[
https://issues.apache.org/jira/browse/KNOX-817?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15959724#comment-15959724
]
Josh Elser commented on KNOX-817:
---------------------------------
bq. is lacking the identity-assertion role, which will append "doAs" or
"user.name" in the end. Either we can remove the policies and use the default
ones, which include the identity-assertion filter, or add identity-assertion in
the policy.
Ok, after we get your fix from CALCITE-1539 done, you can modify Knox to update
the documentation and add the policy (I don't know if this is something we'd
always want on?). Please do open up a new Knox JIRA issue for that change
though.
> Gateway service defintion for Avatica
> -------------------------------------
>
> Key: KNOX-817
> URL: https://issues.apache.org/jira/browse/KNOX-817
> Project: Apache Knox
> Issue Type: Improvement
> Reporter: Josh Elser
> Assignee: Josh Elser
> Fix For: 0.11.0
>
> Attachments: KNOX-817.001.patch
>
>
> Apache Avatica, an Apache Calcite sub-project, is an HTTP-based JDBC server
> and corresponding JDBC driver (which uses that server). It is meant to act as
> a proxy to some database. Avatica is presently used by a number of projects,
> Apache Phoenix and Apache Drill to name two prominent ones, and has a number
> of community-developed drivers in languages other than Java.
> As far as authentication goes, Avatica only provides authentication based on
> the authentication capabilities of the database. Knox is a natural fit for
> Avatica, specifically the centralized authentication, SSL support, and
> auditing are all enticing features.
> With the help of [~lmccay] (and
> https://github.com/moresandeep/knox-dev-docker), I got some service files
> working very quickly. Would be nice to contribute these back to enable
> Phoenix, Drill and others to use Knox out of the box.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
