ranger-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mad...@apache.org
Subject [32/51] [partial] incubator-ranger git commit: RANGER-194: Rename packages from xasecure to apache ranger
Date Fri, 12 Dec 2014 01:30:15 GMT
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/413fcb68/hdfs-agent/src/test/java/com/xasecure/authorization/hadoop/agent/TestXaSecureFSPermissionChecker.java
----------------------------------------------------------------------
diff --git a/hdfs-agent/src/test/java/com/xasecure/authorization/hadoop/agent/TestXaSecureFSPermissionChecker.java b/hdfs-agent/src/test/java/com/xasecure/authorization/hadoop/agent/TestXaSecureFSPermissionChecker.java
deleted file mode 100644
index 68ea92c..0000000
--- a/hdfs-agent/src/test/java/com/xasecure/authorization/hadoop/agent/TestXaSecureFSPermissionChecker.java
+++ /dev/null
@@ -1,68 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package com.xasecure.authorization.hadoop.agent;
-
-import static org.junit.Assert.assertFalse;
-import static org.junit.Assert.fail;
-
-import java.util.Set;
-
-import org.apache.hadoop.fs.permission.FsAction;
-import org.apache.hadoop.hdfs.server.namenode.INode;
-import org.apache.hadoop.hdfs.server.namenode.XaSecureFSPermissionChecker;
-import org.apache.hadoop.security.UserGroupInformation;
-import org.junit.Test;
-
-import com.xasecure.authorization.hadoop.exceptions.XaSecureAccessControlException;
-
-public class TestXaSecureFSPermissionChecker {
-
-	@Test
-	public void nullUgiToCheckReturnsFalse() {
-
-		UserGroupInformation ugi = null;
-		INode inode = null;
-		FsAction access = null;
-		try {
-			boolean result = XaSecureFSPermissionChecker.check(ugi, inode, access);
-			assertFalse(result);
-		} catch (XaSecureAccessControlException e) {
-			fail("Unexpected exception!");
-		} 
-	}
-	
-	@Test
-	public void authorizeAccess() {
-		String aPathName = null;
-		String aPathOwnerName = null;
-		String user = null;
-		Set<String> groups = null;
-		FsAction access = null;
-		try {
-			// null access returns false! 
-			assertFalse(XaSecureFSPermissionChecker.AuthorizeAccessForUser(aPathName, aPathOwnerName, access, user, groups));
-			// None access type returns true!
-			access = FsAction.NONE;
-			assertFalse(XaSecureFSPermissionChecker.AuthorizeAccessForUser(aPathName, aPathOwnerName, access, user, groups));
-		} catch (XaSecureAccessControlException e) {
-			e.printStackTrace();
-			fail("Unexpected exception!");
-		}
-	}
-}

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/413fcb68/hdfs-agent/src/test/java/org/apache/ranger/authorization/hadoop/agent/TestRangerFSPermissionChecker.java
----------------------------------------------------------------------
diff --git a/hdfs-agent/src/test/java/org/apache/ranger/authorization/hadoop/agent/TestRangerFSPermissionChecker.java b/hdfs-agent/src/test/java/org/apache/ranger/authorization/hadoop/agent/TestRangerFSPermissionChecker.java
new file mode 100644
index 0000000..1405bf3
--- /dev/null
+++ b/hdfs-agent/src/test/java/org/apache/ranger/authorization/hadoop/agent/TestRangerFSPermissionChecker.java
@@ -0,0 +1,67 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.ranger.authorization.hadoop.agent;
+
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.fail;
+
+import java.util.Set;
+
+import org.apache.hadoop.fs.permission.FsAction;
+import org.apache.hadoop.hdfs.server.namenode.INode;
+import org.apache.hadoop.hdfs.server.namenode.RangerFSPermissionChecker;
+import org.apache.hadoop.security.UserGroupInformation;
+import org.apache.ranger.authorization.hadoop.exceptions.RangerAccessControlException;
+import org.junit.Test;
+
+public class TestRangerFSPermissionChecker {
+
+	@Test
+	public void nullUgiToCheckReturnsFalse() {
+
+		UserGroupInformation ugi = null;
+		INode inode = null;
+		FsAction access = null;
+		try {
+			boolean result = RangerFSPermissionChecker.check(ugi, inode, access);
+			assertFalse(result);
+		} catch (RangerAccessControlException e) {
+			fail("Unexpected exception!");
+		} 
+	}
+	
+	@Test
+	public void authorizeAccess() {
+		String aPathName = null;
+		String aPathOwnerName = null;
+		String user = null;
+		Set<String> groups = null;
+		FsAction access = null;
+		try {
+			// null access returns false! 
+			assertFalse(RangerFSPermissionChecker.AuthorizeAccessForUser(aPathName, aPathOwnerName, access, user, groups));
+			// None access type returns true!
+			access = FsAction.NONE;
+			assertFalse(RangerFSPermissionChecker.AuthorizeAccessForUser(aPathName, aPathOwnerName, access, user, groups));
+		} catch (RangerAccessControlException e) {
+			e.printStackTrace();
+			fail("Unexpected exception!");
+		}
+	}
+}

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/413fcb68/hive-agent/conf/hiveserver2-site-changes.cfg
----------------------------------------------------------------------
diff --git a/hive-agent/conf/hiveserver2-site-changes.cfg b/hive-agent/conf/hiveserver2-site-changes.cfg
index fed28df..e4aab8c 100644
--- a/hive-agent/conf/hiveserver2-site-changes.cfg
+++ b/hive-agent/conf/hiveserver2-site-changes.cfg
@@ -14,7 +14,7 @@
 # limitations under the License.
 # hive.server2.authentication			KERBEROS															mod		create-if-not-exists
 hive.security.authorization.enabled	true																mod		create-if-not-exists
-hive.security.authorization.manager	com.xasecure.authorization.hive.authorizer.XaSecureHiveAuthorizerFactory		mod		create-if-not-exists
+hive.security.authorization.manager	org.apache.ranger.authorization.hive.authorizer.RangerHiveAuthorizerFactory		mod		create-if-not-exists
 hive.security.authenticator.manager	org.apache.hadoop.hive.ql.security.SessionStateUserAuthenticator		mod	create-if-not-exists
 
 # hive.conf.restricted.list			hive.server2.authentication											append	create-if-not-exists	,

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/413fcb68/hive-agent/conf/xasecure-hive-security-changes.cfg
----------------------------------------------------------------------
diff --git a/hive-agent/conf/xasecure-hive-security-changes.cfg b/hive-agent/conf/xasecure-hive-security-changes.cfg
index 5c4b072..75fbdea 100644
--- a/hive-agent/conf/xasecure-hive-security-changes.cfg
+++ b/hive-agent/conf/xasecure-hive-security-changes.cfg
@@ -16,7 +16,7 @@
 # Change the original policy parameter to work with policy manager based.
 # 
 #
-hive.authorization.verifier.classname				com.xasecure.pdp.hive.XASecureAuthorizer								mod	create-if-not-exists
+hive.authorization.verifier.classname				org.apache.ranger.pdp.hive.RangerAuthorizer								mod	create-if-not-exists
 xasecure.hive.policymgr.url							%POLICY_MGR_URL%/service/assets/policyList/%REPOSITORY_NAME% 			mod create-if-not-exists
 xasecure.hive.policymgr.url.saveAsFile				/tmp/hive_%REPOSITORY_NAME%_json  									    mod create-if-not-exists
 xasecure.hive.policymgr.url.laststoredfile			%POLICY_CACHE_FILE_PATH%/hive_%REPOSITORY_NAME%_json 					mod create-if-not-exists

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/413fcb68/hive-agent/conf/xasecure-hive-security.xml
----------------------------------------------------------------------
diff --git a/hive-agent/conf/xasecure-hive-security.xml b/hive-agent/conf/xasecure-hive-security.xml
index b8cca10..ebc0b92 100644
--- a/hive-agent/conf/xasecure-hive-security.xml
+++ b/hive-agent/conf/xasecure-hive-security.xml
@@ -22,7 +22,7 @@
 	<!--  The following property is used to select appropriate XASecure Authorizer Module (filebased, policymanager based) -->
 	<property>
 		<name>hive.authorization.verifier.classname</name>
-		<value>com.xasecure.pdp.hive.XASecureAuthorizer</value>
+		<value>org.apache.ranger.pdp.hive.RangerAuthorizer</value>
 		<description>
 			Class Name of the authorization Module 
 		</description>

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/413fcb68/hive-agent/scripts/install.sh
----------------------------------------------------------------------
diff --git a/hive-agent/scripts/install.sh b/hive-agent/scripts/install.sh
index 59b9cb9..9c6bb3a 100644
--- a/hive-agent/scripts/install.sh
+++ b/hive-agent/scripts/install.sh
@@ -297,7 +297,7 @@ do
                 if [ $? -eq 0 ]
                 then
                 	cp="${install_dir}/installer/lib/*:${hdp_dir}/*:${hdp_lib_dir}/*"
-                        java -cp "${cp}" com.xasecure.utils.install.XmlConfigChanger -i ${archivefn} -o ${newfn} -c ${f} ${PROP_ARGS}
+                        java -cp "${cp}" org.apache.ranger.utils.install.XmlConfigChanger -i ${archivefn} -o ${newfn} -c ${f} ${PROP_ARGS}
                         if [ $? -eq 0 ]
                         then
                                 diff -w ${newfn} ${fullpathorgfn} > /dev/null 2>&1 

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/413fcb68/hive-agent/src/main/java/com/xasecure/authorization/hive/XaHiveAccessContext.java
----------------------------------------------------------------------
diff --git a/hive-agent/src/main/java/com/xasecure/authorization/hive/XaHiveAccessContext.java b/hive-agent/src/main/java/com/xasecure/authorization/hive/XaHiveAccessContext.java
deleted file mode 100644
index 570456c..0000000
--- a/hive-agent/src/main/java/com/xasecure/authorization/hive/XaHiveAccessContext.java
+++ /dev/null
@@ -1,75 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- * 
- * http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
- package com.xasecure.authorization.hive;
-
-import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzContext;
-import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzSessionContext;
-
-
-public class XaHiveAccessContext {
-	private String mClientIpAddress;
-	private String mClientType;
-	private String mCommandString;
-	private String mSessionString;
-	
-	public XaHiveAccessContext(HiveAuthzContext context, HiveAuthzSessionContext sessionContext) {
-		if(context != null) {
-			mClientIpAddress = context.getIpAddress();
-			mCommandString   = context.getCommandString();
-		}
-		
-		if(sessionContext != null) {
-			mClientType      = sessionContext.getClientType().name();
-			mSessionString   = sessionContext.getSessionString();
-		}
-	}
-
-	public String getClientIpAddress() {
-		return mClientIpAddress;
-	}
-
-	public void setClientIpAddress(String clientIpAddress) {
-		this.mClientIpAddress = clientIpAddress;
-	}
-
-	public String getClientType() {
-		return mClientType;
-	}
-
-	public void setClientType(String clientType) {
-		this.mClientType = clientType;
-	}
-
-	public String getCommandString() {
-		return mCommandString;
-	}
-
-	public void setCommandString(String commandString) {
-		this.mCommandString = commandString;
-	}
-
-	public String getSessionString() {
-		return mSessionString;
-	}
-
-	public void setSessionString(String sessionString) {
-		this.mSessionString = sessionString;
-	}
-}

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/413fcb68/hive-agent/src/main/java/com/xasecure/authorization/hive/XaHiveAccessVerifier.java
----------------------------------------------------------------------
diff --git a/hive-agent/src/main/java/com/xasecure/authorization/hive/XaHiveAccessVerifier.java b/hive-agent/src/main/java/com/xasecure/authorization/hive/XaHiveAccessVerifier.java
deleted file mode 100644
index 2dcf5f9..0000000
--- a/hive-agent/src/main/java/com/xasecure/authorization/hive/XaHiveAccessVerifier.java
+++ /dev/null
@@ -1,29 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- * 
- * http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
- package com.xasecure.authorization.hive;
-
-import org.apache.hadoop.security.UserGroupInformation;
-
-
-public interface XaHiveAccessVerifier {
-	public boolean isAccessAllowed(UserGroupInformation ugi, XaHiveObjectAccessInfo objAccessInfo) ;
-	
-	public boolean isAudited(XaHiveObjectAccessInfo objAccessInfo) ;
-}

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/413fcb68/hive-agent/src/main/java/com/xasecure/authorization/hive/XaHiveAccessVerifierFactory.java
----------------------------------------------------------------------
diff --git a/hive-agent/src/main/java/com/xasecure/authorization/hive/XaHiveAccessVerifierFactory.java b/hive-agent/src/main/java/com/xasecure/authorization/hive/XaHiveAccessVerifierFactory.java
deleted file mode 100644
index 057b930..0000000
--- a/hive-agent/src/main/java/com/xasecure/authorization/hive/XaHiveAccessVerifierFactory.java
+++ /dev/null
@@ -1,67 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- * 
- * http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
- package com.xasecure.authorization.hive;
-
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-
-import com.xasecure.authorization.hadoop.config.XaSecureConfiguration;
-import com.xasecure.authorization.hadoop.constants.XaSecureHadoopConstants;
-
-public class XaHiveAccessVerifierFactory {
-
-	private static final Log LOG = LogFactory.getLog(XaHiveAccessVerifierFactory.class) ;
-
-	private static XaHiveAccessVerifier hiveAccessVerififer = null ;
-	
-	public static XaHiveAccessVerifier getInstance() {
-		if (hiveAccessVerififer == null) {
-			synchronized(XaHiveAccessVerifierFactory.class) {
-				XaHiveAccessVerifier temp = hiveAccessVerififer ;
-				if (temp == null) {
-					String hiveAccessVerifierClassName = XaSecureConfiguration.getInstance().get(XaSecureHadoopConstants.HIVE_ACCESS_VERIFIER_CLASS_NAME_PROP, XaSecureHadoopConstants.HIVE_ACCESS_VERIFIER_CLASS_NAME_DEFAULT_VALUE ) ;
-
-					if (hiveAccessVerifierClassName != null) {
-						LOG.info("Hive Access Verification class [" + hiveAccessVerifierClassName + "] - Being built");
-						try {
-							hiveAccessVerififer = (XaHiveAccessVerifier) (Class.forName(hiveAccessVerifierClassName).newInstance()) ;
-							LOG.info("Created a new instance of class: [" + hiveAccessVerifierClassName + "] for Hive Access verification.");
-						} catch (InstantiationException e) {
-							LOG.error("Unable to create HiveAccess Verifier: [" +  hiveAccessVerifierClassName + "]", e);
-						} catch (IllegalAccessException e) {
-							LOG.error("Unable to create HiveAccess Verifier: [" +  hiveAccessVerifierClassName + "]", e);
-						} catch (ClassNotFoundException e) {
-							LOG.error("Unable to create HiveAccess Verifier: [" +  hiveAccessVerifierClassName + "]", e);
-						} catch (Throwable t) {
-							LOG.error("Unable to create HiveAccess Verifier: [" +  hiveAccessVerifierClassName + "]", t);
-						}
-						finally {
-							LOG.info("Created a new instance of class: [" + hiveAccessVerifierClassName + "] for Hive Access verification. (" + hiveAccessVerififer + ")");
-						}
-					}
-				}
-				else {
-					LOG.error("Unable to obtain hiveAccessVerifier [" +  XaSecureHadoopConstants.HIVE_ACCESS_VERIFIER_CLASS_NAME_PROP + "]");
-				}
-			}
-		}
-		return hiveAccessVerififer ;
-	}
-}

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/413fcb68/hive-agent/src/main/java/com/xasecure/authorization/hive/XaHiveObjectAccessInfo.java
----------------------------------------------------------------------
diff --git a/hive-agent/src/main/java/com/xasecure/authorization/hive/XaHiveObjectAccessInfo.java b/hive-agent/src/main/java/com/xasecure/authorization/hive/XaHiveObjectAccessInfo.java
deleted file mode 100644
index 36a6a42..0000000
--- a/hive-agent/src/main/java/com/xasecure/authorization/hive/XaHiveObjectAccessInfo.java
+++ /dev/null
@@ -1,240 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- * 
- * http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
- package com.xasecure.authorization.hive;
-
-import java.util.ArrayList;
-import java.util.List;
-
-import com.xasecure.authorization.utils.StringUtil;
-
-public class XaHiveObjectAccessInfo {
-	public enum HiveObjectType { NONE, DATABASE, TABLE, VIEW, PARTITION, INDEX, COLUMN, FUNCTION, URI };
-	public enum HiveAccessType { NONE, CREATE, ALTER, DROP, INDEX, LOCK, SELECT, UPDATE, USE, ALL, ADMIN };
-
-	private String              mOperType         = null;
-	private XaHiveAccessContext mContext          = null;
-	private HiveAccessType      mAccessType       = HiveAccessType.NONE;
-	private HiveObjectType      mObjectType       = HiveObjectType.NONE;
-	private String              mDatabase         = null;
-	private String              mTable            = null;
-	private String              mView             = null;
-	private String              mPartition        = null;
-	private String              mIndex            = null;
-	private List<String>        mColumns          = null;
-	private String              mFunction         = null;
-	private String              mUri              = null;
-	private String              mDeniedObjectName = null;
-
-	public XaHiveObjectAccessInfo(String operType, XaHiveAccessContext context, HiveAccessType accessType, String dbName) {
-		this(operType, context, accessType, dbName, null, HiveObjectType.DATABASE, dbName);
-	}
-
-	public XaHiveObjectAccessInfo(String operType, XaHiveAccessContext context, HiveAccessType accessType, String dbName, String tblName) {
-		this(operType, context, accessType, dbName, tblName, HiveObjectType.TABLE, tblName);
-	}
-
-	public XaHiveObjectAccessInfo(String operType, XaHiveAccessContext context, HiveAccessType accessType, String dbName, HiveObjectType objType, String objName) {
-		this(operType, context, accessType, dbName, null, objType, objName);
-	}
-
-	public XaHiveObjectAccessInfo(String operType, XaHiveAccessContext context, HiveAccessType accessType, HiveObjectType objType, String objName) {
-		this(operType, context, accessType, null, null, objType, objName);
-	}
-
-	public XaHiveObjectAccessInfo(String operType, XaHiveAccessContext context, HiveAccessType accessType, String dbName, String tblOrViewName, List<String> columns) {
-		mOperType    = operType;
-		mContext     = context;
-		mAccessType  = accessType;
-		mObjectType  = HiveObjectType.COLUMN;
-		mDatabase    = dbName;
-		mTable       = tblOrViewName;
-		mView        = tblOrViewName;
-		mColumns     = columns;
-	}
-
-	public XaHiveObjectAccessInfo(String operType, XaHiveAccessContext context, HiveAccessType accessType, String dbName, String tblName, HiveObjectType objType, String objName) {
-		mOperType    = operType;
-		mContext     = context;
-		mAccessType  = accessType;
-		mObjectType  = objType;
-		mDatabase    = dbName;
-		mTable       = tblName;
-		mView        = tblName;
-
-		if(objName != null && ! objName.trim().isEmpty()) {
-			switch(objType) {
-				case DATABASE:
-					mDatabase = objName;
-				break;
-
-				case TABLE:
-					mTable = objName;
-				break;
-
-				case VIEW:
-					mView = objName;
-				break;
-
-				case PARTITION:
-					mPartition = objName;
-				break;
-
-				case INDEX:
-					mIndex = objName;
-				break;
-
-				case COLUMN:
-					mColumns = new ArrayList<String>();
-					mColumns.add(objName);
-				break;
-
-				case FUNCTION:
-					mFunction = objName;
-				break;
-
-				case URI:
-					mUri = objName;
-				break;
-
-				case NONE:
-				break;
-			}
-		}
-	}
-
-	public String getOperType() {
-		return mOperType;
-	}
-
-	public XaHiveAccessContext getContext() {
-		return mContext;
-	}
-
-	public HiveAccessType getAccessType() {
-		return mAccessType;
-	}
-
-	public HiveObjectType getObjectType() {
-		return mObjectType;
-	}
-
-	public String getDatabase() {
-		return mDatabase;
-	}
-
-	public String getTable() {
-		return mTable;
-	}
-
-	public String getView() {
-		return mView;
-	}
-
-	public String getPartition() { 
-		return mPartition;
-	}
-
-	public String getIndex() {
-		return mIndex;
-	}
-
-	public List<String> getColumns() {
-		return mColumns;
-	}
-
-	public String getFunction() {
-		return mFunction;
-	}
-
-	public String getUri() {
-		return mUri;
-	}
-
-	public void setDeinedObjectName(String deniedObjectName) {
-		mDeniedObjectName = deniedObjectName;
-	}
-
-	public String getDeinedObjectName() {
-		return mDeniedObjectName;
-	}
-
-	public String getObjectName() {
-        String objName = null;
-
-        if(this.mObjectType == HiveObjectType.URI) {
-            objName = mUri;
-        } else {
-            String tblName = null;
-            String colName = null;
-
-            if(! StringUtil.isEmpty(mTable))
-                tblName = mTable;
-            else if(! StringUtil.isEmpty(mView))
-                tblName = mView;
-            else if(! StringUtil.isEmpty(mFunction))
-                tblName = mFunction;
-
-            if(! StringUtil.isEmpty(mColumns))
-                colName = StringUtil.toString(mColumns);
-            else if(! StringUtil.isEmpty(mIndex))
-                colName = mIndex;
-
-            objName = getObjectName(mDatabase, tblName, colName);
-        }
-
-		return objName;
-	}
-	
-	public static String getObjectName(String dbName, String tblName, String colName) {
-		String objName = StringUtil.isEmpty(dbName) ? "" : dbName;
-		
-		if(!StringUtil.isEmpty(tblName)) {
-			objName += ("/" + tblName);
-			
-			if(!StringUtil.isEmpty(colName)) {
-				objName += ("/" + colName);
-			}
-		}
-
-		return objName;
-	}
-
-	@Override
-	public boolean equals(Object obj) {
-		boolean ret = false;
-		
-		if(obj != null && obj instanceof XaHiveObjectAccessInfo) {
-			XaHiveObjectAccessInfo that = (XaHiveObjectAccessInfo)obj;
-			
-			ret =  StringUtil.equalsIgnoreCase(mOperType, that.mOperType)
-				&& mAccessType == that.mAccessType
-				&& mObjectType == that.mObjectType
-				&& StringUtil.equalsIgnoreCase(mDatabase, that.mDatabase)
-				&& StringUtil.equalsIgnoreCase(mTable, that.mTable)
-				&& StringUtil.equalsIgnoreCase(mView, that.mView)
-				&& StringUtil.equalsIgnoreCase(mPartition, that.mPartition)
-				&& StringUtil.equalsIgnoreCase(mIndex, that.mIndex)
-				&& StringUtil.equalsIgnoreCase(mColumns, that.mColumns)
-				  ;
-		}
-		
-		return ret;
-	}
-}

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/413fcb68/hive-agent/src/main/java/com/xasecure/authorization/hive/authorizer/XaSecureHiveAuthorizer.java
----------------------------------------------------------------------
diff --git a/hive-agent/src/main/java/com/xasecure/authorization/hive/authorizer/XaSecureHiveAuthorizer.java b/hive-agent/src/main/java/com/xasecure/authorization/hive/authorizer/XaSecureHiveAuthorizer.java
deleted file mode 100644
index 2c2dd80..0000000
--- a/hive-agent/src/main/java/com/xasecure/authorization/hive/authorizer/XaSecureHiveAuthorizer.java
+++ /dev/null
@@ -1,850 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- * 
- * http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
- package com.xasecure.authorization.hive.authorizer;
-
-import java.util.ArrayList;
-import java.util.List;
-
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-import org.apache.hadoop.fs.FileStatus;
-import org.apache.hadoop.fs.FileSystem;
-import org.apache.hadoop.fs.Path;
-import org.apache.hadoop.fs.permission.FsAction;
-import org.apache.hadoop.hive.common.FileUtils;
-import org.apache.hadoop.hive.conf.HiveConf;
-import org.apache.hadoop.hive.ql.security.HiveAuthenticationProvider;
-import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAccessControlException;
-import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzContext;
-import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzPluginException;
-import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzSessionContext;
-import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveMetastoreClientFactory;
-import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveOperationType;
-import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrincipal;
-import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilege;
-import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject;
-import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject.HivePrivObjectActionType;
-import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject.HivePrivilegeObjectType;
-import org.apache.hadoop.security.UserGroupInformation;
-
-import com.xasecure.admin.client.XaAdminRESTClient;
-import com.xasecure.admin.client.datatype.GrantRevokeData;
-import com.xasecure.audit.model.EnumRepositoryType;
-import com.xasecure.audit.model.HiveAuditEvent;
-import com.xasecure.audit.provider.AuditProviderFactory;
-import com.xasecure.authorization.hadoop.config.XaSecureConfiguration;
-import com.xasecure.authorization.hadoop.constants.XaSecureHadoopConstants;
-import com.xasecure.authorization.hive.XaHiveAccessContext;
-import com.xasecure.authorization.hive.XaHiveAccessVerifier;
-import com.xasecure.authorization.hive.XaHiveAccessVerifierFactory;
-import com.xasecure.authorization.hive.XaHiveObjectAccessInfo;
-import com.xasecure.authorization.hive.XaHiveObjectAccessInfo.HiveAccessType;
-import com.xasecure.authorization.hive.XaHiveObjectAccessInfo.HiveObjectType;
-import com.xasecure.authorization.utils.StringUtil;
-
-public class XaSecureHiveAuthorizer extends XaSecureHiveAuthorizerBase {
-	private static final Log LOG = LogFactory.getLog(XaSecureHiveAuthorizer.class) ; 
-
-	private static final String XaSecureModuleName =  XaSecureConfiguration.getInstance().get(XaSecureHadoopConstants.AUDITLOG_XASECURE_MODULE_ACL_NAME_PROP , XaSecureHadoopConstants.DEFAULT_XASECURE_MODULE_ACL_NAME) ;
-	private static final String repositoryName     = XaSecureConfiguration.getInstance().get(XaSecureHadoopConstants.AUDITLOG_REPOSITORY_NAME_PROP);
-	private static final boolean UpdateXaPoliciesOnGrantRevoke = XaSecureConfiguration.getInstance().getBoolean(XaSecureHadoopConstants.HIVE_UPDATE_XAPOLICIES_ON_GRANT_REVOKE_PROP, XaSecureHadoopConstants.HIVE_UPDATE_XAPOLICIES_ON_GRANT_REVOKE_DEFAULT_VALUE);
-
-	private XaHiveAccessVerifier mHiveAccessVerifier = null ;
-
-
-	public XaSecureHiveAuthorizer(HiveMetastoreClientFactory metastoreClientFactory,
-								  HiveConf                   hiveConf,
-								  HiveAuthenticationProvider hiveAuthenticator,
-								  HiveAuthzSessionContext    sessionContext) {
-		super(metastoreClientFactory, hiveConf, hiveAuthenticator, sessionContext);
-
-		LOG.debug("XaSecureHiveAuthorizer.XaSecureHiveAuthorizer()");
-
-		mHiveAccessVerifier = XaHiveAccessVerifierFactory.getInstance() ;
-		
-		if(!XaSecureConfiguration.getInstance().isAuditInitDone()) {
-			if(sessionContext != null) {
-				AuditProviderFactory.ApplicationType appType = AuditProviderFactory.ApplicationType.Unknown;
-
-				switch(sessionContext.getClientType()) {
-					case HIVECLI:
-						appType = AuditProviderFactory.ApplicationType.HiveCLI;
-					break;
-
-					case HIVESERVER2:
-						appType = AuditProviderFactory.ApplicationType.HiveServer2;
-					break;
-				}
-
-				XaSecureConfiguration.getInstance().initAudit(appType);
-			}
-		}
-	}
-
-
-	/**
-	 * Grant privileges for principals on the object
-	 * @param hivePrincipals
-	 * @param hivePrivileges
-	 * @param hivePrivObject
-	 * @param grantorPrincipal
-	 * @param grantOption
-	 * @throws HiveAuthzPluginException
-	 * @throws HiveAccessControlException
-	 */
-	@Override
-	public void grantPrivileges(List<HivePrincipal> hivePrincipals,
-								List<HivePrivilege> hivePrivileges,
-								HivePrivilegeObject hivePrivObject,
-								HivePrincipal       grantorPrincipal,
-								boolean             grantOption)
-										throws HiveAuthzPluginException, HiveAccessControlException {
-		if(! UpdateXaPoliciesOnGrantRevoke) {
-			throw new HiveAuthzPluginException("GRANT/REVOKE not supported in Argus HiveAuthorizer. Please use Argus Security Admin to setup access control.");
-		}
-
-		boolean                isSuccess     = false;
-		XaHiveObjectAccessInfo objAccessInfo = getObjectAccessInfo(HiveOperationType.GRANT_PRIVILEGE, hivePrivObject, new XaHiveAccessContext(null, getHiveAuthzSessionContext()), true);
-
-		try {
-			GrantRevokeData grData = createGrantRevokeData(objAccessInfo, hivePrincipals, hivePrivileges, getGrantorUsername(grantorPrincipal), grantOption);
-
-			if(LOG.isDebugEnabled()) {
-				LOG.debug("grantPrivileges(): " + grData.toJson());
-			}
-
-			XaAdminRESTClient xaAdmin = new XaAdminRESTClient();
-
-		    xaAdmin.grantPrivilege(grData);
-
-		    isSuccess = true;
-		} catch(Exception excp) {
-			throw new HiveAccessControlException(excp);
-		} finally {
-			if(mHiveAccessVerifier.isAudited(objAccessInfo)) {
-				UserGroupInformation ugi = this.getCurrentUserGroupInfo();
-
-				// Note: failed return from REST call will be logged as 'DENIED'
-				logAuditEvent(ugi, objAccessInfo, isSuccess);
-			}
-		}
-	}
-
-	/**
-	 * Revoke privileges for principals on the object
-	 * @param hivePrincipals
-	 * @param hivePrivileges
-	 * @param hivePrivObject
-	 * @param grantorPrincipal
-	 * @param grantOption
-	 * @throws HiveAuthzPluginException
-	 * @throws HiveAccessControlException
-	 */
-	@Override
-	public void revokePrivileges(List<HivePrincipal> hivePrincipals,
-								 List<HivePrivilege> hivePrivileges,
-								 HivePrivilegeObject hivePrivObject,
-								 HivePrincipal       grantorPrincipal,
-								 boolean             grantOption)
-										 throws HiveAuthzPluginException, HiveAccessControlException {
-		if(! UpdateXaPoliciesOnGrantRevoke) {
-			throw new HiveAuthzPluginException("GRANT/REVOKE not supported in Argus HiveAuthorizer. Please use Argus Security Admin to setup access control.");
-		}
-
-		boolean                isSuccess     = false;
-		XaHiveObjectAccessInfo objAccessInfo = getObjectAccessInfo(HiveOperationType.REVOKE_PRIVILEGE, hivePrivObject, new XaHiveAccessContext(null, getHiveAuthzSessionContext()), true);
-
-		try {
-			GrantRevokeData grData = createGrantRevokeData(objAccessInfo, hivePrincipals, hivePrivileges, getGrantorUsername(grantorPrincipal), grantOption);
-
-			if(LOG.isDebugEnabled()) {
-				LOG.debug("revokePrivileges(): " + grData.toJson());
-			}
-
-			XaAdminRESTClient xaAdmin = new XaAdminRESTClient();
-
-		    xaAdmin.revokePrivilege(grData);
-
-		    isSuccess = true;
-		} catch(Exception excp) {
-			throw new HiveAccessControlException(excp);
-		} finally {
-			if(mHiveAccessVerifier.isAudited(objAccessInfo)) {
-				UserGroupInformation ugi = this.getCurrentUserGroupInfo();
-
-				// Note: failed return from REST call will be logged as 'DENIED'
-				logAuditEvent(ugi, objAccessInfo, isSuccess);
-			}
-		}
-	}
-
-	/**
-	 * Check if user has privileges to do this action on these objects
-	 * @param hiveOpType
-	 * @param inputsHObjs
-	 * @param outputHObjs
-	 * @param context
-	 * @throws HiveAuthzPluginException
-	 * @throws HiveAccessControlException
-	 */
-	@Override
-	public void checkPrivileges(HiveOperationType         hiveOpType,
-								List<HivePrivilegeObject> inputHObjs,
-							    List<HivePrivilegeObject> outputHObjs,
-							    HiveAuthzContext          context)
-		      throws HiveAuthzPluginException, HiveAccessControlException {
-
-		UserGroupInformation ugi =  this.getCurrentUserGroupInfo();
-
-		if(ugi == null) {
-			throw new HiveAccessControlException("Permission denied: user information not available");
-		}
-
-		XaHiveAccessContext hiveContext = this.getAccessContext(context);
-
-		if(LOG.isDebugEnabled()) {
-			LOG.debug(toString(hiveOpType, inputHObjs, outputHObjs, hiveContext));
-		}
-		
-		if(hiveOpType == HiveOperationType.DFS) {
-			handleDfsCommand(hiveOpType, inputHObjs, outputHObjs, hiveContext);
-			
-			return;
-		}
-
-		List<XaHiveObjectAccessInfo> objAccessList = getObjectAccessInfo(hiveOpType, inputHObjs, outputHObjs, hiveContext);
-
-		for(XaHiveObjectAccessInfo objAccessInfo : objAccessList) {
-            boolean ret = false;
-
-            if(objAccessInfo.getObjectType() == HiveObjectType.URI) {
-                ret = isURIAccessAllowed(ugi, objAccessInfo.getAccessType(), objAccessInfo.getUri(), getHiveConf());
-            } else if(objAccessInfo.getAccessType() != HiveAccessType.ADMIN) {
-                ret = mHiveAccessVerifier.isAccessAllowed(ugi, objAccessInfo);
-            }
-
-			if(! ret) {
-				if(mHiveAccessVerifier.isAudited(objAccessInfo)) {
-					logAuditEvent(ugi, objAccessInfo, false);
-				}
-				
-				String deniedObjectName = objAccessInfo.getDeinedObjectName();
-				
-				if(StringUtil.isEmpty(deniedObjectName)) {
-					deniedObjectName = objAccessInfo.getObjectName();
-				}
-
-				throw new HiveAccessControlException(String.format("Permission denied: user [%s] does not have [%s] privilege on [%s]",
-													 ugi.getShortUserName(), objAccessInfo.getAccessType().name(), deniedObjectName));
-			}
-		}
-
-		// access is allowed; audit all accesses
-		for(XaHiveObjectAccessInfo objAccessInfo : objAccessList) {
-			if(mHiveAccessVerifier.isAudited(objAccessInfo)) {
-				logAuditEvent(ugi, objAccessInfo, true);
-			}
-		}
-	}
-	
-	private List<XaHiveObjectAccessInfo> getObjectAccessInfo(HiveOperationType       hiveOpType,
-														   List<HivePrivilegeObject> inputsHObjs,
-														   List<HivePrivilegeObject> outputHObjs,
-														   XaHiveAccessContext       context) {
-		List<XaHiveObjectAccessInfo> ret = new ArrayList<XaHiveObjectAccessInfo>();
-
-		if(inputsHObjs != null) {
-			for(HivePrivilegeObject hiveObj : inputsHObjs) {
-				XaHiveObjectAccessInfo hiveAccessObj = getObjectAccessInfo(hiveOpType, hiveObj, context, true);
-				
-				if(   hiveAccessObj != null
-				   && hiveAccessObj.getAccessType() != HiveAccessType.ADMIN // access check is performed at the Argus policy server, as a part of updating the permissions
-				   && !ret.contains(hiveAccessObj)) {
-					ret.add(hiveAccessObj);
-				}
-			}
-		}
-
-		if(outputHObjs != null) {
-			for(HivePrivilegeObject hiveObj : outputHObjs) {
-				XaHiveObjectAccessInfo hiveAccessObj = getObjectAccessInfo(hiveOpType, hiveObj, context, false);
-				
-				if(   hiveAccessObj != null
-				   && hiveAccessObj.getAccessType() != HiveAccessType.ADMIN // access check is performed at the Argus policy server, as a part of updating the permissions
-				   && !ret.contains(hiveAccessObj)) {
-					ret.add(hiveAccessObj);
-				}
-			}
-		}
-
-		if(ret.size() == 0 && LOG.isDebugEnabled()) {
-			LOG.debug("getObjectAccessInfo(): no objects found for access check! " + toString(hiveOpType, inputsHObjs, outputHObjs, context));
-		}
-		
-		return ret;
-	}
-
-	private XaHiveObjectAccessInfo getObjectAccessInfo(HiveOperationType hiveOpType, HivePrivilegeObject hiveObj, XaHiveAccessContext context, boolean isInput) {
-		XaHiveObjectAccessInfo ret = null;
-
-		HiveObjectType objectType = getObjectType(hiveObj, hiveOpType);
-		HiveAccessType accessType = getAccessType(hiveObj, hiveOpType, isInput);
-		String         operType   = hiveOpType.name();
-
-		switch(objectType) {
-			case DATABASE:
-				ret = new XaHiveObjectAccessInfo(operType, context, accessType, hiveObj.getDbname());
-			break;
-	
-			case TABLE:
-				ret = new XaHiveObjectAccessInfo(operType, context, accessType, hiveObj.getDbname(), HiveObjectType.TABLE, hiveObj.getObjectName());
-			break;
-	
-			case VIEW:
-				ret = new XaHiveObjectAccessInfo(operType, context, accessType, hiveObj.getDbname(), HiveObjectType.VIEW, hiveObj.getObjectName());
-			break;
-	
-			case PARTITION:
-				ret = new XaHiveObjectAccessInfo(operType, context, accessType, hiveObj.getDbname(), HiveObjectType.PARTITION, hiveObj.getObjectName());
-			break;
-	
-			case INDEX:
-				String indexName = "?"; // TODO:
-				ret = new XaHiveObjectAccessInfo(operType, context, accessType, hiveObj.getDbname(), hiveObj.getObjectName(), HiveObjectType.INDEX, indexName);
-			break;
-	
-			case COLUMN:
-				ret = new XaHiveObjectAccessInfo(operType, context, accessType, hiveObj.getDbname(), hiveObj.getObjectName(), hiveObj.getColumns());
-			break;
-
-			case FUNCTION:
-				ret = new XaHiveObjectAccessInfo(operType, context, accessType, hiveObj.getDbname(), HiveObjectType.FUNCTION, hiveObj.getObjectName());
-			break;
-
-            case URI:
-                ret = new XaHiveObjectAccessInfo(operType, context, accessType, HiveObjectType.URI, hiveObj.getObjectName());
-            break;
-
-			case NONE:
-			break;
-		}
-
-		return ret;
-	}
-
-	private HiveObjectType getObjectType(HivePrivilegeObject hiveObj, HiveOperationType hiveOpType) {
-		HiveObjectType objType = HiveObjectType.NONE;
-
-		switch(hiveObj.getType()) {
-			case DATABASE:
-				objType = HiveObjectType.DATABASE;
-			break;
-
-			case PARTITION:
-				objType = HiveObjectType.PARTITION;
-			break;
-
-			case TABLE_OR_VIEW:
-				String hiveOpTypeName = hiveOpType.name().toLowerCase();
-				if(hiveOpTypeName.contains("index")) {
-					objType = HiveObjectType.INDEX;
-				} else if(! StringUtil.isEmpty(hiveObj.getColumns())) {
-					objType = HiveObjectType.COLUMN;
-				} else if(hiveOpTypeName.contains("view")) {
-					objType = HiveObjectType.VIEW;
-				} else {
-					objType = HiveObjectType.TABLE;
-				}
-			break;
-
-			case FUNCTION:
-				objType = HiveObjectType.FUNCTION;
-			break;
-
-			case DFS_URI:
-			case LOCAL_URI:
-                objType = HiveObjectType.URI;
-            break;
-
-			case COMMAND_PARAMS:
-			case GLOBAL:
-			break;
-
-			case COLUMN:
-				// Thejas: this value is unused in Hive; the case should not be hit.
-			break;
-		}
-
-		return objType;
-	}
-	
-	private HiveAccessType getAccessType(HivePrivilegeObject hiveObj, HiveOperationType hiveOpType, boolean isInput) {
-		HiveAccessType           accessType       = HiveAccessType.NONE;
-		HivePrivObjectActionType objectActionType = hiveObj.getActionType();
-		
-		switch(objectActionType) {
-			case INSERT:
-			case INSERT_OVERWRITE:
-			case UPDATE:
-			case DELETE:
-				accessType = HiveAccessType.UPDATE;
-			break;
-			case OTHER:
-			switch(hiveOpType) {
-				case CREATEDATABASE:
-					if(hiveObj.getType() == HivePrivilegeObjectType.DATABASE) {
-						accessType = HiveAccessType.CREATE;
-					}
-				break;
-
-				case CREATEFUNCTION:
-					if(hiveObj.getType() == HivePrivilegeObjectType.FUNCTION) {
-						accessType = HiveAccessType.CREATE;
-					}
-				break;
-
-				case CREATETABLE:
-				case CREATEVIEW:
-				case CREATETABLE_AS_SELECT:
-					if(hiveObj.getType() == HivePrivilegeObjectType.TABLE_OR_VIEW) {
-						accessType = isInput ? HiveAccessType.SELECT : HiveAccessType.CREATE;
-					}
-				break;
-
-				case ALTERDATABASE:
-				case ALTERDATABASE_OWNER:
-				case ALTERINDEX_PROPS:
-				case ALTERINDEX_REBUILD:
-				case ALTERPARTITION_BUCKETNUM:
-				case ALTERPARTITION_FILEFORMAT:
-				case ALTERPARTITION_LOCATION:
-				case ALTERPARTITION_MERGEFILES:
-				case ALTERPARTITION_PROTECTMODE:
-				case ALTERPARTITION_SERDEPROPERTIES:
-				case ALTERPARTITION_SERIALIZER:
-				case ALTERTABLE_ADDCOLS:
-				case ALTERTABLE_ADDPARTS:
-				case ALTERTABLE_ARCHIVE:
-				case ALTERTABLE_BUCKETNUM:
-				case ALTERTABLE_CLUSTER_SORT:
-				case ALTERTABLE_COMPACT:
-				case ALTERTABLE_DROPPARTS:
-				case ALTERTABLE_FILEFORMAT:
-				case ALTERTABLE_LOCATION:
-				case ALTERTABLE_MERGEFILES:
-				case ALTERTABLE_PARTCOLTYPE:
-				case ALTERTABLE_PROPERTIES:
-				case ALTERTABLE_PROTECTMODE:
-				case ALTERTABLE_RENAME:
-				case ALTERTABLE_RENAMECOL:
-				case ALTERTABLE_RENAMEPART:
-				case ALTERTABLE_REPLACECOLS:
-				case ALTERTABLE_SERDEPROPERTIES:
-				case ALTERTABLE_SERIALIZER:
-				case ALTERTABLE_SKEWED:
-				case ALTERTABLE_TOUCH:
-				case ALTERTABLE_UNARCHIVE:
-				case ALTERTABLE_UPDATEPARTSTATS:
-				case ALTERTABLE_UPDATETABLESTATS:
-				case ALTERTBLPART_SKEWED_LOCATION:
-				case ALTERVIEW_AS:
-				case ALTERVIEW_PROPERTIES:
-				case ALTERVIEW_RENAME:
-				case DROPVIEW_PROPERTIES:
-					accessType = HiveAccessType.ALTER;
-				break;
-
-				case DROPFUNCTION:
-				case DROPINDEX:
-				case DROPTABLE:
-				case DROPVIEW:
-				case DROPDATABASE:
-					accessType = HiveAccessType.DROP;
-				break;
-
-				case CREATEINDEX:
-					accessType = HiveAccessType.INDEX;
-				break;
-
-				case IMPORT:
-				case EXPORT:
-				case LOAD:
-					accessType = isInput ? HiveAccessType.SELECT : HiveAccessType.UPDATE;
-				break;
-
-				case LOCKDB:
-				case LOCKTABLE:
-				case UNLOCKDB:
-				case UNLOCKTABLE:
-					accessType = HiveAccessType.LOCK;
-				break;
-
-				case QUERY:
-				case SHOW_TABLESTATUS:
-				case SHOW_CREATETABLE:
-				case SHOWCOLUMNS:
-				case SHOWINDEXES:
-				case SHOWPARTITIONS:
-				case SHOW_TBLPROPERTIES:
-				case DESCTABLE:
-				case ANALYZE_TABLE:
-					accessType = HiveAccessType.SELECT;
-				break;
-
-				case SWITCHDATABASE:
-				case DESCDATABASE:
-					accessType = HiveAccessType.USE;
-				break;
-
-				case TRUNCATETABLE:
-					accessType = HiveAccessType.UPDATE;
-				break;
-
-				case GRANT_PRIVILEGE:
-				case REVOKE_PRIVILEGE:
-					accessType = HiveAccessType.ADMIN;
-				break;
-
-				case ADD:
-				case DELETE:
-				case COMPILE:
-				case CREATEMACRO:
-				case CREATEROLE:
-				case DESCFUNCTION:
-				case DFS:
-				case DROPMACRO:
-				case DROPROLE:
-				case EXPLAIN:
-				case GRANT_ROLE:
-				case MSCK:
-				case REVOKE_ROLE:
-				case RESET:
-				case SET:
-				case SHOWCONF:
-				case SHOWDATABASES:
-				case SHOWFUNCTIONS:
-				case SHOWLOCKS:
-				case SHOWTABLES:
-				case SHOW_COMPACTIONS:
-				case SHOW_GRANT:
-				case SHOW_ROLES:
-				case SHOW_ROLE_GRANT:
-				case SHOW_ROLE_PRINCIPALS:
-				case SHOW_TRANSACTIONS:
-				break;
-			}
-			break;
-		}
-		
-		return accessType;
-	}
-
-    private boolean isURIAccessAllowed(UserGroupInformation ugi, HiveAccessType accessType, String uri, HiveConf conf) {
-        boolean ret = false;
-
-        FsAction action = FsAction.NONE;
-
-        switch(accessType) {
-            case ALTER:
-            case CREATE:
-            case UPDATE:
-            case DROP:
-            case INDEX:
-            case LOCK:
-            case ADMIN:
-    		case ALL:
-                action = FsAction.WRITE;
-            break;
-
-            case SELECT:
-            case USE:
-                action = FsAction.READ;
-            break;
-
-            case NONE:
-            break;
-        }
-
-        if(action == FsAction.NONE) {
-            ret = true;
-        } else {
-            try {
-                Path       filePath   = new Path(uri);
-                FileSystem fs         = FileSystem.get(filePath.toUri(), conf);
-                Path       path       = FileUtils.getPathOrParentThatExists(fs, filePath);
-                FileStatus fileStatus = fs.getFileStatus(path);
-                String     userName   = ugi.getShortUserName();
-
-                if (FileUtils.isOwnerOfFileHierarchy(fs, fileStatus, userName)) {
-                    ret = true;
-                } else {
-                    ret = FileUtils.isActionPermittedForFileHierarchy(fs, fileStatus, userName, action);
-                }
-            } catch(Exception excp) {
-                LOG.error("Error getting permissions for " + uri, excp);
-            }
-        }
-
-        return ret;
-    }
-
-	private void handleDfsCommand(HiveOperationType         hiveOpType,
-								  List<HivePrivilegeObject> inputHObjs,
-							      List<HivePrivilegeObject> outputHObjs,
-							      XaHiveAccessContext       context)
-	      throws HiveAuthzPluginException, HiveAccessControlException {
-
-		String dfsCommandParams = null;
-
-		if(inputHObjs != null) {
-			for(HivePrivilegeObject hiveObj : inputHObjs) {
-				if(hiveObj.getType() == HivePrivilegeObjectType.COMMAND_PARAMS) {
-					dfsCommandParams = StringUtil.toString(hiveObj.getCommandParams());
-
-					if(! StringUtil.isEmpty(dfsCommandParams)) {
-						break;
-					}
-				}
-			}
-		}
-
-		UserGroupInformation ugi = this.getCurrentUserGroupInfo();
-
-		logAuditEventForDfs(ugi, dfsCommandParams, false);
-
-		throw new HiveAccessControlException(String.format("Permission denied: user [%s] does not have privilege for [%s] command",
-											 ugi.getShortUserName(), hiveOpType.name()));
-	}
-	
-	private String getGrantorUsername(HivePrincipal grantorPrincipal) {
-		String grantor = grantorPrincipal != null ? grantorPrincipal.getName() : null;
-
-		if(StringUtil.isEmpty(grantor)) {
-			UserGroupInformation ugi = this.getCurrentUserGroupInfo();
-
-			grantor = ugi != null ? ugi.getShortUserName() : null;
-		}
-
-		return grantor;
-	}
-
-	private GrantRevokeData createGrantRevokeData(XaHiveObjectAccessInfo objAccessInfo,
-												  List<HivePrincipal>    hivePrincipals,
-												  List<HivePrivilege>    hivePrivileges,
-												  String                 grantor,
-												  boolean                grantOption)
-														  throws HiveAccessControlException {
-		if(objAccessInfo == null ||
-		  ! (   objAccessInfo.getObjectType() == HiveObjectType.DATABASE
-		     || objAccessInfo.getObjectType() == HiveObjectType.TABLE
-		     || objAccessInfo.getObjectType() == HiveObjectType.VIEW
-		     || objAccessInfo.getObjectType() == HiveObjectType.COLUMN
-		   )
-		  ) {
-			throw new HiveAccessControlException("grantPrivileges(): unexpected object type '" + objAccessInfo.getObjectType().name());
-		}
-
-		String database = objAccessInfo.getDatabase();
-		String table    = objAccessInfo.getObjectType() == HiveObjectType.VIEW ? objAccessInfo.getView() : objAccessInfo.getTable();
-		String columns  = StringUtil.toString(objAccessInfo.getColumns());
-
-		GrantRevokeData.PermMap permMap = new GrantRevokeData.PermMap ();
-
-		for(HivePrivilege privilege : hivePrivileges) {
-			String privName = privilege.getName();
-
-			if(StringUtil.equalsIgnoreCase(privName, HiveAccessType.ALL.name())) {
-				permMap.addPerm(HiveAccessType.ALL.name());
-			} else if(StringUtil.equalsIgnoreCase(privName, HiveAccessType.ALTER.name())) {
-				permMap.addPerm(HiveAccessType.ALTER.name());
-			} else if(StringUtil.equalsIgnoreCase(privName, HiveAccessType.CREATE.name())) {
-				permMap.addPerm(HiveAccessType.CREATE.name());
-			} else if(StringUtil.equalsIgnoreCase(privName, HiveAccessType.DROP.name())) {
-				permMap.addPerm(HiveAccessType.DROP.name());
-			} else if(StringUtil.equalsIgnoreCase(privName, HiveAccessType.INDEX.name())) {
-				permMap.addPerm(HiveAccessType.INDEX.name());
-			} else if(StringUtil.equalsIgnoreCase(privName, HiveAccessType.LOCK.name())) {
-				permMap.addPerm(HiveAccessType.LOCK.name());
-			} else if(StringUtil.equalsIgnoreCase(privName, HiveAccessType.SELECT.name())) {
-				permMap.addPerm(HiveAccessType.SELECT.name());
-			} else if(StringUtil.equalsIgnoreCase(privName, HiveAccessType.UPDATE.name())) {
-				permMap.addPerm(HiveAccessType.UPDATE.name());
-			}
-		}
-
-		if(grantOption) {
-			permMap.addPerm(HiveAccessType.ADMIN.name());
-		}
-
-		for(HivePrincipal principal : hivePrincipals) {
-			switch(principal.getType()) {
-				case USER:
-					permMap.addUser(principal.getName());
-				break;
-
-				case GROUP:
-				case ROLE:
-					permMap.addGroup(principal.getName());
-				break;
-
-				default:
-				break;
-			}
-		}
-
-		GrantRevokeData grData = new GrantRevokeData();
-
-		grData.setHiveData(grantor, repositoryName, database, table, columns, permMap);
-
-		return grData;
-	}
-
-    private void logAuditEventForDfs(UserGroupInformation ugi, String dfsCommand, boolean accessGranted) {
-		HiveAuditEvent auditEvent = new HiveAuditEvent();
-
-		try {
-			auditEvent.setAclEnforcer(XaSecureModuleName);
-			auditEvent.setResourceType("@dfs"); // to be consistent with earlier release
-			auditEvent.setAccessType("DFS");
-			auditEvent.setAction("DFS");
-			auditEvent.setUser(ugi.getShortUserName());
-			auditEvent.setAccessResult((short)(accessGranted ? 1 : 0));
-			auditEvent.setEventTime(StringUtil.getUTCDate());
-			auditEvent.setRepositoryType(EnumRepositoryType.HIVE);
-			auditEvent.setRepositoryName(repositoryName) ;
-			auditEvent.setRequestData(dfsCommand);
-
-			auditEvent.setResourcePath(dfsCommand);
-		
-			if(LOG.isDebugEnabled()) {
-				LOG.debug("logAuditEvent [" + auditEvent + "] - START");
-			}
-
-			AuditProviderFactory.getAuditProvider().log(auditEvent);
-
-			if(LOG.isDebugEnabled()) {
-				LOG.debug("logAuditEvent [" + auditEvent + "] - END");
-			}
-		}
-		catch(Throwable t) {
-			LOG.error("ERROR logEvent [" + auditEvent + "]", t);
-		}
-    }
-
-	private void logAuditEvent(UserGroupInformation ugi, XaHiveObjectAccessInfo objAccessInfo, boolean accessGranted) {
-		HiveAuditEvent auditEvent = new HiveAuditEvent();
-
-		try {
-			auditEvent.setAclEnforcer(XaSecureModuleName);
-			auditEvent.setSessionId(objAccessInfo.getContext().getSessionString());
-			auditEvent.setResourceType("@" + StringUtil.toLower(objAccessInfo.getObjectType().name())); // to be consistent with earlier release
-			auditEvent.setAccessType(objAccessInfo.getAccessType().toString());
-			auditEvent.setAction(objAccessInfo.getOperType());
-			auditEvent.setUser(ugi.getShortUserName());
-			auditEvent.setAccessResult((short)(accessGranted ? 1 : 0));
-			auditEvent.setClientIP(objAccessInfo.getContext().getClientIpAddress());
-			auditEvent.setClientType(objAccessInfo.getContext().getClientType());
-			auditEvent.setEventTime(StringUtil.getUTCDate());
-			auditEvent.setRepositoryType(EnumRepositoryType.HIVE);
-			auditEvent.setRepositoryName(repositoryName) ;
-			auditEvent.setRequestData(objAccessInfo.getContext().getCommandString());
-
-			if(! accessGranted && !StringUtil.isEmpty(objAccessInfo.getDeinedObjectName())) {
-				auditEvent.setResourcePath(objAccessInfo.getDeinedObjectName());
-			} else {
-				auditEvent.setResourcePath(objAccessInfo.getObjectName());
-			}
-		
-			if(LOG.isDebugEnabled()) {
-				LOG.debug("logAuditEvent [" + auditEvent + "] - START");
-			}
-
-			AuditProviderFactory.getAuditProvider().log(auditEvent);
-
-			if(LOG.isDebugEnabled()) {
-				LOG.debug("logAuditEvent [" + auditEvent + "] - END");
-			}
-		}
-		catch(Throwable t) {
-			LOG.error("ERROR logEvent [" + auditEvent + "]", t);
-		}
-	}
-	
-	private String toString(HiveOperationType         hiveOpType,
-							List<HivePrivilegeObject> inputHObjs,
-							List<HivePrivilegeObject> outputHObjs,
-							XaHiveAccessContext       context) {
-		StringBuilder sb = new StringBuilder();
-		
-		sb.append("'checkPrivileges':{");
-		sb.append("'hiveOpType':").append(hiveOpType);
-
-		sb.append(", 'inputHObjs':[");
-		toString(inputHObjs, sb);
-		sb.append("]");
-
-		sb.append(", 'outputHObjs':[");
-		toString(outputHObjs, sb);
-		sb.append("]");
-
-		sb.append(", 'context':{");
-		if(context != null) {
-			sb.append("'clientType':").append(context.getClientType());
-			sb.append(", 'commandString':").append(context.getCommandString());
-			sb.append(", 'ipAddress':").append(context.getClientIpAddress());
-			sb.append(", 'sessionString':").append(context.getSessionString());
-		}
-		sb.append("}");
-
-		sb.append(", 'user':").append(this.getCurrentUserGroupInfo().getUserName());
-		sb.append(", 'groups':[").append(StringUtil.toString(this.getCurrentUserGroupInfo().getGroupNames())).append("]");
-
-		sb.append("}");
-
-		return sb.toString();
-	}
-
-	private StringBuilder toString(List<HivePrivilegeObject> privObjs, StringBuilder sb) {
-		if(privObjs != null && privObjs.size() > 0) {
-			toString(privObjs.get(0), sb);
-			for(int i = 1; i < privObjs.size(); i++) {
-				sb.append(",");
-				toString(privObjs.get(i), sb);
-			}
-		}
-		
-		return sb;
-	}
-
-	private StringBuilder toString(HivePrivilegeObject privObj, StringBuilder sb) {
-		sb.append("'HivePrivilegeObject':{");
-		sb.append("'type':").append(privObj.getType().toString());
-		sb.append(", 'dbName':").append(privObj.getDbname());
-		sb.append(", 'objectType':").append(privObj.getType());
-		sb.append(", 'objectName':").append(privObj.getObjectName());
-		sb.append(", 'columns':[").append(StringUtil.toString(privObj.getColumns())).append("]");
-		sb.append(", 'partKeys':[").append(StringUtil.toString(privObj.getPartKeys())).append("]");
-		sb.append(", 'commandParams':[").append(StringUtil.toString(privObj.getCommandParams())).append("]");
-		sb.append(", 'actionType':").append(privObj.getActionType().toString());
-		sb.append("}");
-
-		return sb;
-	}
-}

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/413fcb68/hive-agent/src/main/java/com/xasecure/authorization/hive/authorizer/XaSecureHiveAuthorizerBase.java
----------------------------------------------------------------------
diff --git a/hive-agent/src/main/java/com/xasecure/authorization/hive/authorizer/XaSecureHiveAuthorizerBase.java b/hive-agent/src/main/java/com/xasecure/authorization/hive/authorizer/XaSecureHiveAuthorizerBase.java
deleted file mode 100644
index 8a63035..0000000
--- a/hive-agent/src/main/java/com/xasecure/authorization/hive/authorizer/XaSecureHiveAuthorizerBase.java
+++ /dev/null
@@ -1,231 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- * 
- * http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
- package com.xasecure.authorization.hive.authorizer;
-
-import java.util.List;
-
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-import org.apache.hadoop.hive.conf.HiveConf;
-import org.apache.hadoop.hive.conf.HiveConf.ConfVars;
-import org.apache.hadoop.hive.ql.security.HiveAuthenticationProvider;
-import org.apache.hadoop.hive.ql.security.authorization.plugin.DisallowTransformHook;
-import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAccessControlException;
-import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizer;
-import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzContext;
-import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzPluginException;
-import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzSessionContext;
-import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzSessionContext.CLIENT_TYPE;
-import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveMetastoreClientFactory;
-import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrincipal;
-import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeInfo;
-import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject;
-import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveRoleGrant;
-import org.apache.hadoop.hive.ql.security.authorization.plugin.SettableConfigUpdater;
-import org.apache.hadoop.security.UserGroupInformation;
-
-import com.xasecure.authorization.hive.XaHiveAccessContext;
-import com.xasecure.authorization.utils.StringUtil;
-
-public abstract class XaSecureHiveAuthorizerBase implements HiveAuthorizer {
-
-	private static final Log LOG = LogFactory.getLog(XaSecureHiveAuthorizerBase.class);
-
-	private HiveMetastoreClientFactory mMetastoreClientFactory;
-	private HiveConf                   mHiveConf;
-	private HiveAuthenticationProvider mHiveAuthenticator;
-	private HiveAuthzSessionContext    mSessionContext;
-	private UserGroupInformation       mUgi;
-	  
-	public XaSecureHiveAuthorizerBase(HiveMetastoreClientFactory metastoreClientFactory,
-									  HiveConf                   hiveConf,
-									  HiveAuthenticationProvider hiveAuthenticator,
-									  HiveAuthzSessionContext    context) {
-		mMetastoreClientFactory = metastoreClientFactory;
-		mHiveConf               = hiveConf;
-		mHiveAuthenticator      = hiveAuthenticator;
-		mSessionContext         = context;
-
-		String userName = mHiveAuthenticator == null ? null : mHiveAuthenticator.getUserName();
-
-		mUgi = userName == null ? null : UserGroupInformation.createRemoteUser(userName);
-
-		if(mHiveAuthenticator == null) {
-			LOG.warn("XaSecureHiveAuthorizerBase.XaSecureHiveAuthorizerBase(): hiveAuthenticator is null");
-		} else if(StringUtil.isEmpty(userName)) {
-			LOG.warn("XaSecureHiveAuthorizerBase.XaSecureHiveAuthorizerBase(): hiveAuthenticator.getUserName() returned null/empty");
-		} else if(mUgi == null) {
-			LOG.warn(String.format("XaSecureHiveAuthorizerBase.XaSecureHiveAuthorizerBase(): UserGroupInformation.createRemoteUser(%s) returned null", userName));
-		}
-	}
-
-	public HiveMetastoreClientFactory getMetastoreClientFactory() {
-		return mMetastoreClientFactory;
-	}
-
-	public HiveConf getHiveConf() {
-		return mHiveConf;
-	}
-
-	public HiveAuthenticationProvider getHiveAuthenticator() {
-		return mHiveAuthenticator;
-	}
-
-	public HiveAuthzSessionContext getHiveAuthzSessionContext() {
-		return mSessionContext;
-	}
-
-	public UserGroupInformation getCurrentUserGroupInfo() {
-		return mUgi;
-	}
-	
-	public XaHiveAccessContext getAccessContext(HiveAuthzContext context) {
-		return new XaHiveAccessContext(context, mSessionContext);
-	}
-
-	@Override
-	public void applyAuthorizationConfigPolicy(HiveConf hiveConf) throws HiveAuthzPluginException {
-		LOG.debug("XaSecureHiveAuthorizerBase.applyAuthorizationConfigPolicy()");
-
-		// from SQLStdHiveAccessController.applyAuthorizationConfigPolicy()
-		if (mSessionContext != null && mSessionContext.getClientType() == CLIENT_TYPE.HIVESERVER2) {
-			// Configure PREEXECHOOKS with DisallowTransformHook to disallow transform queries
-			String hooks = hiveConf.getVar(ConfVars.PREEXECHOOKS).trim();
-			if (hooks.isEmpty()) {
-				hooks = DisallowTransformHook.class.getName();
-			} else {
-				hooks = hooks + "," + DisallowTransformHook.class.getName();
-			}
-
-			hiveConf.setVar(ConfVars.PREEXECHOOKS, hooks);
-
-			SettableConfigUpdater.setHiveConfWhiteList(hiveConf);
-		}
-	}
-
-	/**
-	 * Show privileges for given principal on given object
-	 * @param principal
-	 * @param privObj
-	 * @return
-	 * @throws HiveAuthzPluginException
-	 * @throws HiveAccessControlException
-	 */
-	@Override
-	public List<HivePrivilegeInfo> showPrivileges(HivePrincipal principal, HivePrivilegeObject privObj) 
-			throws HiveAuthzPluginException, HiveAccessControlException {
-		LOG.debug("XaSecureHiveAuthorizerBase.showPrivileges()");
-
-		throwNotImplementedException("showPrivileges");
-
-		return null;
-	}
-
-	@Override
-	public void createRole(String roleName, HivePrincipal adminGrantor)
-			throws HiveAuthzPluginException, HiveAccessControlException {
-		LOG.debug("XaSecureHiveAuthorizerBase.createRole()");
-
-		throwNotImplementedException("createRole");
-	}
-
-	@Override
-	public void dropRole(String roleName)
-			throws HiveAuthzPluginException, HiveAccessControlException {
-		LOG.debug("XaSecureHiveAuthorizerBase.dropRole()");
-
-		throwNotImplementedException("dropRole");
-	}
-
-	@Override
-	public List<String> getAllRoles()
-			throws HiveAuthzPluginException, HiveAccessControlException {
-		LOG.debug("XaSecureHiveAuthorizerBase.getAllRoles()");
-
-		throwNotImplementedException("getAllRoles");
-
-		return null;
-	}
-
-	@Override
-	public List<String> getCurrentRoleNames() throws HiveAuthzPluginException {
-		LOG.debug("XaSecureHiveAuthorizerBase.getCurrentRoleNames()");
-
-		throwNotImplementedException("getCurrentRoleNames");
-
-		return null;
-	}
-
-	@Override
-	public List<HiveRoleGrant> getPrincipalGrantInfoForRole(String roleName)
-			throws HiveAuthzPluginException, HiveAccessControlException {
-		LOG.debug("XaSecureHiveAuthorizerBase.getPrincipalGrantInfoForRole()");
-
-		throwNotImplementedException("getPrincipalGrantInfoForRole");
-
-		return null;
-	}
-
-	@Override
-	public List<HiveRoleGrant> getRoleGrantInfoForPrincipal(HivePrincipal principal)
-			throws HiveAuthzPluginException, HiveAccessControlException {
-		LOG.debug("XaSecureHiveAuthorizerBase.getRoleGrantInfoForPrincipal()");
-
-		throwNotImplementedException("getRoleGrantInfoForPrincipal");
-
-		return null;
-	}
-
-	@Override
-	public VERSION getVersion() {
-		return VERSION.V1;
-	}
-
-	@Override
-	public void grantRole(List<HivePrincipal> hivePrincipals, List<String> roles,
-			boolean grantOption, HivePrincipal grantorPrinc)
-					throws HiveAuthzPluginException, HiveAccessControlException {
-		LOG.debug("XaSecureHiveAuthorizerBase.grantRole()");
-
-		throwNotImplementedException("grantRole");
-	}
-
-	@Override
-	public void revokeRole(List<HivePrincipal> hivePrincipals, List<String> roles,
-			boolean grantOption, HivePrincipal grantorPrinc)
-					throws HiveAuthzPluginException, HiveAccessControlException {
-		LOG.debug("XaSecureHiveAuthorizerBase.revokeRole()");
-
-		throwNotImplementedException("revokeRole");
-	}
-
-	@Override
-	public void setCurrentRole(String roleName)
-			throws HiveAccessControlException, HiveAuthzPluginException {
-		LOG.debug("XaSecureHiveAuthorizerBase.setCurrentRole()");
-
-		throwNotImplementedException("setCurrentRole");
-	}
-
-	private void throwNotImplementedException(String method) throws HiveAuthzPluginException {
-		throw new HiveAuthzPluginException(method + "() not implemented in Argus HiveAuthorizer");
-	}
-
-}

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/413fcb68/hive-agent/src/main/java/com/xasecure/authorization/hive/authorizer/XaSecureHiveAuthorizerFactory.java
----------------------------------------------------------------------
diff --git a/hive-agent/src/main/java/com/xasecure/authorization/hive/authorizer/XaSecureHiveAuthorizerFactory.java b/hive-agent/src/main/java/com/xasecure/authorization/hive/authorizer/XaSecureHiveAuthorizerFactory.java
deleted file mode 100644
index 50fd55c..0000000
--- a/hive-agent/src/main/java/com/xasecure/authorization/hive/authorizer/XaSecureHiveAuthorizerFactory.java
+++ /dev/null
@@ -1,39 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- * 
- * http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
- package com.xasecure.authorization.hive.authorizer;
-
-import org.apache.hadoop.hive.conf.HiveConf;
-import org.apache.hadoop.hive.ql.security.HiveAuthenticationProvider;
-import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizer;
-import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizerFactory;
-import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzPluginException;
-import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveMetastoreClientFactory;
-import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzSessionContext;
-
-public class XaSecureHiveAuthorizerFactory implements HiveAuthorizerFactory {
-	@Override
-	public HiveAuthorizer createHiveAuthorizer(HiveMetastoreClientFactory metastoreClientFactory,
-											   HiveConf                   conf,
-											   HiveAuthenticationProvider hiveAuthenticator,
-											   HiveAuthzSessionContext    sessionContext)
-													   throws HiveAuthzPluginException {
-		return new XaSecureHiveAuthorizer(metastoreClientFactory, conf, hiveAuthenticator, sessionContext);
-	}
-}

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/413fcb68/hive-agent/src/main/java/com/xasecure/authorization/hive/constants/XaSecureHiveConstants.java
----------------------------------------------------------------------
diff --git a/hive-agent/src/main/java/com/xasecure/authorization/hive/constants/XaSecureHiveConstants.java b/hive-agent/src/main/java/com/xasecure/authorization/hive/constants/XaSecureHiveConstants.java
deleted file mode 100644
index 45fbce0..0000000
--- a/hive-agent/src/main/java/com/xasecure/authorization/hive/constants/XaSecureHiveConstants.java
+++ /dev/null
@@ -1,28 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- * 
- * http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
- package com.xasecure.authorization.hive.constants;
-
-public final class XaSecureHiveConstants {
-	public static final String WILDCARD_OBJECT = "*" ;
-	public static final String HAS_ANY_PERMISSION = "any" ;
-	public static final String SHOW_META_INFO_PERMISSION = "show" ;
-	public static final String PUBLIC_ACCESS_ROLE = "public" ;
-
-}

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/413fcb68/hive-agent/src/main/java/org/apache/ranger/authorization/hive/RangerHiveAccessContext.java
----------------------------------------------------------------------
diff --git a/hive-agent/src/main/java/org/apache/ranger/authorization/hive/RangerHiveAccessContext.java b/hive-agent/src/main/java/org/apache/ranger/authorization/hive/RangerHiveAccessContext.java
new file mode 100644
index 0000000..50b0aa0
--- /dev/null
+++ b/hive-agent/src/main/java/org/apache/ranger/authorization/hive/RangerHiveAccessContext.java
@@ -0,0 +1,75 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ * 
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+ package org.apache.ranger.authorization.hive;
+
+import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzContext;
+import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzSessionContext;
+
+
+public class RangerHiveAccessContext {
+	private String mClientIpAddress;
+	private String mClientType;
+	private String mCommandString;
+	private String mSessionString;
+	
+	public RangerHiveAccessContext(HiveAuthzContext context, HiveAuthzSessionContext sessionContext) {
+		if(context != null) {
+			mClientIpAddress = context.getIpAddress();
+			mCommandString   = context.getCommandString();
+		}
+		
+		if(sessionContext != null) {
+			mClientType      = sessionContext.getClientType().name();
+			mSessionString   = sessionContext.getSessionString();
+		}
+	}
+
+	public String getClientIpAddress() {
+		return mClientIpAddress;
+	}
+
+	public void setClientIpAddress(String clientIpAddress) {
+		this.mClientIpAddress = clientIpAddress;
+	}
+
+	public String getClientType() {
+		return mClientType;
+	}
+
+	public void setClientType(String clientType) {
+		this.mClientType = clientType;
+	}
+
+	public String getCommandString() {
+		return mCommandString;
+	}
+
+	public void setCommandString(String commandString) {
+		this.mCommandString = commandString;
+	}
+
+	public String getSessionString() {
+		return mSessionString;
+	}
+
+	public void setSessionString(String sessionString) {
+		this.mSessionString = sessionString;
+	}
+}

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/413fcb68/hive-agent/src/main/java/org/apache/ranger/authorization/hive/RangerHiveAccessVerifier.java
----------------------------------------------------------------------
diff --git a/hive-agent/src/main/java/org/apache/ranger/authorization/hive/RangerHiveAccessVerifier.java b/hive-agent/src/main/java/org/apache/ranger/authorization/hive/RangerHiveAccessVerifier.java
new file mode 100644
index 0000000..ef4ad56
--- /dev/null
+++ b/hive-agent/src/main/java/org/apache/ranger/authorization/hive/RangerHiveAccessVerifier.java
@@ -0,0 +1,29 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ * 
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+ package org.apache.ranger.authorization.hive;
+
+import org.apache.hadoop.security.UserGroupInformation;
+
+
+public interface RangerHiveAccessVerifier {
+	public boolean isAccessAllowed(UserGroupInformation ugi, RangerHiveObjectAccessInfo objAccessInfo) ;
+	
+	public boolean isAudited(RangerHiveObjectAccessInfo objAccessInfo) ;
+}

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/413fcb68/hive-agent/src/main/java/org/apache/ranger/authorization/hive/RangerHiveAccessVerifierFactory.java
----------------------------------------------------------------------
diff --git a/hive-agent/src/main/java/org/apache/ranger/authorization/hive/RangerHiveAccessVerifierFactory.java b/hive-agent/src/main/java/org/apache/ranger/authorization/hive/RangerHiveAccessVerifierFactory.java
new file mode 100644
index 0000000..f02bfe8
--- /dev/null
+++ b/hive-agent/src/main/java/org/apache/ranger/authorization/hive/RangerHiveAccessVerifierFactory.java
@@ -0,0 +1,66 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ * 
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+ package org.apache.ranger.authorization.hive;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.ranger.authorization.hadoop.config.RangerConfiguration;
+import org.apache.ranger.authorization.hadoop.constants.RangerHadoopConstants;
+
+public class RangerHiveAccessVerifierFactory {
+
+	private static final Log LOG = LogFactory.getLog(RangerHiveAccessVerifierFactory.class) ;
+
+	private static RangerHiveAccessVerifier hiveAccessVerififer = null ;
+	
+	public static RangerHiveAccessVerifier getInstance() {
+		if (hiveAccessVerififer == null) {
+			synchronized(RangerHiveAccessVerifierFactory.class) {
+				RangerHiveAccessVerifier temp = hiveAccessVerififer ;
+				if (temp == null) {
+					String hiveAccessVerifierClassName = RangerConfiguration.getInstance().get(RangerHadoopConstants.HIVE_ACCESS_VERIFIER_CLASS_NAME_PROP, RangerHadoopConstants.HIVE_ACCESS_VERIFIER_CLASS_NAME_DEFAULT_VALUE ) ;
+
+					if (hiveAccessVerifierClassName != null) {
+						LOG.info("Hive Access Verification class [" + hiveAccessVerifierClassName + "] - Being built");
+						try {
+							hiveAccessVerififer = (RangerHiveAccessVerifier) (Class.forName(hiveAccessVerifierClassName).newInstance()) ;
+							LOG.info("Created a new instance of class: [" + hiveAccessVerifierClassName + "] for Hive Access verification.");
+						} catch (InstantiationException e) {
+							LOG.error("Unable to create HiveAccess Verifier: [" +  hiveAccessVerifierClassName + "]", e);
+						} catch (IllegalAccessException e) {
+							LOG.error("Unable to create HiveAccess Verifier: [" +  hiveAccessVerifierClassName + "]", e);
+						} catch (ClassNotFoundException e) {
+							LOG.error("Unable to create HiveAccess Verifier: [" +  hiveAccessVerifierClassName + "]", e);
+						} catch (Throwable t) {
+							LOG.error("Unable to create HiveAccess Verifier: [" +  hiveAccessVerifierClassName + "]", t);
+						}
+						finally {
+							LOG.info("Created a new instance of class: [" + hiveAccessVerifierClassName + "] for Hive Access verification. (" + hiveAccessVerififer + ")");
+						}
+					}
+				}
+				else {
+					LOG.error("Unable to obtain hiveAccessVerifier [" +  RangerHadoopConstants.HIVE_ACCESS_VERIFIER_CLASS_NAME_PROP + "]");
+				}
+			}
+		}
+		return hiveAccessVerififer ;
+	}
+}

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/413fcb68/hive-agent/src/main/java/org/apache/ranger/authorization/hive/RangerHiveObjectAccessInfo.java
----------------------------------------------------------------------
diff --git a/hive-agent/src/main/java/org/apache/ranger/authorization/hive/RangerHiveObjectAccessInfo.java b/hive-agent/src/main/java/org/apache/ranger/authorization/hive/RangerHiveObjectAccessInfo.java
new file mode 100644
index 0000000..73b5b57
--- /dev/null
+++ b/hive-agent/src/main/java/org/apache/ranger/authorization/hive/RangerHiveObjectAccessInfo.java
@@ -0,0 +1,240 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ * 
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+ package org.apache.ranger.authorization.hive;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import org.apache.ranger.authorization.utils.StringUtil;
+
+public class RangerHiveObjectAccessInfo {
+	public enum HiveObjectType { NONE, DATABASE, TABLE, VIEW, PARTITION, INDEX, COLUMN, FUNCTION, URI };
+	public enum HiveAccessType { NONE, CREATE, ALTER, DROP, INDEX, LOCK, SELECT, UPDATE, USE, ALL, ADMIN };
+
+	private String              mOperType         = null;
+	private RangerHiveAccessContext mContext          = null;
+	private HiveAccessType      mAccessType       = HiveAccessType.NONE;
+	private HiveObjectType      mObjectType       = HiveObjectType.NONE;
+	private String              mDatabase         = null;
+	private String              mTable            = null;
+	private String              mView             = null;
+	private String              mPartition        = null;
+	private String              mIndex            = null;
+	private List<String>        mColumns          = null;
+	private String              mFunction         = null;
+	private String              mUri              = null;
+	private String              mDeniedObjectName = null;
+
+	public RangerHiveObjectAccessInfo(String operType, RangerHiveAccessContext context, HiveAccessType accessType, String dbName) {
+		this(operType, context, accessType, dbName, null, HiveObjectType.DATABASE, dbName);
+	}
+
+	public RangerHiveObjectAccessInfo(String operType, RangerHiveAccessContext context, HiveAccessType accessType, String dbName, String tblName) {
+		this(operType, context, accessType, dbName, tblName, HiveObjectType.TABLE, tblName);
+	}
+
+	public RangerHiveObjectAccessInfo(String operType, RangerHiveAccessContext context, HiveAccessType accessType, String dbName, HiveObjectType objType, String objName) {
+		this(operType, context, accessType, dbName, null, objType, objName);
+	}
+
+	public RangerHiveObjectAccessInfo(String operType, RangerHiveAccessContext context, HiveAccessType accessType, HiveObjectType objType, String objName) {
+		this(operType, context, accessType, null, null, objType, objName);
+	}
+
+	public RangerHiveObjectAccessInfo(String operType, RangerHiveAccessContext context, HiveAccessType accessType, String dbName, String tblOrViewName, List<String> columns) {
+		mOperType    = operType;
+		mContext     = context;
+		mAccessType  = accessType;
+		mObjectType  = HiveObjectType.COLUMN;
+		mDatabase    = dbName;
+		mTable       = tblOrViewName;
+		mView        = tblOrViewName;
+		mColumns     = columns;
+	}
+
+	public RangerHiveObjectAccessInfo(String operType, RangerHiveAccessContext context, HiveAccessType accessType, String dbName, String tblName, HiveObjectType objType, String objName) {
+		mOperType    = operType;
+		mContext     = context;
+		mAccessType  = accessType;
+		mObjectType  = objType;
+		mDatabase    = dbName;
+		mTable       = tblName;
+		mView        = tblName;
+
+		if(objName != null && ! objName.trim().isEmpty()) {
+			switch(objType) {
+				case DATABASE:
+					mDatabase = objName;
+				break;
+
+				case TABLE:
+					mTable = objName;
+				break;
+
+				case VIEW:
+					mView = objName;
+				break;
+
+				case PARTITION:
+					mPartition = objName;
+				break;
+
+				case INDEX:
+					mIndex = objName;
+				break;
+
+				case COLUMN:
+					mColumns = new ArrayList<String>();
+					mColumns.add(objName);
+				break;
+
+				case FUNCTION:
+					mFunction = objName;
+				break;
+
+				case URI:
+					mUri = objName;
+				break;
+
+				case NONE:
+				break;
+			}
+		}
+	}
+
+	public String getOperType() {
+		return mOperType;
+	}
+
+	public RangerHiveAccessContext getContext() {
+		return mContext;
+	}
+
+	public HiveAccessType getAccessType() {
+		return mAccessType;
+	}
+
+	public HiveObjectType getObjectType() {
+		return mObjectType;
+	}
+
+	public String getDatabase() {
+		return mDatabase;
+	}
+
+	public String getTable() {
+		return mTable;
+	}
+
+	public String getView() {
+		return mView;
+	}
+
+	public String getPartition() { 
+		return mPartition;
+	}
+
+	public String getIndex() {
+		return mIndex;
+	}
+
+	public List<String> getColumns() {
+		return mColumns;
+	}
+
+	public String getFunction() {
+		return mFunction;
+	}
+
+	public String getUri() {
+		return mUri;
+	}
+
+	public void setDeinedObjectName(String deniedObjectName) {
+		mDeniedObjectName = deniedObjectName;
+	}
+
+	public String getDeinedObjectName() {
+		return mDeniedObjectName;
+	}
+
+	public String getObjectName() {
+        String objName = null;
+
+        if(this.mObjectType == HiveObjectType.URI) {
+            objName = mUri;
+        } else {
+            String tblName = null;
+            String colName = null;
+
+            if(! StringUtil.isEmpty(mTable))
+                tblName = mTable;
+            else if(! StringUtil.isEmpty(mView))
+                tblName = mView;
+            else if(! StringUtil.isEmpty(mFunction))
+                tblName = mFunction;
+
+            if(! StringUtil.isEmpty(mColumns))
+                colName = StringUtil.toString(mColumns);
+            else if(! StringUtil.isEmpty(mIndex))
+                colName = mIndex;
+
+            objName = getObjectName(mDatabase, tblName, colName);
+        }
+
+		return objName;
+	}
+	
+	public static String getObjectName(String dbName, String tblName, String colName) {
+		String objName = StringUtil.isEmpty(dbName) ? "" : dbName;
+		
+		if(!StringUtil.isEmpty(tblName)) {
+			objName += ("/" + tblName);
+			
+			if(!StringUtil.isEmpty(colName)) {
+				objName += ("/" + colName);
+			}
+		}
+
+		return objName;
+	}
+
+	@Override
+	public boolean equals(Object obj) {
+		boolean ret = false;
+		
+		if(obj != null && obj instanceof RangerHiveObjectAccessInfo) {
+			RangerHiveObjectAccessInfo that = (RangerHiveObjectAccessInfo)obj;
+			
+			ret =  StringUtil.equalsIgnoreCase(mOperType, that.mOperType)
+				&& mAccessType == that.mAccessType
+				&& mObjectType == that.mObjectType
+				&& StringUtil.equalsIgnoreCase(mDatabase, that.mDatabase)
+				&& StringUtil.equalsIgnoreCase(mTable, that.mTable)
+				&& StringUtil.equalsIgnoreCase(mView, that.mView)
+				&& StringUtil.equalsIgnoreCase(mPartition, that.mPartition)
+				&& StringUtil.equalsIgnoreCase(mIndex, that.mIndex)
+				&& StringUtil.equalsIgnoreCase(mColumns, that.mColumns)
+				  ;
+		}
+		
+		return ret;
+	}
+}


Mime
View raw message