Thejas M Nair created HIVE-13418:
------------------------------------
Summary: HiveServer2 HTTP mode should support X-Forward-For header
for authorization/audits
Key: HIVE-13418
URL: https://issues.apache.org/jira/browse/HIVE-13418
Project: Hive
Issue Type: New Feature
Components: Authorization, HiveServer2
Reporter: Thejas M Nair
Assignee: Thejas M Nair
Apache Knox acts as a proxy for requests coming from the end users. In these
cases, the IP address that HiveServer2 passes to the authorization/audit
plugins via the HiveAuthzContext object is the IP address of the proxy, and not
the end user.
For auditing and authorization purposes, the IP address of the end use is more
meaningful.
HiveServer2 should pass the information from 'X-Forward-For' header to the
HiveAuthorizer plugins if the request is coming from a trusted proxy.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
