Dilli Arumugam created HIVE-6738:
------------------------------------
Summary: HiveServer2 secure Thrift/HTTP needs to accept doAs
parameter from proxying intermediary
Key: HIVE-6738
URL: https://issues.apache.org/jira/browse/HIVE-6738
Project: Hive
Issue Type: Improvement
Components: HiveServer2
Reporter: Dilli Arumugam
Assignee: Dilli Arumugam
See already implemented JIra
https://issues.apache.org/jira/browse/HIVE-5155
Support secure proxy user access to HiveServer2
That fix expects the hive.server2.proxy.user parameter to come in Thrift body.
When an intermediary gateway like Apache Knox is authenticating the end client
and then proxying the request to HiveServer2, it is not practical for the
intermediary like Apache Knox to modify thrift content.
Intermediary like Apache Knox should be able to assert doAs in a query
parameter. This paradigm is already established by other Hadoop ecosystem
components like WebHDFS, WebHCat, Oozie and HBase and Hive needs to be aligned
with them.
The doAs asserted in query parameter should override if doAs specified in
Thrift body.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
