private Subject getCurrentSubject(HiveSemanticAnalyzerHookContext context) { // Extract the username from the hook context return new Subject(context.getUserName()); }
public SqoopAuthBinding(Configuration authConf, String serverName) throws Exception { this.authConf = authConf; this.authConf.set(AuthzConfVars.AUTHZ_SERVER_NAME.getVar(), serverName); this.sqoopServer = new Server(serverName); this.authProvider = createAuthProvider(); /** The Sqoop server principal will use the binding */ this.bindingSubject = new Subject(UserGroupInformation.getCurrentUser() .getShortUserName()); }
public SolrAuthzBinding (SolrAuthzConf authzConf) throws Exception { this.authzConf = addHdfsPropsToConf(authzConf); this.authProvider = getAuthProvider(); this.groupMapping = authProvider.getGroupMapping(); /** * The Solr server principal will use the binding */ this.bindingSubject = new Subject(UserGroupInformation.getCurrentUser() .getShortUserName()); }
private Subject getSubject() { return new Subject(SentryAuthorizationHander.getAuthenticator().getUserName()); }
public void listPrivs() throws Exception { getSentryProvider().validateResource(true); System.out.println("Available privileges for user " + getUser() + ":"); Set<String> permList = getSentryProvider().listPrivilegesForSubject( new Subject(getUser())); for (String perms : permList) { System.out.println("\t" + perms); } if (permList.isEmpty()) { System.out.println("\t*** No permissions available ***"); } }
/** * Authorize access to a Kafka privilege */ public boolean authorize(RequestChannel.Session session, Operation operation, Resource resource) { List<Authorizable> authorizables = ConvertUtil.convertResourceToAuthorizable(session.clientAddress().getHostAddress(), resource); Set<KafkaAction> actions = Sets.newHashSet(actionFactory.getActionByName(operation.name())); return authProvider.hasAccess(new Subject(getName(session)), authorizables, actions, ActiveRoleSet.ALL); }
private Subject getSubject(SecurityContext securityContext) throws SentryUserException { String princ = securityContext.getUserPrincipal() != null ? securityContext.getUserPrincipal().getName() : null; KerberosName kerbName = new KerberosName(princ); try { return new Subject(kerbName.getShortName()); } catch (IOException e) { throw new SentryUserException("Unable to get subject", e); } }
throws SemanticException { List<FieldSchema> filteredResult = new ArrayList<FieldSchema>(); Subject subject = new Subject(userName); HiveAuthzPrivileges columnMetaDataPrivilege = HiveAuthzPrivilegesMap.getHiveAuthzPrivileges(HiveOperation.SHOWCOLUMNS);
throws SemanticException { List<String> filteredResult = new ArrayList<String>(); Subject subject = new Subject(userName); HiveAuthzPrivileges tableMetaDataPrivilege = new HiveAuthzPrivileges.AuthzPrivilegeBuilder(). addInputObjectPriviledge(AuthorizableType.Column, EnumSet.of(DBModelAction.SELECT, DBModelAction.INSERT)).
HiveOperation operation, String userName) throws SemanticException { List<String> filteredResult = new ArrayList<String>(); Subject subject = new Subject(userName); HiveAuthzBinding hiveBindingWithPrivilegeCache = getHiveBindingWithPrivilegeCache(hiveAuthzBinding, userName);
@Override public void checkPrivileges(MPrincipal principal, List<MPrivilege> privileges) throws SqoopException { if (privileges == null || privileges.isEmpty()) { return; } PrincipalDesc principalDesc = new PrincipalDesc(principal.getName(), principal.getType()); if (principalDesc.getType() != PrincipalType.USER) { throw new SqoopException(SecurityError.AUTH_0014,SentrySqoopError.AUTHORIZE_CHECK_NOT_SUPPORT_FOR_PRINCIPAL); } for (MPrivilege privilege : privileges) { if (LOG.isDebugEnabled()) { LOG.debug("Going to authorize check on privilege : " + privilege + " for principal: " + principal); } if (!binding.authorize(new Subject(principalDesc.getName()), privilege)) { throw new SqoopException(SecurityError.AUTH_0014, "User " + principalDesc.getName() + " does not have privileges for : " + privilege.toString()); } } } }
/** * Test that a user that doesn't exist throws an exception * when trying to authorize */ @Test public void testNoUser() throws Exception { SolrAuthzConf solrAuthzConf = new SolrAuthzConf(Resources.getResource("sentry-site.xml")); setUsableAuthzConf(solrAuthzConf); SolrAuthzBinding binding = new SolrAuthzBinding(solrAuthzConf); try { binding.authorizeCollection(new Subject("bogus"), infoCollection, querySet); Assert.fail("Expected SentryGroupNotFoundException"); } catch (SentryGroupNotFoundException e) { } }
HiveAuthzBinding hiveAuthzBinding = getHiveAuthzBinding(); hiveAuthzBinding.authorize(hiveOp, HiveAuthzPrivilegesMap .getHiveAuthzPrivileges(hiveOp), new Subject(getUserName()), inputHierarchy, outputHierarchy); } catch (AuthorizationException e1) {