thrift-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Vlad Gudikov <>
Subject Thrift SaslServer doesn't return impersonated user when sasl enabled
Date Fri, 15 Sep 2017 07:47:30 GMT
down votefavorite

Currently I've got some client code that have impersonation using

UserGroupInformation ugi =
        ugi.doAs(new PrivilegedExceptionAction<Void>() {
            public Void run() throws Exception {

We have Sasl Server that is trying to authorize user as follows:

TTransport trans = inProt.getTransport();
        if (!(trans instanceof TSaslServerTransport)) {
          throw new TException("Unexpected non-SASL transport " +
        TSaslServerTransport saslTrans = (TSaslServerTransport)trans;
        SaslServer saslServer = saslTrans.getSaslServer();
        String authId = saslServer.getAuthorizationID();

Method saslServer.getAuthorizationID()always returns a proxyUser(that
impersonates other user) that we get from
UserGroupInformation.getCurrentUser(). Is this possible to somehow get user
that should be impersonated?

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message