dengzhhu653 commented on code in PR #6085:
URL: https://github.com/apache/hive/pull/6085#discussion_r2370870190
##########
service/src/java/org/apache/hive/service/cli/thrift/ThriftHttpServlet.java:
##########
@@ -540,6 +553,54 @@ public String run() throws HttpAuthenticationException {
}
}
+ private void enforceLdapFilters(String shortName) throws
HttpAuthenticationException {
+ boolean enableGroupCheck = hiveConf.getBoolVar(
+
HiveConf.ConfVars.HIVE_SERVER2_LDAP_ENABLE_GROUP_CHECK_AFTER_KERBEROS);
+ if (!enableGroupCheck) {
+ LOG.debug("No LDAP group check is enabled; skipping.");
+ return;
+ }
+ // Check if this is a proxy user - we don't apply LDAP filters to proxy
users
+ String proxyUser = SessionManager.getProxyUserName();
+ if (proxyUser != null && !proxyUser.isEmpty()) {
+ LOG.debug("Skipping LDAP filters for proxy user authentication");
+ return;
+ }
+
+ Filter filter = LdapAuthenticationProviderImpl.resolveFilter(hiveConf);
Review Comment:
The following codes are similar to LdapGroupCallbackHandler, can we extract
them to a new singleton class?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
