[
https://issues.apache.org/jira/browse/CALCITE-1539?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15830814#comment-15830814
]
Josh Elser commented on CALCITE-1539:
-------------------------------------
bq. I am thinking that Avatica should act as pass-thru to the Avatica
implementation (PQS)
I'm not 100% sure I understand your statement, but I think we're on the same
page.
Avatica can *only* perform perform authentication of the HTTP request.
Presently, options for this are: no authentication, basic auth, digest auth, or
SPNEGO.
Authorization of a user to access the system in the context of impersonation is
always delegated to the implementation (as Avatica can't know how the
implementation wants to handle impersonation rules).
> Enable proxy access to Avatica server for third party on behalf of end users
> ----------------------------------------------------------------------------
>
> Key: CALCITE-1539
> URL: https://issues.apache.org/jira/browse/CALCITE-1539
> Project: Calcite
> Issue Type: Improvement
> Components: avatica
> Reporter: Jerry He
> Assignee: Josh Elser
> Attachments:
> 0001-CALCITE-1539-Enable-proxy-access-to-Avatica-server-f.patch
>
>
> We want to enable proxy access to Avatica server from an end user, but the
> end user comes in via a third party impersonation. For example, Knox and Hue.
> The Knox server user conveys the end user to Avatica.
> Similar things have been done for HBase Rest Sever HBASE-9866 and Hive Server
> HIVE-5155
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
