Repository: knox Updated Branches: refs/heads/master 0c1ff50fe -> dc86bde75
KNOX-581: Hive dispatch not propagating effective principal name Project: http://git-wip-us.apache.org/repos/asf/knox/repo Commit: http://git-wip-us.apache.org/repos/asf/knox/commit/dc86bde7 Tree: http://git-wip-us.apache.org/repos/asf/knox/tree/dc86bde7 Diff: http://git-wip-us.apache.org/repos/asf/knox/diff/dc86bde7 Branch: refs/heads/master Commit: dc86bde75682c7a69b7bb3fb24908b18f3ee0e42 Parents: 0c1ff50 Author: Kevin Minder <[email protected]> Authored: Wed Aug 5 18:28:25 2015 -0400 Committer: Kevin Minder <[email protected]> Committed: Wed Aug 5 18:28:25 2015 -0400 ---------------------------------------------------------------------- CHANGES | 1 + .../apache/hadoop/gateway/hive/HiveDispatch.java | 16 ++++------------ .../hadoop/gateway/security/SubjectUtils.java | 12 ++++++++++++ 3 files changed, 17 insertions(+), 12 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/knox/blob/dc86bde7/CHANGES ---------------------------------------------------------------------- diff --git a/CHANGES b/CHANGES index fc68884..0028ecb 100644 --- a/CHANGES +++ b/CHANGES @@ -16,6 +16,7 @@ Release Notes - Apache Knox - Version 0.7.0 ** Bug * [KNOX-554] - Fixed support for gateway.path change + added support for X-Forward-* headers in admin topology API. + * [KNOX-581] - Hive dispatch not propagating effective principal name ------------------------------------------------------------------------------ Release Notes - Apache Knox - Version 0.6.0 http://git-wip-us.apache.org/repos/asf/knox/blob/dc86bde7/gateway-service-hive/src/main/java/org/apache/hadoop/gateway/hive/HiveDispatch.java ---------------------------------------------------------------------- diff --git a/gateway-service-hive/src/main/java/org/apache/hadoop/gateway/hive/HiveDispatch.java b/gateway-service-hive/src/main/java/org/apache/hadoop/gateway/hive/HiveDispatch.java index 47bd9f4..56679fe 100644 --- a/gateway-service-hive/src/main/java/org/apache/hadoop/gateway/hive/HiveDispatch.java +++ b/gateway-service-hive/src/main/java/org/apache/hadoop/gateway/hive/HiveDispatch.java @@ -20,6 +20,7 @@ package org.apache.hadoop.gateway.hive; import org.apache.hadoop.gateway.config.Configure; import org.apache.hadoop.gateway.dispatch.DefaultDispatch; import org.apache.hadoop.gateway.security.PrimaryPrincipal; +import org.apache.hadoop.gateway.security.SubjectUtils; import org.apache.http.HttpResponse; import org.apache.http.auth.AuthScope; import org.apache.http.auth.Credentials; @@ -51,23 +52,14 @@ public class HiveDispatch extends DefaultDispatch { super.init(); } - protected Principal getPrimaryPrincipal() { - Principal principal = null; - Subject subject = Subject.getSubject( AccessController.getContext()); - if( subject != null ) { - principal = (Principal)subject.getPrincipals(PrimaryPrincipal.class).toArray()[0]; - } - return principal; - } - protected void addCredentialsToRequest(HttpUriRequest request) { if( isBasicAuthPreemptive() ) { - Principal principal = getPrimaryPrincipal(); + String principal = SubjectUtils.getCurrentEffectivePrincipalName(); if( principal != null ) { UsernamePasswordCredentials credentials = - new UsernamePasswordCredentials( principal.getName(), PASSWORD_PLACEHOLDER ); - + new UsernamePasswordCredentials( principal, PASSWORD_PLACEHOLDER ); + request.addHeader(BasicScheme.authenticate(credentials,"US-ASCII",false)); } } http://git-wip-us.apache.org/repos/asf/knox/blob/dc86bde7/gateway-spi/src/main/java/org/apache/hadoop/gateway/security/SubjectUtils.java ---------------------------------------------------------------------- diff --git a/gateway-spi/src/main/java/org/apache/hadoop/gateway/security/SubjectUtils.java b/gateway-spi/src/main/java/org/apache/hadoop/gateway/security/SubjectUtils.java index 7116c0d..5d8c8a7 100644 --- a/gateway-spi/src/main/java/org/apache/hadoop/gateway/security/SubjectUtils.java +++ b/gateway-spi/src/main/java/org/apache/hadoop/gateway/security/SubjectUtils.java @@ -81,4 +81,16 @@ public class SubjectUtils { return name; } + public static String getCurrentEffectivePrincipalName() { + String name = null; + Subject subject = getCurrentSubject(); + if( subject != null ) { + name = getImpersonatedPrincipalName( subject ); + if (name == null) { + name = getPrimaryPrincipalName(subject); + } + } + return name; + } + }
