[
https://issues.apache.org/jira/browse/CALCITE-1539?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15933281#comment-15933281
]
Shi Wang commented on CALCITE-1539:
-----------------------------------
Hi [~elserj] , please check the new patch.
I understand the two cases you mentioned should be done, for example, on
Phoenix side. I think we could have something like a PhoenixRemoteUserExtractor
which implements RemoteUserExtractor and pass it when build http server.
And in PhoenixRemoteUserExtractor it is determined by phoenix of which user
extractor method it should use.
One thing I am not clear is you suggested using RemoteUserExtractor extends
Callable, what's the advantage here?
> Enable proxy access to Avatica server for third party on behalf of end users
> ----------------------------------------------------------------------------
>
> Key: CALCITE-1539
> URL: https://issues.apache.org/jira/browse/CALCITE-1539
> Project: Calcite
> Issue Type: Improvement
> Components: avatica
> Reporter: Jerry He
> Assignee: Shi Wang
> Attachments:
> 0001-CALCITE-1539-Enable-proxy-access-to-Avatica-server-f.patch,
> 0001-CALCITE-1539.patch, 0001-CALCITE-1539_without_testcase.patch
>
>
> We want to enable proxy access to Avatica server from an end user, but the
> end user comes in via a third party impersonation. For example, Knox and Hue.
> The Knox server user conveys the end user to Avatica.
> Similar things have been done for HBase Rest Sever HBASE-9866 and Hive Server
> HIVE-5155
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
