Examples of org.apache.hadoop.hive.ql.metadata.AuthorizationException

Package org.apache.hadoop.hive.ql.metadata

Examples of org.apache.hadoop.hive.ql.metadata.AuthorizationException

org.apache.hadoop.hive.ql.metadata.AuthorizationException

      }


      checkPermissions(getConf(), path, actions);


    } catch (AccessControlException ex) {
      throw new AuthorizationException(ex);
    } catch (LoginException ex) {
      throw new AuthorizationException(ex);
    } catch (IOException ex) {
      throw new HiveException(ex);
    }
  }

View Full Code Here

    case CREATE:
      return FsAction.WRITE;
    case DROP:
      return FsAction.WRITE;
    case INDEX:
      throw new AuthorizationException(
          "StorageBasedAuthorizationProvider cannot handle INDEX privilege");
    case LOCK:
      throw new AuthorizationException(
          "StorageBasedAuthorizationProvider cannot handle LOCK privilege");
    case SELECT:
      return FsAction.READ;
    case SHOW_DATABASE:
      return FsAction.READ;
    case UNKNOWN:
    default:
      throw new AuthorizationException("Unknown privilege");
    }
  }

View Full Code Here

  private HiveException hiveException(Exception e) {
    return new HiveException(e);
  }


  private AuthorizationException authorizationException(Exception e) {
    return new AuthorizationException(e);
  }

View Full Code Here

    hiveObject = hiveObject + "}";


    if (inputCheck != null) {
      int input = this.firstFalseIndex(inputCheck);
      if (input >= 0) {
        throw new AuthorizationException("No privilege '"
            + inputRequiredPriv[input].toString() + "' found for inputs "
            + hiveObject);
      }
    }


    if (outputCheck != null) {
      int output = this.firstFalseIndex(outputCheck);
      if (output >= 0) {
        throw new AuthorizationException("No privilege '"
            + outputRequiredPriv[output].toString() + "' found for outputs "
            + hiveObject);
      }
    }
  }

View Full Code Here


      outputHierarchy.add(connectHierarchy);
      break;


    default:
      throw new AuthorizationException("Unknown operation scope type " +
          stmtAuthObject.getOperationScope().toString());
    }


    // validate permission
    hiveAuthzBinding.authorize(stmtOperation, stmtAuthObject, getCurrentSubject(context),

View Full Code Here

    for (String hiveUDF : Splitter.on(",").omitEmptyStrings().trimResults().split(whiteList)) {
      if (queryUDF.equalsIgnoreCase(hiveUDF)) {
        return; // found the given UDF in whitelist
      }
    }
    throw new AuthorizationException("The UDF " + queryUDF + " is not found in the list of allowed UDFs");
  }

View Full Code Here

    case DFS_DIR:
    case LOCAL_DIR:
      try {
        objectHierarchy.add(parseURI(entity.toString()));
      } catch (Exception e) {
        throw new AuthorizationException("Failed to get File URI", e);
      }
      break;
    default:
      throw new UnsupportedOperationException("Unsupported entity type " +
          entity.getType().name());

View Full Code Here

        if (writeEntity.getLocation().getPath().startsWith(localScratchDirPath)) {
          return true;
        }
      }
    } catch (Exception e) {
      throw new AuthorizationException("Failed to extract uri details", e);
    }
    return false;
  }

View Full Code Here

        }
        if (requiredInputPrivileges.containsKey(getAuthzType(inputHierarchy))) {
          EnumSet<Action> inputPrivSet =
            requiredInputPrivileges.get(getAuthzType(inputHierarchy));
          if (!authProvider.hasAccess(subject, inputHierarchy, inputPrivSet)) {
            throw new AuthorizationException("User " + subject.getName() +
                " does not have privileges for " + hiveOp.name());
          }
        }
      }
      // Check write entities
      Map<AuthorizableType, EnumSet<Action>> requiredOutputPrivileges =
          stmtAuthPrivileges.getOutputPrivileges();
      for (List<Authorizable> outputHierarchy : outputHierarchyList) {
        if(isDebug) {
          LOG.debug("requiredOutputPrivileges = " + requiredOutputPrivileges);
          LOG.debug("outputHierarchy = " + outputHierarchy);
          LOG.debug("getAuthzType(outputHierarchy) = " + getAuthzType(outputHierarchy));
        }
        if (requiredOutputPrivileges.containsKey(getAuthzType(outputHierarchy))) {
          EnumSet<Action> outputPrivSet =
            requiredOutputPrivileges.get(getAuthzType(outputHierarchy));
          if (!authProvider.hasAccess(subject, outputHierarchy, outputPrivSet)) {
            throw new AuthorizationException("User " + subject.getName() +
                " does not have priviliedges for " + hiveOp.name());
          }
        }
      }
  }

View Full Code Here

  public static final String errMsg = "Metastore Authorization api invocation is disabled"
      + " in this configuration.";


  @Override
  public void authorizeAuthorizationApiInvocation() throws AuthorizationException {
      throw new AuthorizationException(errMsg);
  }

View Full Code Here

0 1 2 3 4

TOP

Related Classes of org.apache.hadoop.hive.ql.metadata.AuthorizationException

org.apache.hadoop.hive.ql.exec.SentryGrantRevokeTask

org.apache.hadoop.hive.ql.security.authorization.BitSetCheckedAuthorizationProvider

org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider

org.apache.hadoop.hive.ql.security.authorization.MetaStoreAuthzAPIAuthorizerEmbedOnly

org.apache.hadoop.hive.ql.security.authorization.StorageBasedAuthorizationProvider

org.apache.hadoop.hive.ql.security.MetastoreAuthzAPIDisallowAuthorizer

org.apache.hcatalog.security.HdfsAuthorizationProvider

org.apache.sentry.binding.hive.authz.HiveAuthzBinding

org.apache.sentry.binding.hive.HiveAuthzBindingHook

All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.