hive-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From the...@apache.org
Subject svn commit: r1611209 - in /hive/trunk/ql/src: java/org/apache/hadoop/hive/ql/exec/ java/org/apache/hadoop/hive/ql/security/authorization/ java/org/apache/hadoop/hive/ql/session/ test/queries/clientpositive/ test/results/clientpositive/
Date Wed, 16 Jul 2014 22:22:45 GMT
Author: thejas
Date: Wed Jul 16 22:22:45 2014
New Revision: 1611209

URL: http://svn.apache.org/r1611209
Log:
HIVE-7365 : Explain authorize for auth2 throws exception (Navis via Thejas Nair)

Modified:
    hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/exec/ExplainTask.java
    hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/AuthorizationFactory.java
    hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/session/SessionState.java
    hive/trunk/ql/src/test/queries/clientpositive/authorization_view_sqlstd.q
    hive/trunk/ql/src/test/results/clientpositive/authorization_view_sqlstd.q.out

Modified: hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/exec/ExplainTask.java
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/exec/ExplainTask.java?rev=1611209&r1=1611208&r2=1611209&view=diff
==============================================================================
--- hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/exec/ExplainTask.java (original)
+++ hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/exec/ExplainTask.java Wed Jul 16 22:22:45
2014
@@ -55,7 +55,6 @@ import org.apache.hadoop.hive.ql.plan.Hi
 import org.apache.hadoop.hive.ql.plan.OperatorDesc;
 import org.apache.hadoop.hive.ql.plan.api.StageType;
 import org.apache.hadoop.hive.ql.security.authorization.AuthorizationFactory;
-import org.apache.hadoop.hive.ql.security.authorization.HiveAuthorizationProvider;
 import org.apache.hadoop.hive.ql.session.SessionState;
 import org.apache.hadoop.io.IOUtils;
 import org.apache.hadoop.util.StringUtils;
@@ -334,23 +333,27 @@ public class ExplainTask extends Task<Ex
     if (analyzer.skipAuthorization()) {
       return object;
     }
-    HiveAuthorizationProvider delegate = SessionState.get().getAuthorizer();
 
     final List<String> exceptions = new ArrayList<String>();
-    HiveAuthorizationProvider authorizer = AuthorizationFactory.create(delegate,
-        new AuthorizationFactory.AuthorizationExceptionHandler() {
-          public void exception(AuthorizationException exception) {
-            exceptions.add(exception.getMessage());
-          }
-        });
 
-    SessionState.get().setAuthorizer(authorizer);
-    try {
-      Driver.doAuthorization(analyzer);
-    } finally {
-      SessionState.get().setAuthorizer(delegate);
+    Object delegate = SessionState.get().getActiveAuthorizer();
+    if (delegate != null) {
+      Class itface = SessionState.get().getAuthorizerInterface();
+
+      Object authorizer = AuthorizationFactory.create(delegate, itface,
+          new AuthorizationFactory.AuthorizationExceptionHandler() {
+            public void exception(Exception exception) {
+              exceptions.add(exception.getMessage());
+            }
+          });
+
+      SessionState.get().setActiveAuthorizer(authorizer);
+      try {
+        Driver.doAuthorization(analyzer);
+      } finally {
+        SessionState.get().setActiveAuthorizer(delegate);
+      }
     }
-
     if (!exceptions.isEmpty()) {
       Object jsonFails = toJson("AUTHORIZATION_FAILURES", exceptions, out, work);
       if (work.isFormatted()) {

Modified: hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/AuthorizationFactory.java
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/AuthorizationFactory.java?rev=1611209&r1=1611208&r2=1611209&view=diff
==============================================================================
--- hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/AuthorizationFactory.java
(original)
+++ hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/AuthorizationFactory.java
Wed Jul 16 22:22:45 2014
@@ -19,6 +19,8 @@
 package org.apache.hadoop.hive.ql.security.authorization;
 
 import org.apache.hadoop.hive.ql.metadata.AuthorizationException;
+import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAccessControlException;
+import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzPluginException;
 
 import java.lang.reflect.InvocationHandler;
 import java.lang.reflect.InvocationTargetException;
@@ -27,13 +29,8 @@ import java.lang.reflect.Proxy;
 
 public class AuthorizationFactory {
 
-  public static HiveAuthorizationProvider create(HiveAuthorizationProvider delegated) {
-    return create(delegated, new DefaultAuthorizationExceptionHandler());
-  }
-
-  public static HiveAuthorizationProvider create(final HiveAuthorizationProvider delegated,
-      final AuthorizationExceptionHandler handler) {
-
+  public static <T> T create(
+      final Object delegated, final Class<T> itface, final AuthorizationExceptionHandler
handler) {
     InvocationHandler invocation = new InvocationHandler() {
       public Object invoke(Object proxy, Method method, Object[] args) throws Throwable {
         invokeAuth(method, args);
@@ -44,27 +41,38 @@ public class AuthorizationFactory {
         try {
           method.invoke(delegated, args);
         } catch (InvocationTargetException e) {
-          if (e.getTargetException() instanceof AuthorizationException) {
-            handler.exception((AuthorizationException) e.getTargetException());
+          if (e.getTargetException() instanceof AuthorizationException ||
+              e.getTargetException() instanceof HiveAuthzPluginException||
+              e.getTargetException() instanceof HiveAccessControlException) {
+            handler.exception((Exception) e.getTargetException());
           }
         }
       }
     };
 
-    return (HiveAuthorizationProvider)Proxy.newProxyInstance(
-        AuthorizationFactory.class.getClassLoader(),
-        new Class[] {HiveAuthorizationProvider.class},
-        invocation);
+    return (T) Proxy.newProxyInstance(
+        AuthorizationFactory.class.getClassLoader(), new Class[]{itface}, invocation);
   }
 
   public static interface AuthorizationExceptionHandler {
-    void exception(AuthorizationException exception) throws AuthorizationException;
+    void exception(Exception exception)
+        throws AuthorizationException, HiveAuthzPluginException, HiveAccessControlException;
   }
 
   public static class DefaultAuthorizationExceptionHandler
       implements AuthorizationExceptionHandler {
-    public void exception(AuthorizationException exception) {
-      throw exception;
+    public void exception(Exception exception) throws
+        AuthorizationException, HiveAuthzPluginException, HiveAccessControlException {
+      if (exception instanceof AuthorizationException) {
+        throw (AuthorizationException) exception;
+      }
+      if (exception instanceof HiveAuthzPluginException) {
+        throw (HiveAuthzPluginException) exception;
+      }
+      if (exception instanceof HiveAccessControlException) {
+        throw (HiveAccessControlException) exception;
+      }
+      throw new RuntimeException(exception);
     }
   }
 }

Modified: hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/session/SessionState.java
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/session/SessionState.java?rev=1611209&r1=1611208&r2=1611209&view=diff
==============================================================================
--- hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/session/SessionState.java (original)
+++ hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/session/SessionState.java Wed Jul 16
22:22:45 2014
@@ -515,13 +515,32 @@ public class SessionState {
     }
 
     if(LOG.isDebugEnabled()){
-      Object authorizationClass = getAuthorizationMode() == AuthorizationMode.V1 ?
-          getAuthorizer() : getAuthorizerV2();
-          LOG.debug("Session is using authorization class " + authorizationClass.getClass());
+      Object authorizationClass = getActiveAuthorizer();
+      LOG.debug("Session is using authorization class " + authorizationClass.getClass());
     }
     return;
   }
 
+  public Object getActiveAuthorizer() {
+    return getAuthorizationMode() == AuthorizationMode.V1 ?
+        getAuthorizer() : getAuthorizerV2();
+  }
+
+  public Class getAuthorizerInterface() {
+    return getAuthorizationMode() == AuthorizationMode.V1 ?
+        HiveAuthorizationProvider.class : HiveAuthorizer.class;
+  }
+
+  public void setActiveAuthorizer(Object authorizer) {
+    if (authorizer instanceof HiveAuthorizationProvider) {
+      this.authorizer = (HiveAuthorizationProvider)authorizer;
+    } else if (authorizer instanceof HiveAuthorizer) {
+      this.authorizerV2 = (HiveAuthorizer) authorizer;
+    } else if (authorizer != null) {
+      throw new IllegalArgumentException("Invalid authorizer " + authorizer);
+    }
+  }
+
   /**
    * @param conf
    * @return per-session temp file

Modified: hive/trunk/ql/src/test/queries/clientpositive/authorization_view_sqlstd.q
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/queries/clientpositive/authorization_view_sqlstd.q?rev=1611209&r1=1611208&r2=1611209&view=diff
==============================================================================
--- hive/trunk/ql/src/test/queries/clientpositive/authorization_view_sqlstd.q (original)
+++ hive/trunk/ql/src/test/queries/clientpositive/authorization_view_sqlstd.q Wed Jul 16 22:22:45
2014
@@ -30,6 +30,8 @@ show grant user user3 on table vt1;
 
 
 set user.name=user2;
+
+explain authorization select * from vt1;
 select * from vt1;
 
 set user.name=user1;

Modified: hive/trunk/ql/src/test/results/clientpositive/authorization_view_sqlstd.q.out
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/results/clientpositive/authorization_view_sqlstd.q.out?rev=1611209&r1=1611208&r2=1611209&view=diff
==============================================================================
--- hive/trunk/ql/src/test/results/clientpositive/authorization_view_sqlstd.q.out (original)
+++ hive/trunk/ql/src/test/results/clientpositive/authorization_view_sqlstd.q.out Wed Jul
16 22:22:45 2014
@@ -79,6 +79,19 @@ PREHOOK: type: SHOW_GRANT
 POSTHOOK: query: show grant user user3 on table vt1
 POSTHOOK: type: SHOW_GRANT
 default	vt1			user3	USER	INSERT	false	-1	user1
+PREHOOK: query: explain authorization select * from vt1
+PREHOOK: type: QUERY
+POSTHOOK: query: explain authorization select * from vt1
+POSTHOOK: type: QUERY
+INPUTS: 
+  default@vt1
+  default@t1
+OUTPUTS: 
+#### A masked pattern was here ####
+CURRENT_USER: 
+  user2
+OPERATION: 
+  QUERY
 PREHOOK: query: select * from vt1
 PREHOOK: type: QUERY
 PREHOOK: Input: default@t1



Mime
View raw message