Example 1 with UserCredentials
use of org.apache.drill.exec.proto.UserBitShared.UserCredentials in project drill by apache.
the class InboundImpersonationManager method replaceUserOnSession.
/**
* Check if the current session user, as a proxy user, is authorized to impersonate the given target user
* based on the system's impersonation policies.
*
* @param targetName target user name
* @param session user session
*/
public void replaceUserOnSession(final String targetName, final UserSession session) {
final String policiesString = session.getOptions().getOption(ExecConstants.IMPERSONATION_POLICY_VALIDATOR);
if (!policiesString.equals(this.policiesString)) {
try {
impersonationPolicies = deserializeImpersonationPolicies(policiesString);
this.policiesString = policiesString;
} catch (final IOException e) {
// This never happens. Impersonation policies must have been validated.
logger.warn("Impersonation policies must have been validated.");
throw new DrillRuntimeException("Failure while checking for impersonation policies.", e);
}
}
final String proxyName = session.getCredentials().getUserName();
if (!hasImpersonationPrivileges(proxyName, targetName, impersonationPolicies)) {
throw UserException.permissionError().message("Proxy user '%s' is not authorized to impersonate target user '%s'.", proxyName, targetName).build(logger);
}
// replace session's user credentials
final UserCredentials newCredentials = UserCredentials.newBuilder().setUserName(targetName).build();
session.replaceUserCredentials(this, newCredentials);
}
Also used :
UserCredentials(org.apache.drill.exec.proto.UserBitShared.UserCredentials)
IOException(java.io.IOException)
DrillRuntimeException(org.apache.drill.common.exceptions.DrillRuntimeException)
Aggregations
IOException (java.io.IOException)1
DrillRuntimeException (org.apache.drill.common.exceptions.DrillRuntimeException)1
UserCredentials (org.apache.drill.exec.proto.UserBitShared.UserCredentials)1
