incubator-hcatalog-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From da...@apache.org
Subject svn commit: r1346627 - in /incubator/hcatalog/trunk: CHANGES.txt src/java/org/apache/hcatalog/security/HdfsAuthorizationProvider.java
Date Tue, 05 Jun 2012 22:20:03 GMT
Author: daijy
Date: Tue Jun  5 22:20:03 2012
New Revision: 1346627

URL: http://svn.apache.org/viewvc?rev=1346627&view=rev
Log:
HCATALOG-410 support proxy user in hcat client

Modified:
    incubator/hcatalog/trunk/CHANGES.txt
    incubator/hcatalog/trunk/src/java/org/apache/hcatalog/security/HdfsAuthorizationProvider.java

Modified: incubator/hcatalog/trunk/CHANGES.txt
URL: http://svn.apache.org/viewvc/incubator/hcatalog/trunk/CHANGES.txt?rev=1346627&r1=1346626&r2=1346627&view=diff
==============================================================================
--- incubator/hcatalog/trunk/CHANGES.txt (original)
+++ incubator/hcatalog/trunk/CHANGES.txt Tue Jun  5 22:20:03 2012
@@ -153,6 +153,8 @@ Release 0.4.0 - Release May 16 2012
   OPTIMIZATIONS
 
   BUG FIXES
+  HCATALOG-410 support proxy user in hcat client (thejas via daijy)
+
   HCAT-380 If pig script does load then order by, hive-site.xml doesn't seem to propagate
properly (toffer)
 
   HCAT-396 src-release leaves out lib directory (gates)

Modified: incubator/hcatalog/trunk/src/java/org/apache/hcatalog/security/HdfsAuthorizationProvider.java
URL: http://svn.apache.org/viewvc/incubator/hcatalog/trunk/src/java/org/apache/hcatalog/security/HdfsAuthorizationProvider.java?rev=1346627&r1=1346626&r2=1346627&view=diff
==============================================================================
--- incubator/hcatalog/trunk/src/java/org/apache/hcatalog/security/HdfsAuthorizationProvider.java
(original)
+++ incubator/hcatalog/trunk/src/java/org/apache/hcatalog/security/HdfsAuthorizationProvider.java
Tue Jun  5 22:20:03 2012
@@ -49,12 +49,17 @@ import org.apache.hadoop.security.Access
 import org.apache.hadoop.security.UserGroupInformation;
 
 /** 
- * An AuthorizationProvider, which checks against the data access level permissions on HDFS.

+ * An AuthorizationProvider, which checks against the data access level permissions on HDFS.
+ * It makes sense to eventually move this class to Hive, so that all hive users can
+ * use this authorization model. 
  */
 public class HdfsAuthorizationProvider extends HiveAuthorizationProviderBase {
 
   protected Warehouse wh;
   
+  //Config variables : create an enum to store them if we have more
+  private static final String PROXY_USER_NAME = "proxy.user.name";
+
   public HdfsAuthorizationProvider() {
     super();
   }
@@ -234,17 +239,21 @@ public class HdfsAuthorizationProvider e
    * Checks the permissions for the given path and current user on Hadoop FS. If the given
path 
    * does not exists, it checks for it's parent folder.
    */
-  public static void checkPermissions(final Configuration conf, final Path path, 
+  protected static void checkPermissions(final Configuration conf, final Path path, 
       final EnumSet<FsAction> actions) throws IOException, LoginException {
 
     if (path == null) {
       throw new IllegalArgumentException("path is null");
     }
-    
-    final UserGroupInformation ugi;
-    
+
     HadoopShims shims = ShimLoader.getHadoopShims();
-    ugi = shims.getUGIForConf(conf);
+    final UserGroupInformation ugi;
+    if(conf.get(PROXY_USER_NAME) != null){
+        ugi = UserGroupInformation.createRemoteUser(conf.get(PROXY_USER_NAME));
+    }
+    else {
+        ugi = shims.getUGIForConf(conf);
+    }
     final String user = shims.getShortUserName(ugi);  
         
     final FileSystem fs = path.getFileSystem(conf);
@@ -270,7 +279,7 @@ public class HdfsAuthorizationProvider e
    * does not exists, it returns.
    */
   @SuppressWarnings("deprecation")
-  public static void checkPermissions(final FileSystem fs, final Path path,
+  protected static void checkPermissions(final FileSystem fs, final Path path,
       final EnumSet<FsAction> actions, String user, String[] groups) throws IOException,
       AccessControlException {
     



Mime
View raw message