Example 1 with InboundImpersonationManager
use of org.apache.drill.exec.rpc.user.InboundImpersonationManager in project drill by apache.
the class BaseQueryRunner method applyUserName.
protected void applyUserName(String userName) {
if (!Strings.isNullOrEmpty(userName)) {
DrillConfig config = workManager.getContext().getConfig();
if (!config.getBoolean(ExecConstants.IMPERSONATION_ENABLED)) {
throw UserException.permissionError().message("User impersonation is not enabled").build(logger);
}
InboundImpersonationManager inboundImpersonationManager = new InboundImpersonationManager();
boolean isAdmin = !config.getBoolean(ExecConstants.USER_AUTHENTICATION_ENABLED) || ImpersonationUtil.hasAdminPrivileges(webUserConnection.getSession().getCredentials().getUserName(), ExecConstants.ADMIN_USERS_VALIDATOR.getAdminUsers(options), ExecConstants.ADMIN_USER_GROUPS_VALIDATOR.getAdminUserGroups(options));
if (isAdmin) {
// Admin user can impersonate any user they want to (when authentication is disabled, all users are admin)
webUserConnection.getSession().replaceUserCredentials(inboundImpersonationManager, UserBitShared.UserCredentials.newBuilder().setUserName(userName).build());
} else {
// Check configured impersonation rules to see if this user is allowed to impersonate the given user
inboundImpersonationManager.replaceUserOnSession(userName, webUserConnection.getSession());
}
}
}
Also used :
DrillConfig(org.apache.drill.common.config.DrillConfig)
InboundImpersonationManager(org.apache.drill.exec.rpc.user.InboundImpersonationManager)
Aggregations
DrillConfig (org.apache.drill.common.config.DrillConfig)1
InboundImpersonationManager (org.apache.drill.exec.rpc.user.InboundImpersonationManager)1
