Esempio n. 1
0
  /**
   * If authorization mode is v2, then pass it through authorizer so that it can apply any security
   * configuration changes.
   */
  public void applyAuthorizationPolicy() throws HiveException {
    if (!isAuthorizationModeV2()) {
      // auth v1 interface does not have this functionality
      return;
    }

    // avoid processing the same config multiple times, check marker
    if (conf.get(CONFIG_AUTHZ_SETTINGS_APPLIED_MARKER, "").equals(Boolean.TRUE.toString())) {
      return;
    }

    authorizerV2.applyAuthorizationConfigPolicy(conf);
    // set a marker that this conf has been processed.
    conf.set(CONFIG_AUTHZ_SETTINGS_APPLIED_MARKER, Boolean.TRUE.toString());
  }
Esempio n. 2
0
  /** Setup authentication and authorization plugins for this session. */
  private void setupAuth() {

    if (authenticator != null) {
      // auth has been initialized
      return;
    }

    try {
      authenticator =
          HiveUtils.getAuthenticator(conf, HiveConf.ConfVars.HIVE_AUTHENTICATOR_MANAGER);
      authenticator.setSessionState(this);

      String clsStr = HiveConf.getVar(conf, HiveConf.ConfVars.HIVE_AUTHORIZATION_MANAGER);
      authorizer = HiveUtils.getAuthorizeProviderManager(conf, clsStr, authenticator, true);

      if (authorizer == null) {
        // if it was null, the new authorization plugin must be specified in
        // config
        HiveAuthorizerFactory authorizerFactory =
            HiveUtils.getAuthorizerFactory(conf, HiveConf.ConfVars.HIVE_AUTHORIZATION_MANAGER);

        HiveAuthzSessionContext.Builder authzContextBuilder = new HiveAuthzSessionContext.Builder();
        authzContextBuilder.setClientType(
            isHiveServerQuery() ? CLIENT_TYPE.HIVESERVER2 : CLIENT_TYPE.HIVECLI);
        authzContextBuilder.setSessionString(getSessionId());

        authorizerV2 =
            authorizerFactory.createHiveAuthorizer(
                new HiveMetastoreClientFactoryImpl(),
                conf,
                authenticator,
                authzContextBuilder.build());

        authorizerV2.applyAuthorizationConfigPolicy(conf);
      }
      // create the create table grants with new config
      createTableGrants = CreateTableAutomaticGrant.create(conf);

    } catch (HiveException e) {
      throw new RuntimeException(e);
    }

    if (LOG.isDebugEnabled()) {
      Object authorizationClass = getActiveAuthorizer();
      LOG.debug("Session is using authorization class " + authorizationClass.getClass());
    }
    return;
  }