service/auth/TSubjectAssumingTransport.java

0001 /**
0002  * Licensed to the Apache Software Foundation (ASF) under one
0003  * or more contributor license agreements.  See the NOTICE file
0004  * distributed with this work for additional information
0005  * regarding copyright ownership.  The ASF licenses this file
0006  * to you under the Apache License, Version 2.0 (the
0007  * "License"); you may not use this file except in compliance
0008  * with the License.  You may obtain a copy of the License at
0009  *
0010  *     http://www.apache.org/licenses/LICENSE-2.0
0011  *
0012  * Unless required by applicable law or agreed to in writing, software
0013  * distributed under the License is distributed on an "AS IS" BASIS,
0014  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
0015  * See the License for the specific language governing permissions and
0016  * limitations under the License.
0017  */
0018
0019 package org.apache.hive.service.auth;
0020
0021 import java.security.AccessControlContext;
0022 import java.security.AccessController;
0023 import java.security.PrivilegedActionException;
0024 import java.security.PrivilegedExceptionAction;
0025 import javax.security.auth.Subject;
0026
0027 import org.apache.hadoop.hive.thrift.TFilterTransport;
0028 import org.apache.thrift.transport.TTransport;
0029 import org.apache.thrift.transport.TTransportException;
0030
0031 /**
0032  * This is used on the client side, where the API explicitly opens a transport to
0033  * the server using the Subject.doAs().
0034  */
0035 public class TSubjectAssumingTransport extends TFilterTransport {
0036
0037   public TSubjectAssumingTransport(TTransport wrapped) {
0038     super(wrapped);
0039   }
0040
0041   @Override
0042   public void open() throws TTransportException {
0043     try {
0044       AccessControlContext context = AccessController.getContext();
0045       Subject subject = Subject.getSubject(context);
0046       Subject.doAs(subject, new PrivilegedExceptionAction<Void>() {
0047         public Void run() {
0048           try {
0049             wrapped.open();
0050           } catch (TTransportException tte) {
0051             // Wrap the transport exception in an RTE, since Subject.doAs() then goes
0052             // and unwraps this for us out of the doAs block. We then unwrap one
0053             // more time in our catch clause to get back the TTE. (ugh)
0054             throw new RuntimeException(tte);
0055           }
0056           return null;
0057         }
0058       });
0059     } catch (PrivilegedActionException ioe) {
0060       throw new RuntimeException("Received an ioe we never threw!", ioe);
0061     } catch (RuntimeException rte) {
0062       if (rte.getCause() instanceof TTransportException) {
0063         throw (TTransportException) rte.getCause();
0064       } else {
0065         throw rte;
0066       }
0067     }
0068   }
0069
0070 }