[
https://issues.apache.org/jira/browse/CALCITE-1539?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15895216#comment-15895216
]
Shi Wang commented on CALCITE-1539:
-----------------------------------
Hi [~elserj],
I will work on the test cases soon, but before that wanna check with you if the
implementation misses something or if that's the solution expected.
So I add another param remoteUserExtractor in the builder, and change method
withImpersonation() to pass in an additional customer provided
remoteUserExtractor argument, to add the correct remoteUserExtractor in the
AvaticaServerConfig, but this is only added when it is using spnego
authentication. Not sure if impersonation is needed for other kinds of
authentication. But seems for other types of authentication configuration will
set supportsImpersonation to false so will not execute remoteExtract anyway, I
just add it in the case of spengo.
> Enable proxy access to Avatica server for third party on behalf of end users
> ----------------------------------------------------------------------------
>
> Key: CALCITE-1539
> URL: https://issues.apache.org/jira/browse/CALCITE-1539
> Project: Calcite
> Issue Type: Improvement
> Components: avatica
> Reporter: Jerry He
> Assignee: Shi Wang
> Attachments:
> 0001-CALCITE-1539-Enable-proxy-access-to-Avatica-server-f.patch,
> 0001-CALCITE-1539_without_testcase.patch
>
>
> We want to enable proxy access to Avatica server from an end user, but the
> end user comes in via a third party impersonation. For example, Knox and Hue.
> The Knox server user conveys the end user to Avatica.
> Similar things have been done for HBase Rest Sever HBASE-9866 and Hive Server
> HIVE-5155
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
