Repository: hive Updated Branches: refs/heads/branch-1 e8fd6882d -> cf37fc6aa
HIVE-11001 : HS2 http cookie mode does not honor doAs url parameter (Thejas Nair , reviewed by Hari Sankar Sivarama Subramaniyan ) Project: http://git-wip-us.apache.org/repos/asf/hive/repo Commit: http://git-wip-us.apache.org/repos/asf/hive/commit/cf37fc6a Tree: http://git-wip-us.apache.org/repos/asf/hive/tree/cf37fc6a Diff: http://git-wip-us.apache.org/repos/asf/hive/diff/cf37fc6a Branch: refs/heads/branch-1 Commit: cf37fc6aa9f925c7ac89071f06ba252ca20392e1 Parents: e8fd688 Author: Thejas Nair <[email protected]> Authored: Sun Jun 14 17:01:10 2015 -0700 Committer: Thejas Nair <[email protected]> Committed: Sun Jun 14 17:06:32 2015 -0700 ---------------------------------------------------------------------- .../hadoop/hive/ql/session/SessionState.java | 3 +++ .../service/cli/thrift/ThriftHttpServlet.java | 18 ++++++++++++------ 2 files changed, 15 insertions(+), 6 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/hive/blob/cf37fc6a/ql/src/java/org/apache/hadoop/hive/ql/session/SessionState.java ---------------------------------------------------------------------- diff --git a/ql/src/java/org/apache/hadoop/hive/ql/session/SessionState.java b/ql/src/java/org/apache/hadoop/hive/ql/session/SessionState.java index 6eed20e..d8fbf0e 100644 --- a/ql/src/java/org/apache/hadoop/hive/ql/session/SessionState.java +++ b/ql/src/java/org/apache/hadoop/hive/ql/session/SessionState.java @@ -338,6 +338,9 @@ public class SessionState { public SessionState(HiveConf conf, String userName) { this.conf = conf; this.userName = userName; + if (LOG.isDebugEnabled()) { + LOG.debug("SessionState user: " + userName); + } isSilent = conf.getBoolVar(HiveConf.ConfVars.HIVESESSIONSILENT); ls = new LineageState(); resourceMaps = new ResourceMaps(); http://git-wip-us.apache.org/repos/asf/hive/blob/cf37fc6a/service/src/java/org/apache/hive/service/cli/thrift/ThriftHttpServlet.java ---------------------------------------------------------------------- diff --git a/service/src/java/org/apache/hive/service/cli/thrift/ThriftHttpServlet.java b/service/src/java/org/apache/hive/service/cli/thrift/ThriftHttpServlet.java index e1166d3..56c8cb6 100644 --- a/service/src/java/org/apache/hive/service/cli/thrift/ThriftHttpServlet.java +++ b/service/src/java/org/apache/hive/service/cli/thrift/ThriftHttpServlet.java @@ -134,11 +134,6 @@ public class ThriftHttpServlet extends TServlet { // For a kerberos setup if (isKerberosAuthMode(authType)) { clientUserName = doKerberosAuth(request); - String doAsQueryParam = getDoAsQueryParam(request.getQueryString()); - - if (doAsQueryParam != null) { - SessionManager.setProxyUserName(doAsQueryParam); - } } // For password based authentication else { @@ -146,8 +141,16 @@ public class ThriftHttpServlet extends TServlet { } } LOG.debug("Client username: " + clientUserName); + // Set the thread local username to be used for doAs if true SessionManager.setUserName(clientUserName); + + // find proxy user if any from query param + String doAsQueryParam = getDoAsQueryParam(request.getQueryString()); + if (doAsQueryParam != null) { + SessionManager.setProxyUserName(doAsQueryParam); + } + clientIpAddress = request.getRemoteAddr(); LOG.debug("Client IP Address: " + clientIpAddress); // Set the thread local ip address @@ -225,7 +228,7 @@ public class ThriftHttpServlet extends TServlet { LOG.debug("Validated the cookie for user " + userName); } return userName; - } + } } // No valid HS2 generated cookies found, return null return null; @@ -522,6 +525,9 @@ public class ThriftHttpServlet extends TServlet { } private static String getDoAsQueryParam(String queryString) { + if (LOG.isDebugEnabled()) { + LOG.debug("URL query string:" + queryString); + } if (queryString == null) { return null; }
