ranger-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mad...@apache.org
Subject git commit: Argus-159:HiveServer2 JDBC driver in http mode is not using pre-authenticated subject credentials.
Date Thu, 06 Nov 2014 01:41:08 GMT
Repository: incubator-argus
Updated Branches:
  refs/heads/ranger-0.4 8dba6a3c6 -> 55a75201f


Argus-159:HiveServer2 JDBC driver in http mode is not using
pre-authenticated subject credentials.


Project: http://git-wip-us.apache.org/repos/asf/incubator-argus/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-argus/commit/55a75201
Tree: http://git-wip-us.apache.org/repos/asf/incubator-argus/tree/55a75201
Diff: http://git-wip-us.apache.org/repos/asf/incubator-argus/diff/55a75201

Branch: refs/heads/ranger-0.4
Commit: 55a75201fd322ac4d5b3e6393f095f337a86ef37
Parents: 8dba6a3
Author: rmani <rmani@hortonworks.com>
Authored: Wed Nov 5 17:05:14 2014 -0800
Committer: Madhan Neethiraj <madhan@apache.org>
Committed: Wed Nov 5 17:39:34 2014 -0800

----------------------------------------------------------------------
 .../com/xasecure/hive/client/HiveClient.java    | 62 ++++++++++++++++----
 1 file changed, 52 insertions(+), 10 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/55a75201/lookup-client/src/main/java/com/xasecure/hive/client/HiveClient.java
----------------------------------------------------------------------
diff --git a/lookup-client/src/main/java/com/xasecure/hive/client/HiveClient.java b/lookup-client/src/main/java/com/xasecure/hive/client/HiveClient.java
index 09abecf..ce586a5 100644
--- a/lookup-client/src/main/java/com/xasecure/hive/client/HiveClient.java
+++ b/lookup-client/src/main/java/com/xasecure/hive/client/HiveClient.java
@@ -61,9 +61,9 @@ public class HiveClient extends BaseClient implements Closeable {
 	}
 	
 	public void initHive() {
-		
 		isKerberosAuth = getConfigHolder().isKerberosAuthentication();
 		if (isKerberosAuth) {
+			LOG.info("Secured Mode: JDBC Connection done with preAuthenticated Subject");
 			Subject.doAs(getLoginSubject(), new PrivilegedAction<Object>() {
 				public Object run() {
 					initConnection();
@@ -73,14 +73,28 @@ public class HiveClient extends BaseClient implements Closeable {
 		}
 		else {
 			LOG.info("Since Password is NOT provided, Trying to use UnSecure client with username
and password");
-			String userName = getConfigHolder().getUserName() ;
-			String password = getConfigHolder().getPassword() ;
-			initConnection(userName,password);
+			final String userName = getConfigHolder().getUserName() ;
+			final String password = getConfigHolder().getPassword() ;
+			Subject.doAs(getLoginSubject(), new PrivilegedAction<Object>() {
+				public Object run() {
+					initConnection(userName,password);
+					return null;
+				}
+			}) ;	
 		}
-		
 	}
 	
-	public List<String> getDatabaseList(String databaseMatching) {
+	public List<String> getDatabaseList(String databaseMatching){
+	 	final String dbMatching=databaseMatching;
+		List<String> dblist = Subject.doAs(getLoginSubject(), new PrivilegedAction<List<String>>()
{
+			public List<String>  run() {
+				return getDBList(dbMatching);
+			}
+		}) ;
+		return dblist;
+	}
+		
+	private List<String> getDBList(String databaseMatching) {
 		List<String> ret = new ArrayList<String>() ;
 		String errMsg = " You can still save the repository and start creating "
 				+ "policies, but you would not be able to use autocomplete for "
@@ -121,8 +135,19 @@ public class HiveClient extends BaseClient implements Closeable {
 		}
 		return ret ;
 	}
+	
+	public List<String> getTableList(String database, String tableNameMatching){
+		final String db=database;
+		final String tblNameMatching=tableNameMatching;
+		List<String> tableList = Subject.doAs(getLoginSubject(), new PrivilegedAction<List<String>>()
{
+			public List<String>  run() {
+				return getTblList(db,tblNameMatching);
+			}
+		}) ;
+		return tableList;
+	}
 
-	public List<String> getTableList(String database, String tableNameMatching) {
+	public List<String> getTblList(String database, String tableNameMatching) {
 		List<String> ret = new ArrayList<String>() ;
 		String errMsg = " You can still save the repository and start creating "
 				+ "policies, but you would not be able to use autocomplete for "
@@ -186,8 +211,20 @@ public class HiveClient extends BaseClient implements Closeable {
 		List<String> ret = null ;
 		return ret ;
 	}
-
+	
 	public List<String> getColumnList(String database, String tableName, String columnNameMatching)
{
+		final String db=database;
+		final String tblName=tableName;
+		final String clmNameMatching=columnNameMatching;
+		List<String> columnList = Subject.doAs(getLoginSubject(), new PrivilegedAction<List<String>>()
{
+			public List<String>  run() {
+					return getClmList(db,tblName,clmNameMatching);
+				}
+			}) ;
+		return columnList;
+	}
+	
+	public List<String> getClmList(String database, String tableName, String columnNameMatching)
{
 		List<String> ret = new ArrayList<String>() ;
 		String errMsg = " You can still save the repository and start creating "
 				+ "policies, but you would not be able to use autocomplete for "
@@ -254,7 +291,12 @@ public class HiveClient extends BaseClient implements Closeable {
 	
 	
 	public void close() {
-		close(con) ;
+		Subject.doAs(getLoginSubject(), new PrivilegedAction<Void>(){
+			public Void run() {
+				close(con) ;
+				return null;
+			}
+		});
 	}
 	
 	private void close(Statement aStat) {
@@ -389,7 +431,6 @@ public class HiveClient extends BaseClient implements Closeable {
 			System.exit(1) ;
 		}
 		
-		
 		try {
 			hc = new HiveClient(args[0]) ;
 			
@@ -447,6 +488,7 @@ public class HiveClient extends BaseClient implements Closeable {
 		HiveClient connectionObj = new HiveClient(dataSource,
 				connectionProperties);
 		if (connectionObj != null) {
+		
 			List<String> testResult = connectionObj.getDatabaseList("*");
 			if (testResult != null && testResult.size() != 0) {
 				connectivityStatus = true;


Mime
View raw message