thrift-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Vlad Gudikov <vgoo...@gmail.com>
Subject Thrift SaslServer doesn't return impersonated user when sasl enabled
Date Fri, 15 Sep 2017 07:47:30 GMT
down votefavorite
<https://stackoverflow.com/questions/46234365/thrift-saslserver-doesnt-return-impersonated-user-when-sasl-enabled#>

Currently I've got some client code that have impersonation using
UserGroupInformation.

UserGroupInformation ugi =
UserGroupInformation.createProxyUser("user",
UserGroupInformation.getCurrentUser());
        ugi.doAs(new PrivilegedExceptionAction<Void>() {
            @Override
            public Void run() throws Exception {

We have Sasl Server that is trying to authorize user as follows:

TTransport trans = inProt.getTransport();
        if (!(trans instanceof TSaslServerTransport)) {
          throw new TException("Unexpected non-SASL transport " +
trans.getClass());
        }
        TSaslServerTransport saslTrans = (TSaslServerTransport)trans;
        SaslServer saslServer = saslTrans.getSaslServer();
        String authId = saslServer.getAuthorizationID();

Method saslServer.getAuthorizationID()always returns a proxyUser(that
impersonates other user) that we get from
UserGroupInformation.getCurrentUser(). Is this possible to somehow get user
that should be impersonated?

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message