Java源码示例:org.apache.hadoop.hive.ql.security.authorization.plugin.HiveMetastoreClientFactory
示例1
public RangerHiveAuthorizerBase(HiveMetastoreClientFactory metastoreClientFactory,
HiveConf hiveConf,
HiveAuthenticationProvider hiveAuthenticator,
HiveAuthzSessionContext context) {
mMetastoreClientFactory = metastoreClientFactory;
mHiveConf = hiveConf;
mHiveAuthenticator = hiveAuthenticator;
mSessionContext = context;
String userName = mHiveAuthenticator == null ? null : mHiveAuthenticator.getUserName();
mUgi = userName == null ? null : UserGroupInformation.createRemoteUser(userName);
if(mHiveAuthenticator == null) {
LOG.warn("RangerHiveAuthorizerBase.RangerHiveAuthorizerBase(): hiveAuthenticator is null");
} else if(StringUtil.isEmpty(userName)) {
LOG.warn("RangerHiveAuthorizerBase.RangerHiveAuthorizerBase(): hiveAuthenticator.getUserName() returned null/empty");
} else if(mUgi == null) {
LOG.warn(String.format("RangerHiveAuthorizerBase.RangerHiveAuthorizerBase(): UserGroupInformation.createRemoteUser(%s) returned null", userName));
}
}
示例2
@Override
public HiveAuthorizer createHiveAuthorizer(HiveMetastoreClientFactory metastoreClientFactory,
HiveConf conf,
HiveAuthenticationProvider hiveAuthenticator,
HiveAuthzSessionContext sessionContext)
throws HiveAuthzPluginException {
HiveAuthorizer ret = null;
if(LOG.isDebugEnabled()) {
LOG.debug("==> RangerHiveAuthorizerFactory.createHiveAuthorizer()");
}
try {
activatePluginClassLoader();
ret = rangerHiveAuthorizerFactoryImpl.createHiveAuthorizer(metastoreClientFactory, conf, hiveAuthenticator, sessionContext);
} finally {
deactivatePluginClassLoader();
}
if(LOG.isDebugEnabled()) {
LOG.debug("<== RangerHiveAuthorizerFactory.createHiveAuthorizer()");
}
return ret;
}
示例3
@Override
public HiveAuthorizer createHiveAuthorizer(HiveMetastoreClientFactory metastoreClientFactory,
HiveConf conf, HiveAuthenticationProvider authenticator, HiveAuthzSessionContext ctx)
throws HiveAuthzPluginException {
HiveAuthzSessionContext sessionContext;
try {
this.authzConf = HiveAuthzBindingHook.loadAuthzConf(conf);
sessionContext = applyTestSettings(ctx, conf);
assertHiveCliAuthDisabled(conf, sessionContext);
} catch (Exception e) {
throw new HiveAuthzPluginException(e);
}
SentryHiveAccessController accessController =
getAccessController(conf, authzConf, authenticator, sessionContext);
SentryHiveAuthorizationValidator authzValidator =
getAuthzValidator(conf, authzConf, authenticator);
return new SentryHiveAuthorizer(accessController, authzValidator);
}
示例4
public RelaxedSQLStdHiveAccessController(
HiveMetastoreClientFactory metastoreClientFactory,
HiveConf conf,
HiveAuthenticationProvider authenticator,
HiveAuthzSessionContext ctx) throws HiveAuthzPluginException {
super(metastoreClientFactory, conf, authenticator, ctx);
}
示例5
@Override
public HiveAuthorizer createHiveAuthorizer(
HiveMetastoreClientFactory metastoreClientFactory,
HiveConf conf,
HiveAuthenticationProvider authenticator,
HiveAuthzSessionContext ctx)
throws HiveAuthzPluginException {
RelaxedSQLStdHiveAccessControllerWrapper privilegeManager = new RelaxedSQLStdHiveAccessControllerWrapper(
metastoreClientFactory, conf, authenticator, ctx);
return new HiveAuthorizerImpl(privilegeManager,
new SQLStdHiveAuthorizationValidator(metastoreClientFactory, conf, authenticator, privilegeManager, ctx));
}
示例6
public RelaxedSQLStdHiveAccessControllerWrapper(
HiveMetastoreClientFactory metastoreClientFactory,
HiveConf conf,
HiveAuthenticationProvider authenticator,
HiveAuthzSessionContext ctx) throws HiveAuthzPluginException {
super(metastoreClientFactory, conf, authenticator, ctx);
overrideHiveAccessController(
new RelaxedSQLStdHiveAccessController(metastoreClientFactory, conf, authenticator, ctx));
}
示例7
@Override
public HiveAuthorizer createHiveAuthorizer(HiveMetastoreClientFactory metastoreClientFactory,
HiveConf conf,
HiveAuthenticationProvider hiveAuthenticator,
HiveAuthzSessionContext sessionContext)
throws HiveAuthzPluginException {
return new RangerHiveAuthorizer(metastoreClientFactory, conf, hiveAuthenticator, sessionContext);
}
示例8
/**
* just for testing
*/
@VisibleForTesting
protected HiveAuthorizer createHiveAuthorizer(HiveMetastoreClientFactory metastoreClientFactory,
HiveConf conf, HiveAuthzConf authzConf, HiveAuthenticationProvider authenticator,
HiveAuthzSessionContext ctx) throws HiveAuthzPluginException {
SentryHiveAccessController accessController =
getAccessController(conf, authzConf, authenticator, ctx);
SentryHiveAuthorizationValidator authzValidator =
getAuthzValidator(conf, authzConf, authenticator);
return new SentryHiveAuthorizer(accessController, authzValidator);
}
示例9
public HiveAuthorizationHelper(final IMetaStoreClient mClient, final HiveConf hiveConf, final String user) {
authzEnabled = hiveConf.getBoolVar(ConfVars.HIVE_AUTHORIZATION_ENABLED);
if (!authzEnabled) {
authorizerV2 = null;
return;
}
try (final ContextClassLoaderSwapper cls = ContextClassLoaderSwapper.newInstance()) {
final HiveConf hiveConfCopy = new HiveConf(hiveConf);
hiveConfCopy.set("user.name", user);
hiveConfCopy.set("proxy.user.name", user);
final HiveAuthenticationProvider authenticator = HiveUtils.getAuthenticator(hiveConfCopy,
HiveConf.ConfVars.HIVE_AUTHENTICATOR_MANAGER);
// This must be retrieved before creating the session state, because creation of the
// session state changes the given HiveConf's classloader to a UDF ClassLoader.
final HiveAuthorizerFactory authorizerFactory =
HiveUtils.getAuthorizerFactory(hiveConfCopy, HiveConf.ConfVars.HIVE_AUTHORIZATION_MANAGER);
SessionState ss = new SessionState(hiveConfCopy, user);
authenticator.setSessionState(ss);
HiveAuthzSessionContext.Builder authzContextBuilder = new HiveAuthzSessionContext.Builder();
authzContextBuilder.setClientType(CLIENT_TYPE.HIVESERVER2); // Dremio is emulating HS2 here
authorizerV2 = authorizerFactory.createHiveAuthorizer(
new HiveMetastoreClientFactory() {
@Override
public IMetaStoreClient getHiveMetastoreClient() throws HiveAuthzPluginException {
return mClient;
}
},
hiveConf, authenticator, authzContextBuilder.build());
authorizerV2.applyAuthorizationConfigPolicy(hiveConfCopy);
} catch (final HiveException e) {
throw new RuntimeException("Failed to initialize Hive authorization components: " + e.getMessage(), e);
}
logger.trace("Hive authorization enabled");
}
示例10
public RangerHiveAuthorizer(HiveMetastoreClientFactory metastoreClientFactory,
HiveConf hiveConf,
HiveAuthenticationProvider hiveAuthenticator,
HiveAuthzSessionContext sessionContext) {
super(metastoreClientFactory, hiveConf, hiveAuthenticator, sessionContext);
LOG.debug("RangerHiveAuthorizer.RangerHiveAuthorizer()");
RangerHivePlugin plugin = hivePlugin;
if(plugin == null) {
synchronized(RangerHiveAuthorizer.class) {
plugin = hivePlugin;
if(plugin == null) {
String appType = "unknown";
if(sessionContext != null) {
switch(sessionContext.getClientType()) {
case HIVECLI:
appType = "hiveCLI";
break;
case HIVESERVER2:
appType = "hiveServer2";
break;
/*
case HIVEMETASTORE:
appType = "hiveMetastore";
break;
case OTHER:
appType = "other";
break;
*/
}
}
plugin = new RangerHivePlugin(appType);
plugin.init();
hivePlugin = plugin;
}
}
}
}
示例11
public HiveMetastoreClientFactory getMetastoreClientFactory() {
return mMetastoreClientFactory;
}
示例12
@Override
public HiveAuthorizer createHiveAuthorizer(
HiveMetastoreClientFactory metastoreClientFactory, HiveConf conf,
HiveAuthenticationProvider hiveAuthenticator,
HiveAuthzSessionContext ctx) throws HiveAuthzPluginException {
return new SentryHiveAuthorizerImpl(null, null); }
