Search in sources :

Example 1 with HiveAuthorizerFactory

use of org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizerFactory in project hive by apache.

the class TestSQLStdHiveAccessControllerCLI method testAuthEnable.

/**
   * Verify that no exception is thrown if authorization is enabled from hive cli,
   * when sql std auth is used
   */
@Test
public void testAuthEnable() throws Exception {
    HiveConf processedConf = new HiveConf();
    processedConf.setBoolVar(ConfVars.HIVE_AUTHORIZATION_ENABLED, true);
    HiveAuthorizerFactory authorizerFactory = new SQLStdHiveAuthorizerFactory();
    HiveAuthorizer authorizer = authorizerFactory.createHiveAuthorizer(null, processedConf, new HadoopDefaultAuthenticator(), getCLISessionCtx());
}
Also used : HiveAuthorizerFactory(org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizerFactory) HiveAuthorizer(org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizer) HiveConf(org.apache.hadoop.hive.conf.HiveConf) HadoopDefaultAuthenticator(org.apache.hadoop.hive.ql.security.HadoopDefaultAuthenticator) Test(org.junit.Test)

Example 2 with HiveAuthorizerFactory

use of org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizerFactory in project hive by apache.

the class HiveUtils method getAuthorizerFactory.

/**
   * Return HiveAuthorizerFactory used by new authorization plugin interface.
   * @param conf
   * @param authorizationProviderConfKey
   * @return
   * @throws HiveException if HiveAuthorizerFactory specified in configuration could not
   */
public static HiveAuthorizerFactory getAuthorizerFactory(Configuration conf, HiveConf.ConfVars authorizationProviderConfKey) throws HiveException {
    Class<? extends HiveAuthorizerFactory> cls = conf.getClass(authorizationProviderConfKey.varname, SQLStdHiveAuthorizerFactory.class, HiveAuthorizerFactory.class);
    if (cls == null) {
        //should not happen as default value is set
        throw new HiveException("Configuration value " + authorizationProviderConfKey.varname + " is not set to valid HiveAuthorizerFactory subclass");
    }
    HiveAuthorizerFactory authFactory = ReflectionUtils.newInstance(cls, conf);
    return authFactory;
}
Also used : HiveAuthorizerFactory(org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizerFactory) SQLStdHiveAuthorizerFactory(org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactory)

Example 3 with HiveAuthorizerFactory

use of org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizerFactory in project hive by apache.

the class ResourceMaps method setupAuth.

/**
   * Setup authentication and authorization plugins for this session.
   */
private void setupAuth() {
    if (authenticator != null) {
        // auth has been initialized
        return;
    }
    try {
        authenticator = HiveUtils.getAuthenticator(sessionConf, HiveConf.ConfVars.HIVE_AUTHENTICATOR_MANAGER);
        authenticator.setSessionState(this);
        String clsStr = HiveConf.getVar(sessionConf, HiveConf.ConfVars.HIVE_AUTHORIZATION_MANAGER);
        authorizer = HiveUtils.getAuthorizeProviderManager(sessionConf, clsStr, authenticator, true);
        if (authorizer == null) {
            // if it was null, the new (V2) authorization plugin must be specified in
            // config
            HiveAuthorizerFactory authorizerFactory = HiveUtils.getAuthorizerFactory(sessionConf, HiveConf.ConfVars.HIVE_AUTHORIZATION_MANAGER);
            HiveAuthzSessionContext.Builder authzContextBuilder = new HiveAuthzSessionContext.Builder();
            authzContextBuilder.setClientType(isHiveServerQuery() ? CLIENT_TYPE.HIVESERVER2 : CLIENT_TYPE.HIVECLI);
            authzContextBuilder.setSessionString(getSessionId());
            authorizerV2 = authorizerFactory.createHiveAuthorizer(new HiveMetastoreClientFactoryImpl(), sessionConf, authenticator, authzContextBuilder.build());
            setAuthorizerV2Config();
        }
        // create the create table grants with new config
        createTableGrants = CreateTableAutomaticGrant.create(sessionConf);
    } catch (HiveException e) {
        LOG.error("Error setting up authorization: " + e.getMessage(), e);
        throw new RuntimeException(e);
    }
    if (LOG.isDebugEnabled()) {
        Object authorizationClass = getActiveAuthorizer();
        LOG.debug("Session is using authorization class " + authorizationClass.getClass());
    }
    return;
}
Also used : HiveAuthorizerFactory(org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizerFactory) HiveException(org.apache.hadoop.hive.ql.metadata.HiveException) HiveAuthzSessionContext(org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzSessionContext) HiveMetastoreClientFactoryImpl(org.apache.hadoop.hive.ql.security.authorization.plugin.HiveMetastoreClientFactoryImpl)

Aggregations

HiveAuthorizerFactory (org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizerFactory)3 HiveConf (org.apache.hadoop.hive.conf.HiveConf)1 HiveException (org.apache.hadoop.hive.ql.metadata.HiveException)1 HadoopDefaultAuthenticator (org.apache.hadoop.hive.ql.security.HadoopDefaultAuthenticator)1 HiveAuthorizer (org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizer)1 HiveAuthzSessionContext (org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzSessionContext)1 HiveMetastoreClientFactoryImpl (org.apache.hadoop.hive.ql.security.authorization.plugin.HiveMetastoreClientFactoryImpl)1 SQLStdHiveAuthorizerFactory (org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactory)1 Test (org.junit.Test)1