[jira] [Updated] (HIVE-13418) HiveServer2 HTTP mode should support X-Forwarded-Host header for authorization/audits

Mon, 04 Apr 2016 23:22:34 -0700 

     [ 
https://issues.apache.org/jira/browse/HIVE-13418?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Thejas M Nair updated HIVE-13418:
---------------------------------
    Description: 
Apache Knox acts as a proxy for requests coming from the end users. In these 
cases, the IP address that HiveServer2 passes to the authorization/audit 
plugins via the HiveAuthzContext object is the IP address of the proxy, and not 
the end user.

For auditing and authorization purposes, the IP address of the end use is more 
meaningful.
HiveServer2 should pass the information from  'X-Forwarded-Host' header to the 
HiveAuthorizer plugins if the request is coming from a trusted proxy.


  was:
Apache Knox acts as a proxy for requests coming from the end users. In these 
cases, the IP address that HiveServer2 passes to the authorization/audit 
plugins via the HiveAuthzContext object is the IP address of the proxy, and not 
the end user.

For auditing and authorization purposes, the IP address of the end use is more 
meaningful.
HiveServer2 should pass the information from  'X-Forward-For' header to the 
HiveAuthorizer plugins if the request is coming from a trusted proxy.



> HiveServer2 HTTP mode should support X-Forwarded-Host header for 
> authorization/audits
> -------------------------------------------------------------------------------------
>
>                 Key: HIVE-13418
>                 URL: https://issues.apache.org/jira/browse/HIVE-13418
>             Project: Hive
>          Issue Type: New Feature
>          Components: Authorization, HiveServer2
>            Reporter: Thejas M Nair
>            Assignee: Thejas M Nair
>
> Apache Knox acts as a proxy for requests coming from the end users. In these 
> cases, the IP address that HiveServer2 passes to the authorization/audit 
> plugins via the HiveAuthzContext object is the IP address of the proxy, and 
> not the end user.
> For auditing and authorization purposes, the IP address of the end use is 
> more meaningful.
> HiveServer2 should pass the information from  'X-Forwarded-Host' header to 
> the HiveAuthorizer plugins if the request is coming from a trusted proxy.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to