Package org.apache.howl.common

Source Code of org.apache.howl.common.AuthUtils

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
package org.apache.howl.common;

import java.io.FileNotFoundException;
import java.io.IOException;

import javax.security.auth.login.LoginException;

import org.apache.commons.lang.ArrayUtils;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.FileStatus;
import org.apache.hadoop.fs.Path;
import org.apache.hadoop.fs.permission.FsAction;
import org.apache.hadoop.fs.permission.FsPermission;
import org.apache.hadoop.hive.conf.HiveConf;
import org.apache.hadoop.hive.conf.HiveConf.ConfVars;
import org.apache.hadoop.hive.ql.parse.SemanticException;
import org.apache.hadoop.hive.shims.ShimLoader;
import org.apache.hadoop.security.AccessControlException;
import org.apache.hadoop.security.UserGroupInformation;

public class AuthUtils {

  /**
   * @param path non-null
   * @param action non-null
   * @param conf
   * @throws SemanticException
   * @throws HowlException
   *
   * This method validates only for existing path. If path doesn't exist
   * there is nothing to validate. So, make sure that path passed in is non-null.
   */

  @SuppressWarnings("deprecation")
  public static void authorize(final Path path, final FsAction action, final Configuration conf) throws SemanticException, HowlException{

    if(path == null) {
      throw new HowlException(ErrorType.ERROR_INTERNAL_EXCEPTION);
    }
    final FileStatus stat;

    try {
      stat = path.getFileSystem(conf).getFileStatus(path);
    } catch (FileNotFoundException fnfe){
      // File named by path doesn't exist; nothing to validate.
      return;
    }
    catch (AccessControlException ace) {
      throw new HowlException(ErrorType.ERROR_ACCESS_CONTROL, ace);
    } catch (org.apache.hadoop.fs.permission.AccessControlException ace){
      // Older hadoop version will throw this @deprecated Exception.
      throw new HowlException(ErrorType.ERROR_ACCESS_CONTROL, ace);
    } catch (IOException ioe){
      throw new SemanticException(ioe);
    }

    final UserGroupInformation ugi;
    try {
      ugi = ShimLoader.getHadoopShims().getUGIForConf(conf);
    } catch (LoginException le) {
      throw new HowlException(ErrorType.ERROR_ACCESS_CONTROL,le);
    } catch (IOException ioe) {
      throw new SemanticException(ioe);
    }

    final FsPermission dirPerms = stat.getPermission();

    final String user = HiveConf.getBoolVar(conf, ConfVars.METASTORE_USE_THRIFT_SASL) ?
                          ugi.getShortUserName() : ugi.getUserName();
    final String grp = stat.getGroup();
    if(user.equals(stat.getOwner())){
      if(dirPerms.getUserAction().implies(action)){
        return;
      }
      throw new HowlException(ErrorType.ERROR_ACCESS_CONTROL);
    }
    if(ArrayUtils.contains(ugi.getGroupNames(), grp)){
      if(dirPerms.getGroupAction().implies(action)){
        return;
      }
      throw new HowlException(ErrorType.ERROR_ACCESS_CONTROL);

    }
    if(dirPerms.getOtherAction().implies(action)){
      return;
    }
    throw new HowlException(ErrorType.ERROR_ACCESS_CONTROL);


  }
}
TOP

Related Classes of org.apache.howl.common.AuthUtils

  • org.apache.hadoop.fs.FileStatus
  • org.apache.hadoop.fs.permission.FsPermission
  • org.apache.hadoop.security.UserGroupInformation
  • org.apache.hadoop.hive.ql.parse.SemanticException
    • TOP
    Copyright © 2018 www.massapi.com. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.