zratkai commented on code in PR #5606:
URL: https://github.com/apache/hive/pull/5606#discussion_r1961317949
##########
standalone-metastore/metastore-server/src/main/java/org/apache/hadoop/hive/metastore/ServletSecurity.java:
##########
@@ -33,26 +33,64 @@
import org.slf4j.LoggerFactory;
import javax.servlet.ServletException;
+import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
+import java.security.PrivilegedAction;
import java.security.PrivilegedExceptionAction;
import java.util.Arrays;
import java.util.Enumeration;
import java.util.Optional;
/**
* Secures servlet processing.
+ * <p>This is to be used by servlets that require impersonation through {@link
UserGroupInformation#doAs(PrivilegedAction)}
+ * method when providing service. The servlet request header provides user
identification
+ * that Hadoop{@literal '}s security uses to perform actions, the
+ * {@link ServletSecurity#execute(HttpServletRequest, HttpServletResponse,
ServletSecurity.MethodExecutor)}
+ * method invokes the executor through a {@link PrivilegedAction} in the
expected {@link UserGroupInformation} context.
+ * </p>
+ * A typical usage in a servlet is the following:
+ * <pre><code>
+ * SecureServletCaller security; // ...
Review Comment:
Where is this class? SecureServletCaller
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: gitbox-unsubscr...@hive.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: gitbox-unsubscr...@hive.apache.org
For additional commands, e-mail: gitbox-h...@hive.apache.org
