diff --git a/common/src/java/org/apache/hive/http/HttpServer.java b/common/src/java/org/apache/hive/http/HttpServer.java index 0624a7e15c..50f0b7932d 100644 --- a/common/src/java/org/apache/hive/http/HttpServer.java +++ b/common/src/java/org/apache/hive/http/HttpServer.java @@ -297,7 +297,7 @@ static boolean hasAdministratorAccess( * @return true if the user is present in the ACL, false if no ACL is set or * the user is not present */ - static boolean userHasAdministratorAccess(ServletContext servletContext, + public static boolean userHasAdministratorAccess(ServletContext servletContext, String remoteUser) { AccessControlList adminsAcl = (AccessControlList) servletContext .getAttribute(ADMINS_ACL); diff --git a/service/src/resources/hive-webapps/hiveserver2/hiveserver2.jsp b/service/src/resources/hive-webapps/hiveserver2/hiveserver2.jsp index c0ece6da97..7cbab2b776 100644 --- a/service/src/resources/hive-webapps/hiveserver2/hiveserver2.jsp +++ b/service/src/resources/hive-webapps/hiveserver2/hiveserver2.jsp @@ -22,8 +22,10 @@ import="org.apache.hadoop.hive.conf.HiveConf" import="org.apache.hadoop.hive.conf.HiveConf.ConfVars" import="org.apache.hive.common.util.HiveVersionInfo" + import="org.apache.hive.http.HttpServer" import="org.apache.hive.service.cli.operation.Operation" import="org.apache.hive.service.cli.operation.SQLOperation" + import="org.apache.hadoop.fs.CommonConfigurationKeys" import="org.apache.hadoop.hive.ql.QueryInfo" import="org.apache.hive.service.cli.session.SessionManager" import="org.apache.hive.service.cli.session.HiveSession" @@ -42,6 +44,22 @@ SessionManager sessionManager = (SessionManager)ctx.getAttribute("hive.sm"); %> +<%! +private boolean hasAdminAccess(Configuration conf, ServletContext ctx, HttpServletRequest req) { + // If there is no authorization, anybody has administrator access. + if (!conf.getBoolean(CommonConfigurationKeys.HADOOP_SECURITY_AUTHORIZATION, false)) { + return true; + } + + String remoteUser = req.getRemoteUser(); + if (remoteUser == null) { + return false; + } + + return HttpServer.userHasAdministratorAccess(ctx, remoteUser); +} +%> + @@ -108,7 +126,13 @@ if (sessionManager != null) { <% Collection hiveSessions = sessionManager.getSessions(); +int sessionCount = 0; for (HiveSession hiveSession: hiveSessions) { + // Check admin permission + if (!hasAdminAccess(conf, ctx, request)) { + break; + } + sessionCount++; %> <%= hiveSession.getUserName() %> @@ -121,7 +145,7 @@ for (HiveSession hiveSession: hiveSessions) { } %> - Total number of sessions: <%= hiveSessions.size() %> + Total number of sessions: <%= sessionCount %> @@ -143,6 +167,9 @@ for (HiveSession hiveSession: hiveSessions) { int queries = 0; Collection operations = sessionManager.getOperationManager().getLiveQueryInfos(); for (QueryInfo operation : operations) { + if (!hasAdminAccess(conf, ctx, request)) { + break; + } queries++; %> @@ -184,6 +211,9 @@ for (HiveSession hiveSession: hiveSessions) { queries = 0; operations = sessionManager.getOperationManager().getHistoricalQueryInfos(); for (QueryInfo operation : operations) { + if (!hasAdminAccess(conf, ctx, request)) { + break; + } queries++; %>