use of org.apache.hadoop.hive.shims.HadoopShims.KerberosNameShim in project hive by apache.
the class HiveAuthFactory method verifyProxyAccess.
public static void verifyProxyAccess(String realUser, String proxyUser, String ipAddress, HiveConf hiveConf) throws HiveSQLException {
try {
UserGroupInformation sessionUgi;
if (UserGroupInformation.isSecurityEnabled()) {
KerberosNameShim kerbName = ShimLoader.getHadoopShims().getKerberosNameShim(realUser);
sessionUgi = UserGroupInformation.createProxyUser(kerbName.getServiceName(), UserGroupInformation.getLoginUser());
} else {
sessionUgi = UserGroupInformation.createRemoteUser(realUser);
}
if (!proxyUser.equalsIgnoreCase(realUser)) {
ProxyUsers.refreshSuperUserGroupsConfiguration(hiveConf);
ProxyUsers.authorize(UserGroupInformation.createProxyUser(proxyUser, sessionUgi), ipAddress, hiveConf);
}
} catch (IOException e) {
throw new HiveSQLException("Failed to validate proxy privilege of " + realUser + " for " + proxyUser, "08S01", e);
}
}
use of org.apache.hadoop.hive.shims.HadoopShims.KerberosNameShim in project hive by apache.
the class ThriftCLIService method getShortName.
private String getShortName(String userName) throws IOException {
String ret = null;
if (userName != null) {
if (hiveAuthFactory != null && hiveAuthFactory.isSASLKerberosUser()) {
// KerberosName.getShorName can only be used for kerberos user, but not for the user
// logged in via other authentications such as LDAP
KerberosNameShim fullKerberosName = ShimLoader.getHadoopShims().getKerberosNameShim(userName);
ret = fullKerberosName.getShortName();
} else {
int indexOfDomainMatch = ServiceUtils.indexOfDomainMatch(userName);
ret = (indexOfDomainMatch <= 0) ? userName : userName.substring(0, indexOfDomainMatch);
}
}
return ret;
}
Aggregations