[
https://issues.apache.org/jira/browse/CALCITE-1025?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15056601#comment-15056601
]
Phillip Rhodes commented on CALCITE-1025:
-----------------------------------------
Sure, I can do a pull request. Didn't realize the Calcite team worked that
way. It'll take me a little while, as I need to go back and take out the
println statements and cruft I added as I was working through this.
> Add support for HTTP Basic auth (for proxies) in Avatica HTTP Client
> --------------------------------------------------------------------
>
> Key: CALCITE-1025
> URL: https://issues.apache.org/jira/browse/CALCITE-1025
> Project: Calcite
> Issue Type: Improvement
> Components: avatica
> Reporter: Phillip Rhodes
> Assignee: Julian Hyde
> Attachments: AvaticaConnection.patch, Driver.patch,
> RemoteService.patch
>
>
> Avatica serves as the base for the Phoenix "thin" JDBC driver, and supports a
> JSON over HTTP protocol. Being that it is HTTP, it would be desirable to
> support standard HTTP mechanisms like HTTP BASIC authentication, which is
> required by some proxy servers (for example, Knox).
> In particular, I've been working on deploying Phoenix behind Knox with Knox
> mediating JDBC access using the "thin" driver based on Avatica. In order to
> make this work, I had to make a small change to Avatica in order to take the
> supplied credentials and construct an Authorization header, and add it to the
> HTTP request.
> I have made this change and verified that it works, and would like to propose
> merging it into the Avatica source. I have two versions, one made against
> HEAD and another which is a backport to an older version of Avatica (turns
> out this was needed for the specific environment we were deploying in).
> It is a fairly small change, totaling about 10-15 lines of code, and - as far
> as I can tell - should be totally non-invasive to existing users of Avatica.
> Basically I just add the HTTP Authorization header IF a username/password
> combo is present, and do nothing otherwise. If it is desired, we could also
> wrap this code in a parameter based on a query string parameter or something.
> Maybe "enableProxyAuth=true" or something along those lines.
> I'll attach the actual modified code shortly, but in the meantime wanted to
> start a discussion around this proposed change. I have run this by some
> people inside HortonWorks and they are in favor of implementing this so that
> it can become part of HDP. Being able to use Knox (or, in theory, any other
> proxy server) to mediate JDBC access to Phoenix seems to be a desirable
> thing. Thoughts?
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
