[
https://issues.apache.org/jira/browse/DRILL-4281?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15179126#comment-15179126
]
ASF GitHub Bot commented on DRILL-4281:
---------------------------------------
Github user vkorukanti commented on a diff in the pull request:
https://github.com/apache/drill/pull/400#discussion_r54979630
--- Diff:
exec/java-exec/src/test/java/org/apache/drill/exec/rpc/user/security/testing/UserAuthenticatorToTestDelegation.java
---
@@ -0,0 +1,72 @@
+package org.apache.drill.exec.rpc.user.security.testing;
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+import org.apache.drill.common.config.DrillConfig;
+import org.apache.drill.exec.exception.DrillbitStartupException;
+import org.apache.drill.exec.rpc.user.security.UserAuthenticationException;
+import org.apache.drill.exec.rpc.user.security.UserAuthenticator;
+import org.apache.drill.exec.rpc.user.security.UserAuthenticatorTemplate;
+import org.apache.drill.exec.util.ImpersonationUtil;
+
+import java.io.IOException;
+
+import static org.apache.drill.exec.delegation.TestUserDelegation.OWNER;
+import static
org.apache.drill.exec.delegation.TestUserDelegation.OWNER_PASSWORD;
+import static
org.apache.drill.exec.delegation.TestUserDelegation.DELEGATOR_NAME;
+import static
org.apache.drill.exec.delegation.TestUserDelegation.DELEGATOR_PASSWORD;
+import static
org.apache.drill.exec.delegation.TestUserDelegation.DELEGATE_NAME;
+import static
org.apache.drill.exec.delegation.TestUserDelegation.DELEGATE_PASSWORD;
+
+/**
+ * Used by {@link org.apache.drill.exec.delegation.TestUserDelegation}.
+ *
+ * Needs to be in this package.
+ */
+@UserAuthenticatorTemplate(type = UserAuthenticatorToTestDelegation.TYPE)
+public class UserAuthenticatorToTestDelegation implements
UserAuthenticator {
--- End diff --
Can you add the new users to existing test authenticator impl
UserAuthenticatorTestImpl.class?
> Drill should support inbound impersonation
> ------------------------------------------
>
> Key: DRILL-4281
> URL: https://issues.apache.org/jira/browse/DRILL-4281
> Project: Apache Drill
> Issue Type: Improvement
> Reporter: Keys Botzum
> Assignee: Sudheesh Katkam
> Labels: doc-impacting, security
>
> Today Drill supports impersonation *to* external sources. For example I can
> authenticate to Drill as myself and then Drill will access HDFS using
> impersonation
> In many scenarios we also need impersonation to Drill. For example I might
> use some front end tool (such as Tableau) and authenticate to it as myself.
> That tool (server version) then needs to access Drill to perform queries and
> I want those queries to run as myself, not as the Tableau user. While in
> theory the intermediate tool could store the userid & password for every user
> to the Drill this isn't a scalable or very secure solution.
> Note that HS2 today does support inbound impersonation as described here:
> https://issues.apache.org/jira/browse/HIVE-5155
> The above is not the best approach as it is tied to the connection object
> which is very coarse grained and potentially expensive. It would be better if
> there was a call on the ODBC/JDBC driver to switch the identity on a existing
> connection. Most modern SQL databases (Oracle, DB2) support such function.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
