[GitHub] phoenix pull request #265: PHOENIX-3598

Mon, 26 Jun 2017 13:34:46 -0700 

Github user joshelser commented on a diff in the pull request:

    https://github.com/apache/phoenix/pull/265#discussion_r124112286
  
    --- Diff: 
phoenix-queryserver/src/main/java/org/apache/phoenix/queryserver/server/QueryServer.java
 ---
    @@ -274,6 +282,47 @@ public int run(String[] args) throws Exception {
       }
     
       /**
    +   * Use the correctly way to extract end user.
    +   */
    +
    +  static class PhoenixRemoteUserExtractor implements RemoteUserExtractor{
    +    private final HttpQueryStringParameterRemoteUserExtractor 
paramRemoteUserExtractor;
    +    private final HttpRequestRemoteUserExtractor 
requestRemoteUserExtractor;
    +    private final boolean enableDoAs;
    +    private final String doAsParam;
    +
    +    public PhoenixRemoteUserExtractor(Configuration conf) {
    +      this.requestRemoteUserExtractor = new 
HttpRequestRemoteUserExtractor();
    +      this.doAsParam = conf.get(QueryServices.QUERY_SERVER_DOAS_PARAM,
    +              QueryServicesOptions.DEFAULT_QUERY_SERVER_DOAS_PARAM);
    +      this.paramRemoteUserExtractor = new 
HttpQueryStringParameterRemoteUserExtractor(doAsParam);
    +      this.enableDoAs = 
conf.getBoolean(QueryServices.QUERY_SERVER_DOAS_ENABLED_ATTRIB,
    +              QueryServicesOptions.DEFAULT_QUERY_SERVER_DOAS_ENABLED);
    +    }
    +
    +    @Override
    +    public String extract(HttpServletRequest request) throws 
RemoteUserExtractionException {
    +      if (request.getParameter(doAsParam) != null && enableDoAs) {
    +        String doAsUser = paramRemoteUserExtractor.extract(request);
    +        UserGroupInformation ugi = 
UserGroupInformation.createRemoteUser(request.getRemoteUser());
    +        UserGroupInformation proxyUser = 
UserGroupInformation.createProxyUser(doAsUser, ugi);
    +
    +        // Check if this user is allowed to be impersonated.
    +        // Will throw AuthorizationException if the impersonation as this 
user is not allowed
    +        try {
    +          ProxyUsers.authorize(proxyUser, request.getRemoteAddr());
    +          return doAsUser;
    +        } catch (AuthorizationException e) {
    +          throw new RemoteUserExtractionException(e.getMessage());
    --- End diff --
    
    Can the exception be passed into the RemoteUserExtractionException instead 
of just the message? (to preserve the stack trace)


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

Reply via email to