Example 6 with AccessControlException
use of java.security.AccessControlException in project hive by apache.
the class SemanticAnalyzer method isPathReadOnly.
/**
* Checks if a given path has read-only access permissions.
*
* @param path The path to check for read-only permissions.
* @return True if the path is read-only; False otherwise.
* @throws HiveException If an error occurs while checking file permissions.
*/
private boolean isPathReadOnly(Path path) throws HiveException {
HiveConf conf = SessionState.get().getConf();
try {
FileSystem fs = path.getFileSystem(conf);
UserGroupInformation ugi = Utils.getUGI();
FileStatus status = fs.getFileStatus(path);
// We just check for writing permissions. If it fails with AccessControException, then it
// means the location may be read-only.
FileUtils.checkFileAccessWithImpersonation(fs, status, FsAction.WRITE, ugi.getUserName());
// Path has writing permissions
return false;
} catch (AccessControlException e) {
// but we take it as if our path is read-only
return true;
} catch (Exception e) {
throw new HiveException("Unable to determine if " + path + " is read only: " + e, e);
}
}
Also used :
FileStatus(org.apache.hadoop.fs.FileStatus)
HiveException(org.apache.hadoop.hive.ql.metadata.HiveException)
FileSystem(org.apache.hadoop.fs.FileSystem)
AccessControlException(java.security.AccessControlException)
HiveConf(org.apache.hadoop.hive.conf.HiveConf)
IOException(java.io.IOException)
CalciteSemanticException(org.apache.hadoop.hive.ql.optimizer.calcite.CalciteSemanticException)
MetaException(org.apache.hadoop.hive.metastore.api.MetaException)
HiveException(org.apache.hadoop.hive.ql.metadata.HiveException)
SerDeException(org.apache.hadoop.hive.serde2.SerDeException)
PatternSyntaxException(java.util.regex.PatternSyntaxException)
FileNotFoundException(java.io.FileNotFoundException)
AccessControlException(java.security.AccessControlException)
InvalidTableException(org.apache.hadoop.hive.ql.metadata.InvalidTableException)
UserGroupInformation(org.apache.hadoop.security.UserGroupInformation)
Example 7 with AccessControlException
use of java.security.AccessControlException in project hive by apache.
the class FileUtils method checkFileAccessWithImpersonation.
/**
* Perform a check to determine if the user is able to access the file passed in.
* If the user name passed in is different from the current user, this method will
* attempt to do impersonate the user to do the check; the current user should be
* able to create proxy users in this case.
* @param fs FileSystem of the path to check
* @param stat FileStatus representing the file
* @param action FsAction that will be checked
* @param user User name of the user that will be checked for access. If the user name
* is null or the same as the current user, no user impersonation will be done
* and the check will be done as the current user. Otherwise the file access
* check will be performed within a doAs() block to use the access privileges
* of this user. In this case the user must be configured to impersonate other
* users, otherwise this check will fail with error.
* @throws IOException
* @throws AccessControlException
* @throws InterruptedException
* @throws Exception
*/
public static void checkFileAccessWithImpersonation(final FileSystem fs, final FileStatus stat, final FsAction action, final String user) throws IOException, AccessControlException, InterruptedException, Exception {
UserGroupInformation ugi = Utils.getUGI();
String currentUser = ugi.getShortUserName();
if (user == null || currentUser.equals(user)) {
// No need to impersonate user, do the checks as the currently configured user.
ShimLoader.getHadoopShims().checkFileAccess(fs, stat, action);
return;
}
// Otherwise, try user impersonation. Current user must be configured to do user impersonation.
UserGroupInformation proxyUser = UserGroupInformation.createProxyUser(user, UserGroupInformation.getLoginUser());
try {
proxyUser.doAs(new PrivilegedExceptionAction<Object>() {
@Override
public Object run() throws Exception {
FileSystem fsAsUser = FileSystem.get(fs.getUri(), fs.getConf());
ShimLoader.getHadoopShims().checkFileAccess(fsAsUser, stat, action);
return null;
}
});
} finally {
FileSystem.closeAllForUGI(proxyUser);
}
}
Also used :
FileSystem(org.apache.hadoop.fs.FileSystem)
LocalFileSystem(org.apache.hadoop.fs.LocalFileSystem)
URISyntaxException(java.net.URISyntaxException)
IOException(java.io.IOException)
FileNotFoundException(java.io.FileNotFoundException)
AccessControlException(java.security.AccessControlException)
UserGroupInformation(org.apache.hadoop.security.UserGroupInformation)
Example 8 with AccessControlException
use of java.security.AccessControlException in project hive by apache.
the class FileUtils method isActionPermittedForFileHierarchy.
public static boolean isActionPermittedForFileHierarchy(FileSystem fs, FileStatus fileStatus, String userName, FsAction action, boolean recurse) throws Exception {
boolean isDir = fileStatus.isDir();
FsAction dirActionNeeded = action;
if (isDir) {
// for dirs user needs execute privileges as well
dirActionNeeded.and(FsAction.EXECUTE);
}
try {
checkFileAccessWithImpersonation(fs, fileStatus, action, userName);
} catch (AccessControlException err) {
// Action not permitted for user
return false;
}
if ((!isDir) || (!recurse)) {
// no sub dirs to be checked
return true;
}
// check all children
FileStatus[] childStatuses = fs.listStatus(fileStatus.getPath());
for (FileStatus childStatus : childStatuses) {
// check children recursively - recurse is true if we're here.
if (!isActionPermittedForFileHierarchy(fs, childStatus, userName, action, true)) {
return false;
}
}
return true;
}
Also used :
FsAction(org.apache.hadoop.fs.permission.FsAction)
FileStatus(org.apache.hadoop.fs.FileStatus)
AccessControlException(java.security.AccessControlException)
Example 9 with AccessControlException
use of java.security.AccessControlException in project tomcat by apache.
the class StandardServer method await.
/**
* Wait until a proper shutdown command is received, then return.
* This keeps the main thread alive - the thread pool listening for http
* connections is daemon threads.
*/
@Override
public void await() {
// Negative values - don't wait on port - tomcat is embedded or we just don't like ports
if (port == -2) {
// undocumented yet - for embedding apps that are around, alive.
return;
}
if (port == -1) {
try {
awaitThread = Thread.currentThread();
while (!stopAwait) {
try {
Thread.sleep(10000);
} catch (InterruptedException ex) {
// continue and check the flag
}
}
} finally {
awaitThread = null;
}
return;
}
// Set up a server socket to wait on
try {
awaitSocket = new ServerSocket(port, 1, InetAddress.getByName(address));
} catch (IOException e) {
log.error("StandardServer.await: create[" + address + ":" + port + "]: ", e);
return;
}
try {
awaitThread = Thread.currentThread();
// Loop waiting for a connection and a valid command
while (!stopAwait) {
ServerSocket serverSocket = awaitSocket;
if (serverSocket == null) {
break;
}
// Wait for the next connection
Socket socket = null;
StringBuilder command = new StringBuilder();
try {
InputStream stream;
long acceptStartTime = System.currentTimeMillis();
try {
socket = serverSocket.accept();
// Ten seconds
socket.setSoTimeout(10 * 1000);
stream = socket.getInputStream();
} catch (SocketTimeoutException ste) {
// This should never happen but bug 56684 suggests that
// it does.
log.warn(sm.getString("standardServer.accept.timeout", Long.valueOf(System.currentTimeMillis() - acceptStartTime)), ste);
continue;
} catch (AccessControlException ace) {
log.warn("StandardServer.accept security exception: " + ace.getMessage(), ace);
continue;
} catch (IOException e) {
if (stopAwait) {
// Wait was aborted with socket.close()
break;
}
log.error("StandardServer.await: accept: ", e);
break;
}
// Read a set of characters from the socket
// Cut off to avoid DoS attack
int expected = 1024;
while (expected < shutdown.length()) {
if (random == null)
random = new Random();
expected += (random.nextInt() % 1024);
}
while (expected > 0) {
int ch = -1;
try {
ch = stream.read();
} catch (IOException e) {
log.warn("StandardServer.await: read: ", e);
ch = -1;
}
// Control character or EOF (-1) terminates loop
if (ch < 32 || ch == 127) {
break;
}
command.append((char) ch);
expected--;
}
} finally {
// Close the socket now that we are done with it
try {
if (socket != null) {
socket.close();
}
} catch (IOException e) {
// Ignore
}
}
// Match against our command string
boolean match = command.toString().equals(shutdown);
if (match) {
log.info(sm.getString("standardServer.shutdownViaPort"));
break;
} else
log.warn("StandardServer.await: Invalid command '" + command.toString() + "' received");
}
} finally {
ServerSocket serverSocket = awaitSocket;
awaitThread = null;
awaitSocket = null;
// Close the server socket and return
if (serverSocket != null) {
try {
serverSocket.close();
} catch (IOException e) {
// Ignore
}
}
}
}
Also used :
SocketTimeoutException(java.net.SocketTimeoutException)
Random(java.util.Random)
InputStream(java.io.InputStream)
AccessControlException(java.security.AccessControlException)
ServerSocket(java.net.ServerSocket)
IOException(java.io.IOException)
Socket(java.net.Socket)
ServerSocket(java.net.ServerSocket)
Example 10 with AccessControlException
use of java.security.AccessControlException in project tomcat by apache.
the class WebappClassLoaderBase method findClass.
/**
* Find the specified class in our local repositories, if possible. If
* not found, throw <code>ClassNotFoundException</code>.
*
* @param name The binary name of the class to be loaded
*
* @exception ClassNotFoundException if the class was not found
*/
@Override
public Class<?> findClass(String name) throws ClassNotFoundException {
if (log.isDebugEnabled())
log.debug(" findClass(" + name + ")");
checkStateForClassLoading(name);
// (1) Permission to define this class when using a SecurityManager
if (securityManager != null) {
int i = name.lastIndexOf('.');
if (i >= 0) {
try {
if (log.isTraceEnabled())
log.trace(" securityManager.checkPackageDefinition");
securityManager.checkPackageDefinition(name.substring(0, i));
} catch (Exception se) {
if (log.isTraceEnabled())
log.trace(" -->Exception-->ClassNotFoundException", se);
throw new ClassNotFoundException(name, se);
}
}
}
// Ask our superclass to locate this class, if possible
// (throws ClassNotFoundException if it is not found)
Class<?> clazz = null;
try {
if (log.isTraceEnabled())
log.trace(" findClassInternal(" + name + ")");
try {
if (securityManager != null) {
PrivilegedAction<Class<?>> dp = new PrivilegedFindClassByName(name);
clazz = AccessController.doPrivileged(dp);
} else {
clazz = findClassInternal(name);
}
} catch (AccessControlException ace) {
log.warn("WebappClassLoader.findClassInternal(" + name + ") security exception: " + ace.getMessage(), ace);
throw new ClassNotFoundException(name, ace);
} catch (RuntimeException e) {
if (log.isTraceEnabled())
log.trace(" -->RuntimeException Rethrown", e);
throw e;
}
if ((clazz == null) && hasExternalRepositories) {
try {
clazz = super.findClass(name);
} catch (AccessControlException ace) {
log.warn("WebappClassLoader.findClassInternal(" + name + ") security exception: " + ace.getMessage(), ace);
throw new ClassNotFoundException(name, ace);
} catch (RuntimeException e) {
if (log.isTraceEnabled())
log.trace(" -->RuntimeException Rethrown", e);
throw e;
}
}
if (clazz == null) {
if (log.isDebugEnabled())
log.debug(" --> Returning ClassNotFoundException");
throw new ClassNotFoundException(name);
}
} catch (ClassNotFoundException e) {
if (log.isTraceEnabled())
log.trace(" --> Passing on ClassNotFoundException");
throw e;
}
// Return the class we have located
if (log.isTraceEnabled())
log.debug(" Returning class " + clazz);
if (log.isTraceEnabled()) {
ClassLoader cl;
if (Globals.IS_SECURITY_ENABLED) {
cl = AccessController.doPrivileged(new PrivilegedGetClassLoader(clazz));
} else {
cl = clazz.getClassLoader();
}
log.debug(" Loaded by " + cl.toString());
}
return (clazz);
}
Also used :
AccessControlException(java.security.AccessControlException)
URLClassLoader(java.net.URLClassLoader)
InstrumentableClassLoader(org.apache.tomcat.InstrumentableClassLoader)
URISyntaxException(java.net.URISyntaxException)
IllegalClassFormatException(java.lang.instrument.IllegalClassFormatException)
LifecycleException(org.apache.catalina.LifecycleException)
AccessControlException(java.security.AccessControlException)
ConcurrentModificationException(java.util.ConcurrentModificationException)
IOException(java.io.IOException)
Aggregations
AccessControlException (java.security.AccessControlException)62
IOException (java.io.IOException)23
Test (org.junit.Test)12
UserGroupInformation (org.apache.hadoop.security.UserGroupInformation)9
ApplicationId (org.apache.hadoop.yarn.api.records.ApplicationId)8
YarnException (org.apache.hadoop.yarn.exceptions.YarnException)7
File (java.io.File)6
InputStream (java.io.InputStream)6
Permission (java.security.Permission)6
ApplicationNotFoundException (org.apache.hadoop.yarn.exceptions.ApplicationNotFoundException)5
UndeclaredThrowableException (java.lang.reflect.UndeclaredThrowableException)4
HashSet (java.util.HashSet)4
RMApp (org.apache.hadoop.yarn.server.resourcemanager.rmapp.RMApp)4
FileNotFoundException (java.io.FileNotFoundException)3
ArrayList (java.util.ArrayList)3
UnsafeCharArrayWriter (jetbrick.template.utils.UnsafeCharArrayWriter)3
FileSystem (org.apache.hadoop.fs.FileSystem)3
BufferedInputStream (java.io.BufferedInputStream)2
ByteArrayInputStream (java.io.ByteArrayInputStream)2
FileInputStream (java.io.FileInputStream)2
