private String getPrincipalWithoutRealmAndHost(String fullPrincipal)
throws HttpAuthenticationException {
KerberosNameShim fullKerberosName;
try {
fullKerberosName = ShimLoader.getHadoopShims().getKerberosNameShim(fullPrincipal);
return fullKerberosName.getShortName();
} catch (IOException e) {
throw new HttpAuthenticationException(e);
}
}
private String getPrincipalWithoutRealm(String fullPrincipal)
throws HttpAuthenticationException {
KerberosNameShim fullKerberosName;
try {
fullKerberosName = ShimLoader.getHadoopShims().getKerberosNameShim(fullPrincipal);
} catch (IOException e) {
throw new HttpAuthenticationException(e);
}
String serviceName = fullKerberosName.getServiceName();
String hostName = fullKerberosName.getHostName();
String principalWithoutRealm = serviceName;
if (hostName != null) {
principalWithoutRealm = serviceName + "/" + hostName;
}
return principalWithoutRealm;
}
public static void verifyProxyAccess(
String realUser, String proxyUser, String ipAddress, HiveConf hiveConf)
throws HiveSQLException {
try {
UserGroupInformation sessionUgi;
if (ShimLoader.getHadoopShims().isSecurityEnabled()) {
KerberosNameShim kerbName = ShimLoader.getHadoopShims().getKerberosNameShim(realUser);
String shortPrincipalName = kerbName.getServiceName();
sessionUgi = ShimLoader.getHadoopShims().createProxyUser(shortPrincipalName);
} else {
sessionUgi = ShimLoader.getHadoopShims().createRemoteUser(realUser, null);
}
if (!proxyUser.equalsIgnoreCase(realUser)) {
ShimLoader.getHadoopShims()
.authorizeProxyAccess(proxyUser, sessionUgi, ipAddress, hiveConf);
}
} catch (IOException e) {
throw new HiveSQLException(
"Failed to validate proxy privilege of " + realUser + " for " + proxyUser, "08S01", e);
}
}
