0001
0002
0003
0004
0005
0006
0007
0008
0009
0010
0011
0012
0013
0014
0015
0016
0017
0018
0019 package org.apache.hive.service.cli.session;
0020
0021 import java.io.IOException;
0022
0023 import org.apache.commons.logging.Log;
0024 import org.apache.commons.logging.LogFactory;
0025 import org.apache.hadoop.fs.FileSystem;
0026 import org.apache.hadoop.hive.conf.HiveConf;
0027 import org.apache.hadoop.hive.ql.metadata.Hive;
0028 import org.apache.hadoop.hive.ql.metadata.HiveException;
0029 import org.apache.hadoop.hive.shims.Utils;
0030 import org.apache.hadoop.security.UserGroupInformation;
0031 import org.apache.hive.service.auth.HiveAuthFactory;
0032 import org.apache.hive.service.cli.HiveSQLException;
0033 import org.apache.hive.service.cli.thrift.TProtocolVersion;
0034
0035
0036
0037
0038
0039
0040 public class HiveSessionImplwithUGI extends HiveSessionImpl {
0041 public static final String HS2TOKEN = "HiveServer2ImpersonationToken";
0042
0043 private UserGroupInformation sessionUgi = null;
0044 private String delegationTokenStr = null;
0045 private Hive sessionHive = null;
0046 private HiveSession proxySession = null;
0047 static final Log LOG = LogFactory.getLog(HiveSessionImplwithUGI.class);
0048
0049 public HiveSessionImplwithUGI(TProtocolVersion protocol, String username, String password,
0050 HiveConf hiveConf, String ipAddress, String delegationToken) throws HiveSQLException {
0051 super(protocol, username, password, hiveConf, ipAddress);
0052 setSessionUGI(username);
0053 setDelegationToken(delegationToken);
0054
0055
0056 Hive.set(null);
0057 try {
0058 sessionHive = Hive.get(getHiveConf());
0059 } catch (HiveException e) {
0060 throw new HiveSQLException("Failed to setup metastore connection", e);
0061 }
0062 }
0063
0064
0065 public void setSessionUGI(String owner) throws HiveSQLException {
0066 if (owner == null) {
0067 throw new HiveSQLException("No username provided for impersonation");
0068 }
0069 if (UserGroupInformation.isSecurityEnabled()) {
0070 try {
0071 sessionUgi = UserGroupInformation.createProxyUser(
0072 owner, UserGroupInformation.getLoginUser());
0073 } catch (IOException e) {
0074 throw new HiveSQLException("Couldn't setup proxy user", e);
0075 }
0076 } else {
0077 sessionUgi = UserGroupInformation.createRemoteUser(owner);
0078 }
0079 }
0080
0081 public UserGroupInformation getSessionUgi() {
0082 return this.sessionUgi;
0083 }
0084
0085 public String getDelegationToken() {
0086 return this.delegationTokenStr;
0087 }
0088
0089 @Override
0090 protected synchronized void acquire(boolean userAccess) {
0091 super.acquire(userAccess);
0092
0093 if (sessionHive != null) {
0094 Hive.set(sessionHive);
0095 }
0096 }
0097
0098
0099
0100
0101
0102 @Override
0103 public void close() throws HiveSQLException {
0104 try {
0105 acquire(true);
0106 cancelDelegationToken();
0107 } finally {
0108 try {
0109 super.close();
0110 } finally {
0111 try {
0112 FileSystem.closeAllForUGI(sessionUgi);
0113 } catch (IOException ioe) {
0114 throw new HiveSQLException("Could not clean up file-system handles for UGI: "
0115 + sessionUgi, ioe);
0116 }
0117 }
0118 }
0119 }
0120
0121
0122
0123
0124
0125
0126
0127
0128 private void setDelegationToken(String delegationTokenStr) throws HiveSQLException {
0129 this.delegationTokenStr = delegationTokenStr;
0130 if (delegationTokenStr != null) {
0131 getHiveConf().set("hive.metastore.token.signature", HS2TOKEN);
0132 try {
0133 Utils.setTokenStr(sessionUgi, delegationTokenStr, HS2TOKEN);
0134 } catch (IOException e) {
0135 throw new HiveSQLException("Couldn't setup delegation token in the ugi", e);
0136 }
0137 }
0138 }
0139
0140
0141 private void cancelDelegationToken() throws HiveSQLException {
0142 if (delegationTokenStr != null) {
0143 try {
0144 Hive.get(getHiveConf()).cancelDelegationToken(delegationTokenStr);
0145 } catch (HiveException e) {
0146 throw new HiveSQLException("Couldn't cancel delegation token", e);
0147 }
0148
0149 Hive.closeCurrent();
0150 }
0151 }
0152
0153 @Override
0154 protected HiveSession getSession() {
0155 assert proxySession != null;
0156
0157 return proxySession;
0158 }
0159
0160 public void setProxySession(HiveSession proxySession) {
0161 this.proxySession = proxySession;
0162 }
0163
0164 @Override
0165 public String getDelegationToken(HiveAuthFactory authFactory, String owner,
0166 String renewer) throws HiveSQLException {
0167 return authFactory.getDelegationToken(owner, renewer);
0168 }
0169
0170 @Override
0171 public void cancelDelegationToken(HiveAuthFactory authFactory, String tokenStr)
0172 throws HiveSQLException {
0173 authFactory.cancelDelegationToken(tokenStr);
0174 }
0175
0176 @Override
0177 public void renewDelegationToken(HiveAuthFactory authFactory, String tokenStr)
0178 throws HiveSQLException {
0179 authFactory.renewDelegationToken(tokenStr);
0180 }
0181
0182 }