HIVE-11001 : HS2 http cookie mode does not honor doAs url parameter (Thejas Nair , reviewed by Hari Sankar Sivarama Subramaniyan )
Project: http://git-wip-us.apache.org/repos/asf/hive/repo Commit: http://git-wip-us.apache.org/repos/asf/hive/commit/77978f30 Tree: http://git-wip-us.apache.org/repos/asf/hive/tree/77978f30 Diff: http://git-wip-us.apache.org/repos/asf/hive/diff/77978f30 Branch: refs/heads/spark Commit: 77978f301deb231c6e139558ee7fd239276ad8aa Parents: c338059 Author: Thejas Nair <the...@hortonworks.com> Authored: Sun Jun 14 17:01:10 2015 -0700 Committer: Thejas Nair <the...@hortonworks.com> Committed: Sun Jun 14 17:01:29 2015 -0700 ---------------------------------------------------------------------- .../hadoop/hive/ql/session/SessionState.java | 3 +++ .../service/cli/thrift/ThriftHttpServlet.java | 18 ++++++++++++------ 2 files changed, 15 insertions(+), 6 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/hive/blob/77978f30/ql/src/java/org/apache/hadoop/hive/ql/session/SessionState.java ---------------------------------------------------------------------- diff --git a/ql/src/java/org/apache/hadoop/hive/ql/session/SessionState.java b/ql/src/java/org/apache/hadoop/hive/ql/session/SessionState.java index 5067f06..37d856c 100644 --- a/ql/src/java/org/apache/hadoop/hive/ql/session/SessionState.java +++ b/ql/src/java/org/apache/hadoop/hive/ql/session/SessionState.java @@ -338,6 +338,9 @@ public class SessionState { public SessionState(HiveConf conf, String userName) { this.conf = conf; this.userName = userName; + if (LOG.isDebugEnabled()) { + LOG.debug("SessionState user: " + userName); + } isSilent = conf.getBoolVar(HiveConf.ConfVars.HIVESESSIONSILENT); ls = new LineageState(); resourceMaps = new ResourceMaps(); http://git-wip-us.apache.org/repos/asf/hive/blob/77978f30/service/src/java/org/apache/hive/service/cli/thrift/ThriftHttpServlet.java ---------------------------------------------------------------------- diff --git a/service/src/java/org/apache/hive/service/cli/thrift/ThriftHttpServlet.java b/service/src/java/org/apache/hive/service/cli/thrift/ThriftHttpServlet.java index e1166d3..56c8cb6 100644 --- a/service/src/java/org/apache/hive/service/cli/thrift/ThriftHttpServlet.java +++ b/service/src/java/org/apache/hive/service/cli/thrift/ThriftHttpServlet.java @@ -134,11 +134,6 @@ public class ThriftHttpServlet extends TServlet { // For a kerberos setup if (isKerberosAuthMode(authType)) { clientUserName = doKerberosAuth(request); - String doAsQueryParam = getDoAsQueryParam(request.getQueryString()); - - if (doAsQueryParam != null) { - SessionManager.setProxyUserName(doAsQueryParam); - } } // For password based authentication else { @@ -146,8 +141,16 @@ public class ThriftHttpServlet extends TServlet { } } LOG.debug("Client username: " + clientUserName); + // Set the thread local username to be used for doAs if true SessionManager.setUserName(clientUserName); + + // find proxy user if any from query param + String doAsQueryParam = getDoAsQueryParam(request.getQueryString()); + if (doAsQueryParam != null) { + SessionManager.setProxyUserName(doAsQueryParam); + } + clientIpAddress = request.getRemoteAddr(); LOG.debug("Client IP Address: " + clientIpAddress); // Set the thread local ip address @@ -225,7 +228,7 @@ public class ThriftHttpServlet extends TServlet { LOG.debug("Validated the cookie for user " + userName); } return userName; - } + } } // No valid HS2 generated cookies found, return null return null; @@ -522,6 +525,9 @@ public class ThriftHttpServlet extends TServlet { } private static String getDoAsQueryParam(String queryString) { + if (LOG.isDebugEnabled()) { + LOG.debug("URL query string:" + queryString); + } if (queryString == null) { return null; }
