Skip to content

Commit

Permalink
Passing full username to session
Browse files Browse the repository at this point in the history
  • Loading branch information
avishnus committed Oct 21, 2024
1 parent 04f4437 commit d4c4f63
Show file tree
Hide file tree
Showing 2 changed files with 15 additions and 12 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -142,16 +142,16 @@ abstract class TFrontendService(name: String)
* The real user is the user used for session authentication.
* The session user is the proxy user if proxy user is provided, otherwise is the real user.
*/
protected def getRealUserAndSessionUser(req: TOpenSessionReq): (String, String) = {
val realUser: String =
ServiceUtils.getShortName(authFactory.getRemoteUser.getOrElse(req.getUsername))
protected def getRealUserAndSessionUser(req: TOpenSessionReq): (String, String, String) = {
val fullUsername: String = authFactory.getRemoteUser.getOrElse(req.getUsername)
val realUser: String = ServiceUtils.getShortName(fullUsername)
val sessionUser =
if (req.getConfiguration == null) {
realUser
} else {
getProxyUser(req.getConfiguration, authFactory.getIpAddress.orNull, realUser)
}
realUser -> sessionUser
(fullUsername, realUser, sessionUser)
}

protected def getIpAddress: String = {
Expand All @@ -166,14 +166,16 @@ abstract class TFrontendService(name: String)
protected def getSessionHandle(req: TOpenSessionReq, res: TOpenSessionResp): SessionHandle = {
val protocol = getMinVersion(SERVER_VERSION, req.getClient_protocol)
res.setServerProtocolVersion(protocol)
val (realUser, sessionUser) = getRealUserAndSessionUser(req)
val (fullUsername, realUser, sessionUser) = getRealUserAndSessionUser(req)
val ipAddress = getIpAddress
val configuration =
Map(KYUUBI_CLIENT_IP_KEY -> ipAddress, KYUUBI_SERVER_IP_KEY -> serverAddr.getHostAddress) ++
Option(req.getConfiguration).map(_.asScala.toMap).getOrElse(Map.empty[String, String]) ++
Map(
KYUUBI_SESSION_CONNECTION_URL_KEY -> connectionUrl,
KYUUBI_SESSION_REAL_USER_KEY -> realUser)
KYUUBI_SESSION_REAL_USER_KEY -> realUser,
"kyuubi.session.full.user" -> fullUsername
) // Add full username here
val sessionHandle = be.openSession(
protocol,
sessionUser,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -335,18 +335,19 @@ final class KyuubiTHttpFrontendService(
}
}

override protected def getRealUserAndSessionUser(req: TOpenSessionReq): (String, String) = {
val realUser = getShortName(Option(AuthenticationFilter.getUserName)
.getOrElse(req.getUsername))
// using the remote ip address instead of that in proxy http header for authentication
override protected def getRealUserAndSessionUser(req: TOpenSessionReq)
: (String, String, String) = {
val fullUsername = Option(AuthenticationFilter.getUserName).getOrElse(req.getUsername)
val realUser = getShortName(fullUsername)
// using the remote IP address instead of that in proxy HTTP header for authentication
val ipAddress: String = AuthenticationFilter.getUserIpAddress
val sessionUser: String = if (req.getConfiguration == null) {
realUser
} else {
getProxyUser(req.getConfiguration, ipAddress, realUser)
}
debug(s"Client's real user: $realUser, session user: $sessionUser")
realUser -> sessionUser
debug(s"Client's full user: $fullUsername, real user: $realUser, session user: $sessionUser")
(fullUsername, realUser, sessionUser)
}

private def getShortName(userName: String): String = {
Expand Down

0 comments on commit d4c4f63

Please sign in to comment.