[
https://issues.apache.org/jira/browse/CALCITE-1539?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15954372#comment-15954372
]
Shi Wang commented on CALCITE-1539:
-----------------------------------
Hi [~elserj],
For the test case, I think it will be something like a combination of
BasicAuthHttpServerTest and HttpServerSpnegoWithJaasTest right? In this case
the remoteUserExtractor variable will only be set to a nondefault value when
authentication type is SPNEGO.
So probably need to wrap kerberos credential before calling readWriteData()?
Another thing is extract method will need to throw exception, because in
phoenix case will throw authorization error, and if authorization failed should
not extract any user and just show the error right?
public interface RemoteUserExtractor extends Callable<HttpServletRequest> {
String extract(HttpServletRequest request) throw Exception;
}
> Enable proxy access to Avatica server for third party on behalf of end users
> ----------------------------------------------------------------------------
>
> Key: CALCITE-1539
> URL: https://issues.apache.org/jira/browse/CALCITE-1539
> Project: Calcite
> Issue Type: Improvement
> Components: avatica
> Reporter: Jerry He
> Assignee: Shi Wang
> Attachments:
> 0001-CALCITE-1539-Enable-proxy-access-to-Avatica-server-f.patch,
> 0001-CALCITE-1539.patch, 0001-CALCITE-1539_without_testcase.patch
>
>
> We want to enable proxy access to Avatica server from an end user, but the
> end user comes in via a third party impersonation. For example, Knox and Hue.
> The Knox server user conveys the end user to Avatica.
> Similar things have been done for HBase Rest Sever HBASE-9866 and Hive Server
> HIVE-5155
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
