diff --git a/ql/src/java/org/apache/hadoop/hive/ql/hooks/HiveAuthorizationFilterHook.java b/ql/src/java/org/apache/hadoop/hive/ql/hooks/HiveAuthorizationFilterHook.java new file mode 100644 index 0000000..5812173 --- /dev/null +++ b/ql/src/java/org/apache/hadoop/hive/ql/hooks/HiveAuthorizationFilterHook.java @@ -0,0 +1,79 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.hadoop.hive.ql.hooks; + +import java.util.ArrayList; +import java.util.List; + +import org.apache.hadoop.hive.conf.HiveConf; +import org.apache.hadoop.hive.ql.HiveDriverFilterHook; +import org.apache.hadoop.hive.ql.HiveDriverFilterHookContext; +import org.apache.hadoop.hive.ql.HiveDriverFilterHookResult; +import org.apache.hadoop.hive.ql.HiveDriverFilterHookResultImpl; +import org.apache.hadoop.hive.ql.metadata.HiveException; +import org.apache.hadoop.hive.ql.metadata.Table; +import org.apache.hadoop.hive.ql.plan.HiveOperation; +import org.apache.hadoop.hive.ql.security.authorization.Privilege; +import org.apache.hadoop.hive.ql.session.SessionState; +import org.apache.hadoop.hive.ql.metadata.AuthorizationException; + + +public class HiveAuthorizationFilterHook implements HiveDriverFilterHook{ + + @Override + public HiveDriverFilterHookResult postDriverFetch( + HiveDriverFilterHookContext hookContext) throws Exception { + HiveDriverFilterHookResult hookResult = new HiveDriverFilterHookResultImpl(); + //do the authorization check + if (!HiveConf.getBoolVar(hookContext.getConf(), + HiveConf.ConfVars.HIVE_AUTHORIZATION_ENABLED)){ + hookResult.setResult(hookContext.getResult()); + return hookResult; + } + HiveOperation hiveOperation = hookContext.getHiveOperation(); + List queryResult = hookContext.getResult(); + List filteredResult = null; + String dbName = hookContext.getDbName(); + String operationName = hiveOperation.getOperationName(); + SessionState ss = SessionState.get(); + if (HiveOperation.SHOWTABLES.getOperationName().equalsIgnoreCase(operationName)) { + filteredResult = filterShowTables(queryResult, hiveOperation, dbName, ss); + } + hookResult.setHiveOperation(hiveOperation); + hookResult.setUserName(hookContext.getUserName()); + hookResult.setResult(filteredResult); + hookResult.setConf(hookContext.getConf()); + return hookResult; + } + private List filterShowTables(List queryResult,HiveOperation + operation, String dbName, SessionState session) throws HiveException{ + + List filteredResult = new ArrayList(); + for (String tableName : queryResult) { + try{ + session.getAuthorizer().authorize(new Table(dbName,tableName), + new Privilege[]{Privilege.SELECT}, null); + filteredResult.add(tableName); + }catch(AuthorizationException e){ + // user doesn't have privileges, so the table is + // not added to + // filtered list. + } + } + return filteredResult; + } +}