org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizerFactory Java Examples

The following examples show how to use org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizerFactory. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: RangerHiveAuthorizerFactory.java    From ranger with Apache License 2.0 5 votes vote down vote up
public void init(){
	if(LOG.isDebugEnabled()) {
		LOG.debug("==> RangerHiveAuthorizerFactory.init()");
	}

	try {

		rangerPluginClassLoader =  RangerPluginClassLoader.getInstance(RANGER_PLUGIN_TYPE, this.getClass());

		@SuppressWarnings("unchecked")
		Class<HiveAuthorizerFactory> cls = (Class<HiveAuthorizerFactory>) Class.forName(RANGER_HIVE_AUTHORIZER_IMPL_CLASSNAME, true, rangerPluginClassLoader);

		activatePluginClassLoader();
		
		rangerHiveAuthorizerFactoryImpl  = cls.newInstance();

	} catch (Exception e) {
           // check what need to be done
          LOG.error("Error Enabling RangerHivePlugin", e);
	} finally {
		deactivatePluginClassLoader();
	}

	if(LOG.isDebugEnabled()) {
		LOG.debug("<== RangerHiveAuthorizerFactory.init()");
	}
}
 
Example #2
Source File: HiveAuthorizationHelper.java    From dremio-oss with Apache License 2.0 4 votes vote down vote up
public HiveAuthorizationHelper(final IMetaStoreClient mClient, final HiveConf hiveConf, final String user) {
  authzEnabled = hiveConf.getBoolVar(ConfVars.HIVE_AUTHORIZATION_ENABLED);
  if (!authzEnabled) {
    authorizerV2 = null;
    return;
  }

  try (final ContextClassLoaderSwapper cls = ContextClassLoaderSwapper.newInstance()) {
    final HiveConf hiveConfCopy = new HiveConf(hiveConf);
    hiveConfCopy.set("user.name", user);
    hiveConfCopy.set("proxy.user.name", user);

    final HiveAuthenticationProvider authenticator = HiveUtils.getAuthenticator(hiveConfCopy,
        HiveConf.ConfVars.HIVE_AUTHENTICATOR_MANAGER);

    // This must be retrieved before creating the session state, because creation of the
    // session state changes the given HiveConf's classloader to a UDF ClassLoader.
    final HiveAuthorizerFactory authorizerFactory =
      HiveUtils.getAuthorizerFactory(hiveConfCopy, HiveConf.ConfVars.HIVE_AUTHORIZATION_MANAGER);

    SessionState ss = new SessionState(hiveConfCopy, user);
    authenticator.setSessionState(ss);

    HiveAuthzSessionContext.Builder authzContextBuilder = new HiveAuthzSessionContext.Builder();
    authzContextBuilder.setClientType(CLIENT_TYPE.HIVESERVER2); // Dremio is emulating HS2 here

    authorizerV2 = authorizerFactory.createHiveAuthorizer(
        new HiveMetastoreClientFactory() {
          @Override
          public IMetaStoreClient getHiveMetastoreClient() throws HiveAuthzPluginException {
            return mClient;
          }
        },
        hiveConf, authenticator, authzContextBuilder.build());

    authorizerV2.applyAuthorizationConfigPolicy(hiveConfCopy);
  } catch (final HiveException e) {
    throw new RuntimeException("Failed to initialize Hive authorization components: " + e.getMessage(), e);
  }

  logger.trace("Hive authorization enabled");
}