[
https://issues.apache.org/jira/browse/KNOX-1098?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16704772#comment-16704772
]
Kevin Risden commented on KNOX-1098:
------------------------------------
Knox relies on Livy to ensure that the user provided is allowed to access the
session. Knox sets the proxyUser to the authenticated user on the creation of
the session/batch. This follows the same as the rest api here:
[https://livy.incubator.apache.org/docs/latest/rest-api.html]
The only change this patch made was to force the proxyUser instead of relying
on the user to specify it. Previously Knox would force the proxyUser to updated
if it was provided. If the proxyUser was not provided it wasn't added. This
change ensures that proxyUser is always set.
> Livy proxyUser should be added when not present
> -----------------------------------------------
>
> Key: KNOX-1098
> URL: https://issues.apache.org/jira/browse/KNOX-1098
> Project: Apache Knox
> Issue Type: Bug
> Components: Server
> Affects Versions: 0.14.0, 1.0.0, 1.1.0
> Reporter: Jeffrey Rodriguez
> Assignee: Kevin Risden
> Priority: Major
> Labels: livy
> Fix For: 1.2.0
>
> Attachments: KNOX-1098.patch, KNOX-1098.patch, KNOX-1098.patch
>
>
> Current Knox Livy service will replace the value pair proxyUser, user to
> impersonate when running the job , with the value of the user that Knox has
> authenticated. If the proxyUser value pair doesn't exist the rewrite rule
> will not add the proxyUser value pair.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
