diff --git a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthorizerImpl.java b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthorizerImpl.java index 76a80e0..2fc35ed 100644 --- a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthorizerImpl.java +++ b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthorizerImpl.java @@ -37,6 +37,9 @@ @LimitedPrivate(value = { "" }) @Evolving public class HiveAuthorizerImpl implements HiveAuthorizer { + + public static final String METASTORE_FILTER_HOOK_V2_DEFAULT = + "org.apache.hadoop.hive.ql.security.authorization.plugin.AuthorizationMetaStoreFilterHook"; HiveAccessController accessController; HiveAuthorizationValidator authValidator; diff --git a/ql/src/java/org/apache/hadoop/hive/ql/session/SessionState.java b/ql/src/java/org/apache/hadoop/hive/ql/session/SessionState.java index 37d856c..33452ad 100644 --- a/ql/src/java/org/apache/hadoop/hive/ql/session/SessionState.java +++ b/ql/src/java/org/apache/hadoop/hive/ql/session/SessionState.java @@ -75,6 +75,7 @@ import org.apache.hadoop.hive.ql.security.authorization.HiveAuthorizationProvider; import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizer; import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizerFactory; +import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizerImpl; import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzSessionContext; import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzSessionContext.CLIENT_TYPE; import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveMetastoreClientFactoryImpl; @@ -756,8 +757,15 @@ private void setAuthorizerV2Config() throws HiveException { if (conf.get(CONFIG_AUTHZ_SETTINGS_APPLIED_MARKER, "").equals(Boolean.TRUE.toString())) { return; } + String metastoreHook = conf.get(ConfVars.METASTORE_FILTER_HOOK.name()); + if (!ConfVars.METASTORE_FILTER_HOOK.getDefaultValue().equals(metastoreHook) && + !HiveAuthorizerImpl.METASTORE_FILTER_HOOK_V2_DEFAULT.equals(metastoreHook)) { + LOG.warn(ConfVars.METASTORE_FILTER_HOOK.name() + + " will be ignored, since hive.security.authorization.manager" + + " is set to instance of HiveAuthorizerFactory."); + } conf.setVar(ConfVars.METASTORE_FILTER_HOOK, - "org.apache.hadoop.hive.ql.security.authorization.plugin.AuthorizationMetaStoreFilterHook"); + HiveAuthorizerImpl.METASTORE_FILTER_HOOK_V2_DEFAULT); authorizerV2.applyAuthorizationConfigPolicy(conf); // update config in Hive thread local as well and init the metastore client