresses().isEmpty()) {
+          clientIpAddress = SessionManager.getForwardedAddresses().get(0);
 
 Review comment:
   will add

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services

---------------------------------------------------------------------
To unsubscribe, e-mail: gitbox-unsubscribe@hive.apache.org
For additional commands, e-mail: gitbox-help@hive.apache.org