use of org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzContext in project hive by apache.
the class TestThriftHttpCLIServiceFeatures method verifyForwardedHeaders.
private void verifyForwardedHeaders(ArrayList<String> headerIPs, String cmd) throws Exception {
TTransport transport;
DefaultHttpClient hClient = new DefaultHttpClient();
String httpUrl = getHttpUrl();
// add an interceptor that adds the X-Forwarded-For header with given ips
if (!headerIPs.isEmpty()) {
Header xForwardHeader = new BasicHeader("X-Forwarded-For", Joiner.on(",").join(headerIPs));
RequestDefaultHeaders headerInterceptor = new RequestDefaultHeaders(Arrays.asList(xForwardHeader));
hClient.addRequestInterceptor(headerInterceptor);
}
// interceptor for adding username, pwd
HttpBasicAuthInterceptor authInt = new HttpBasicAuthInterceptor(ThriftCLIServiceTest.USERNAME, ThriftCLIServiceTest.PASSWORD, null, null, false, null);
hClient.addRequestInterceptor(authInt);
transport = new THttpClient(httpUrl, hClient);
TCLIService.Client httpClient = getClient(transport);
// Create a new open session request object
TOpenSessionReq openReq = new TOpenSessionReq();
TOpenSessionResp openResp = httpClient.OpenSession(openReq);
//execute a query
TExecuteStatementReq execReq = new TExecuteStatementReq(openResp.getSessionHandle(), "show tables");
httpClient.ExecuteStatement(execReq);
// capture arguments to authorizer impl call and verify ip addresses passed
ArgumentCaptor<HiveAuthzContext> contextCapturer = ArgumentCaptor.forClass(HiveAuthzContext.class);
verify(mockedAuthorizer).checkPrivileges(any(HiveOperationType.class), Matchers.anyListOf(HivePrivilegeObject.class), Matchers.anyListOf(HivePrivilegeObject.class), contextCapturer.capture());
HiveAuthzContext context = contextCapturer.getValue();
System.err.println("Forwarded IP Addresses " + context.getForwardedAddresses());
List<String> auditIPAddresses = new ArrayList<String>(context.getForwardedAddresses());
Collections.sort(auditIPAddresses);
Collections.sort(headerIPs);
Assert.assertEquals("Checking forwarded IP Address", headerIPs, auditIPAddresses);
}
use of org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzContext in project hive by apache.
the class TestHS2AuthzContext method verifyContextContents.
private void verifyContextContents(final String cmd, String ctxCmd) throws Exception, HiveAuthzPluginException, HiveAccessControlException {
Connection hs2Conn = getConnection("user1");
Statement stmt = hs2Conn.createStatement();
stmt.execute(cmd);
stmt.close();
hs2Conn.close();
ArgumentCaptor<HiveAuthzContext> contextCapturer = ArgumentCaptor.forClass(HiveAuthzContext.class);
verify(mockedAuthorizer).checkPrivileges(any(HiveOperationType.class), Matchers.anyListOf(HivePrivilegeObject.class), Matchers.anyListOf(HivePrivilegeObject.class), contextCapturer.capture());
HiveAuthzContext context = contextCapturer.getValue();
assertEquals("Command ", ctxCmd, context.getCommandString());
assertTrue("ip address pattern check", context.getIpAddress().matches("[.:a-fA-F0-9]+"));
// ip address size check - check for something better than non zero
assertTrue("ip address size check", context.getIpAddress().length() > 7);
}
Aggregations