| <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> |
| <html xmlns="http://www.w3.org/1999/xhtml"> |
| <head> |
| <meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/> |
| <meta http-equiv="X-UA-Compatible" content="IE=9"/> |
| <meta name="generator" content="Doxygen 1.8.6"/> |
| <title>Impala: fe/src/main/java/com/cloudera/impala/authorization/AuthorizationChecker.java Source File</title> |
| <link href="tabs.css" rel="stylesheet" type="text/css"/> |
| <script type="text/javascript" src="jquery.js"></script> |
| <script type="text/javascript" src="dynsections.js"></script> |
| <link href="navtree.css" rel="stylesheet" type="text/css"/> |
| <script type="text/javascript" src="resize.js"></script> |
| <script type="text/javascript" src="navtree.js"></script> |
| <script type="text/javascript"> |
| $(document).ready(initResizable); |
| $(window).load(resizeHeight); |
| </script> |
| <link href="search/search.css" rel="stylesheet" type="text/css"/> |
| <script type="text/javascript" src="search/search.js"></script> |
| <script type="text/javascript"> |
| $(document).ready(function() { searchBox.OnSelectItem(0); }); |
| </script> |
| <link href="doxygen.css" rel="stylesheet" type="text/css" /> |
| </head> |
| <body> |
| <div id="top"><!-- do not remove this div, it is closed by doxygen! --> |
| <div id="titlearea"> |
| <table cellspacing="0" cellpadding="0"> |
| <tbody> |
| <tr style="height: 56px;"> |
| <td style="padding-left: 0.5em;"> |
| <div id="projectname">Impala |
| </div> |
| <div id="projectbrief">Impalaistheopensource,nativeanalyticdatabaseforApacheHadoop.</div> |
| </td> |
| </tr> |
| </tbody> |
| </table> |
| </div> |
| <!-- end header part --> |
| <!-- Generated by Doxygen 1.8.6 --> |
| <script type="text/javascript"> |
| var searchBox = new SearchBox("searchBox", "search",false,'Search'); |
| </script> |
| <div id="navrow1" class="tabs"> |
| <ul class="tablist"> |
| <li><a href="index.html"><span>Main Page</span></a></li> |
| <li><a href="namespaces.html"><span>Namespaces</span></a></li> |
| <li><a href="annotated.html"><span>Classes</span></a></li> |
| <li class="current"><a href="files.html"><span>Files</span></a></li> |
| <li> |
| <div id="MSearchBox" class="MSearchBoxInactive"> |
| <span class="left"> |
| <img id="MSearchSelect" src="search/mag_sel.png" |
| onmouseover="return searchBox.OnSearchSelectShow()" |
| onmouseout="return searchBox.OnSearchSelectHide()" |
| alt=""/> |
| <input type="text" id="MSearchField" value="Search" accesskey="S" |
| onfocus="searchBox.OnSearchFieldFocus(true)" |
| onblur="searchBox.OnSearchFieldFocus(false)" |
| onkeyup="searchBox.OnSearchFieldChange(event)"/> |
| </span><span class="right"> |
| <a id="MSearchClose" href="javascript:searchBox.CloseResultsWindow()"><img id="MSearchCloseImg" border="0" src="search/close.png" alt=""/></a> |
| </span> |
| </div> |
| </li> |
| </ul> |
| </div> |
| <div id="navrow2" class="tabs2"> |
| <ul class="tablist"> |
| <li><a href="files.html"><span>File List</span></a></li> |
| <li><a href="globals.html"><span>File Members</span></a></li> |
| </ul> |
| </div> |
| </div><!-- top --> |
| <div id="side-nav" class="ui-resizable side-nav-resizable"> |
| <div id="nav-tree"> |
| <div id="nav-tree-contents"> |
| <div id="nav-sync" class="sync"></div> |
| </div> |
| </div> |
| <div id="splitbar" style="-moz-user-select:none;" |
| class="ui-resizable-handle"> |
| </div> |
| </div> |
| <script type="text/javascript"> |
| $(document).ready(function(){initNavTree('AuthorizationChecker_8java_source.html','');}); |
| </script> |
| <div id="doc-content"> |
| <!-- window showing the filter options --> |
| <div id="MSearchSelectWindow" |
| onmouseover="return searchBox.OnSearchSelectShow()" |
| onmouseout="return searchBox.OnSearchSelectHide()" |
| onkeydown="return searchBox.OnSearchSelectKey(event)"> |
| <a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(0)"><span class="SelectionMark"> </span>All</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(1)"><span class="SelectionMark"> </span>Classes</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(2)"><span class="SelectionMark"> </span>Namespaces</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(3)"><span class="SelectionMark"> </span>Files</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(4)"><span class="SelectionMark"> </span>Functions</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(5)"><span class="SelectionMark"> </span>Variables</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(6)"><span class="SelectionMark"> </span>Typedefs</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(7)"><span class="SelectionMark"> </span>Enumerations</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(8)"><span class="SelectionMark"> </span>Enumerator</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(9)"><span class="SelectionMark"> </span>Friends</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(10)"><span class="SelectionMark"> </span>Macros</a></div> |
| |
| <!-- iframe showing the search results (closed by default) --> |
| <div id="MSearchResultsWindow"> |
| <iframe src="javascript:void(0)" frameborder="0" |
| name="MSearchResults" id="MSearchResults"> |
| </iframe> |
| </div> |
| |
| <div class="header"> |
| <div class="headertitle"> |
| <div class="title">AuthorizationChecker.java</div> </div> |
| </div><!--header--> |
| <div class="contents"> |
| <a href="AuthorizationChecker_8java.html">Go to the documentation of this file.</a><div class="fragment"><div class="line"><a name="l00001"></a><span class="lineno"> 1</span> <span class="comment">// Copyright 2013 Cloudera Inc.</span></div> |
| <div class="line"><a name="l00002"></a><span class="lineno"> 2</span> <span class="comment">//</span></div> |
| <div class="line"><a name="l00003"></a><span class="lineno"> 3</span> <span class="comment">// Licensed under the Apache License, Version 2.0 (the "License");</span></div> |
| <div class="line"><a name="l00004"></a><span class="lineno"> 4</span> <span class="comment">// you may not use this file except in compliance with the License.</span></div> |
| <div class="line"><a name="l00005"></a><span class="lineno"> 5</span> <span class="comment">// You may obtain a copy of the License at</span></div> |
| <div class="line"><a name="l00006"></a><span class="lineno"> 6</span> <span class="comment">//</span></div> |
| <div class="line"><a name="l00007"></a><span class="lineno"> 7</span> <span class="comment">// http://www.apache.org/licenses/LICENSE-2.0</span></div> |
| <div class="line"><a name="l00008"></a><span class="lineno"> 8</span> <span class="comment">//</span></div> |
| <div class="line"><a name="l00009"></a><span class="lineno"> 9</span> <span class="comment">// Unless required by applicable law or agreed to in writing, software</span></div> |
| <div class="line"><a name="l00010"></a><span class="lineno"> 10</span> <span class="comment">// distributed under the License is distributed on an "AS IS" BASIS,</span></div> |
| <div class="line"><a name="l00011"></a><span class="lineno"> 11</span> <span class="comment">// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.</span></div> |
| <div class="line"><a name="l00012"></a><span class="lineno"> 12</span> <span class="comment">// See the License for the specific language governing permissions and</span></div> |
| <div class="line"><a name="l00013"></a><span class="lineno"> 13</span> <span class="comment">// limitations under the License.</span></div> |
| <div class="line"><a name="l00014"></a><span class="lineno"> 14</span> </div> |
| <div class="line"><a name="l00015"></a><span class="lineno"><a class="line" href="namespacecom_1_1cloudera_1_1impala_1_1authorization.html"> 15</a></span> <span class="keyword">package </span>com.cloudera.impala.authorization;</div> |
| <div class="line"><a name="l00016"></a><span class="lineno"> 16</span> </div> |
| <div class="line"><a name="l00017"></a><span class="lineno"> 17</span> <span class="keyword">import</span> java.util.EnumSet;</div> |
| <div class="line"><a name="l00018"></a><span class="lineno"> 18</span> <span class="keyword">import</span> java.util.List;</div> |
| <div class="line"><a name="l00019"></a><span class="lineno"> 19</span> <span class="keyword">import</span> java.util.Set;</div> |
| <div class="line"><a name="l00020"></a><span class="lineno"> 20</span> </div> |
| <div class="line"><a name="l00021"></a><span class="lineno"> 21</span> <span class="keyword">import</span> org.apache.commons.lang.reflect.ConstructorUtils;</div> |
| <div class="line"><a name="l00022"></a><span class="lineno"> 22</span> <span class="keyword">import</span> org.apache.sentry.core.common.ActiveRoleSet;</div> |
| <div class="line"><a name="l00023"></a><span class="lineno"> 23</span> <span class="keyword">import</span> org.apache.sentry.core.common.Subject;</div> |
| <div class="line"><a name="l00024"></a><span class="lineno"> 24</span> <span class="keyword">import</span> org.apache.sentry.core.model.db.DBModelAction;</div> |
| <div class="line"><a name="l00025"></a><span class="lineno"> 25</span> <span class="keyword">import</span> org.apache.sentry.core.model.db.DBModelAuthorizable;</div> |
| <div class="line"><a name="l00026"></a><span class="lineno"> 26</span> <span class="keyword">import</span> org.apache.sentry.policy.db.SimpleDBPolicyEngine;</div> |
| <div class="line"><a name="l00027"></a><span class="lineno"> 27</span> <span class="keyword">import</span> org.apache.sentry.provider.cache.SimpleCacheProviderBackend;</div> |
| <div class="line"><a name="l00028"></a><span class="lineno"> 28</span> <span class="keyword">import</span> org.apache.sentry.provider.common.ProviderBackend;</div> |
| <div class="line"><a name="l00029"></a><span class="lineno"> 29</span> <span class="keyword">import</span> org.apache.sentry.provider.common.ProviderBackendContext;</div> |
| <div class="line"><a name="l00030"></a><span class="lineno"> 30</span> <span class="keyword">import</span> org.apache.sentry.provider.common.ResourceAuthorizationProvider;</div> |
| <div class="line"><a name="l00031"></a><span class="lineno"> 31</span> <span class="keyword">import</span> org.apache.sentry.provider.file.SimpleFileProviderBackend;</div> |
| <div class="line"><a name="l00032"></a><span class="lineno"> 32</span> </div> |
| <div class="line"><a name="l00033"></a><span class="lineno"> 33</span> <span class="keyword">import</span> <a class="code" href="classcom_1_1cloudera_1_1impala_1_1catalog_1_1AuthorizationException.html">com.cloudera.impala.catalog.AuthorizationException</a>;</div> |
| <div class="line"><a name="l00034"></a><span class="lineno"> 34</span> <span class="keyword">import</span> <a class="code" href="classcom_1_1cloudera_1_1impala_1_1catalog_1_1AuthorizationPolicy.html">com.cloudera.impala.catalog.AuthorizationPolicy</a>;</div> |
| <div class="line"><a name="l00035"></a><span class="lineno"> 35</span> <span class="keyword">import</span> com.google.common.base.Preconditions;</div> |
| <div class="line"><a name="l00036"></a><span class="lineno"> 36</span> <span class="keyword">import</span> com.google.common.collect.Lists;</div> |
| <div class="line"><a name="l00037"></a><span class="lineno"> 37</span> </div> |
| <div class="line"><a name="l00038"></a><span class="lineno"> 38</span> <span class="comment">/*</span></div> |
| <div class="line"><a name="l00039"></a><span class="lineno"> 39</span> <span class="comment"> * Class used to check whether a user has access to a given resource.</span></div> |
| <div class="line"><a name="l00040"></a><span class="lineno"> 40</span> <span class="comment"> */</span></div> |
| <div class="line"><a name="l00041"></a><span class="lineno"><a class="line" href="classcom_1_1cloudera_1_1impala_1_1authorization_1_1AuthorizationChecker.html"> 41</a></span> <span class="keyword">public</span> <span class="keyword">class </span><a class="code" href="classcom_1_1cloudera_1_1impala_1_1authorization_1_1AuthorizationChecker.html">AuthorizationChecker</a> {</div> |
| <div class="line"><a name="l00042"></a><span class="lineno"><a class="line" href="classcom_1_1cloudera_1_1impala_1_1authorization_1_1AuthorizationChecker.html#a5e656d00862f4508f817b63bd2c0e863"> 42</a></span>  <span class="keyword">private</span> <span class="keyword">final</span> ResourceAuthorizationProvider <a class="code" href="classcom_1_1cloudera_1_1impala_1_1authorization_1_1AuthorizationChecker.html#a5e656d00862f4508f817b63bd2c0e863">provider_</a>;</div> |
| <div class="line"><a name="l00043"></a><span class="lineno"><a class="line" href="classcom_1_1cloudera_1_1impala_1_1authorization_1_1AuthorizationChecker.html#a786e52b4c04685e2910e48e0338a28c1"> 43</a></span>  <span class="keyword">private</span> <span class="keyword">final</span> <a class="code" href="classcom_1_1cloudera_1_1impala_1_1authorization_1_1AuthorizationConfig.html">AuthorizationConfig</a> <a class="code" href="classcom_1_1cloudera_1_1impala_1_1authorization_1_1AuthorizationChecker.html#a786e52b4c04685e2910e48e0338a28c1">config_</a>;</div> |
| <div class="line"><a name="l00044"></a><span class="lineno"><a class="line" href="classcom_1_1cloudera_1_1impala_1_1authorization_1_1AuthorizationChecker.html#afc19f2a3a15ba1b3739cf3fae2dbb20d"> 44</a></span>  <span class="keyword">private</span> <span class="keyword">final</span> <a class="code" href="classcom_1_1cloudera_1_1impala_1_1authorization_1_1AuthorizeableServer.html">AuthorizeableServer</a> <a class="code" href="classcom_1_1cloudera_1_1impala_1_1authorization_1_1AuthorizationChecker.html#afc19f2a3a15ba1b3739cf3fae2dbb20d">server_</a>;</div> |
| <div class="line"><a name="l00045"></a><span class="lineno"> 45</span> </div> |
| <div class="line"><a name="l00046"></a><span class="lineno"> 46</span>  <span class="comment">/*</span></div> |
| <div class="line"><a name="l00047"></a><span class="lineno"> 47</span> <span class="comment"> * Creates a new AuthorizationChecker based on the config values.</span></div> |
| <div class="line"><a name="l00048"></a><span class="lineno"> 48</span> <span class="comment"> */</span></div> |
| <div class="line"><a name="l00049"></a><span class="lineno"><a class="line" href="classcom_1_1cloudera_1_1impala_1_1authorization_1_1AuthorizationChecker.html#a3887160f6ea6c7179848e30c35ce38e1"> 49</a></span>  <span class="keyword">public</span> <a class="code" href="classcom_1_1cloudera_1_1impala_1_1authorization_1_1AuthorizationChecker.html#a3887160f6ea6c7179848e30c35ce38e1">AuthorizationChecker</a>(<a class="code" href="classcom_1_1cloudera_1_1impala_1_1authorization_1_1AuthorizationConfig.html">AuthorizationConfig</a> config, <a class="code" href="classcom_1_1cloudera_1_1impala_1_1catalog_1_1AuthorizationPolicy.html">AuthorizationPolicy</a> policy) {</div> |
| <div class="line"><a name="l00050"></a><span class="lineno"> 50</span>  Preconditions.checkNotNull(config);</div> |
| <div class="line"><a name="l00051"></a><span class="lineno"> 51</span>  <a class="code" href="classcom_1_1cloudera_1_1impala_1_1authorization_1_1AuthorizationChecker.html#a786e52b4c04685e2910e48e0338a28c1">config_</a> = config;</div> |
| <div class="line"><a name="l00052"></a><span class="lineno"> 52</span>  <span class="keywordflow">if</span> (config.<a class="code" href="classcom_1_1cloudera_1_1impala_1_1authorization_1_1AuthorizationConfig.html#adeccbd612316e1d3548d6ec2c46e9b0f">isEnabled</a>()) {</div> |
| <div class="line"><a name="l00053"></a><span class="lineno"> 53</span>  <a class="code" href="classcom_1_1cloudera_1_1impala_1_1authorization_1_1AuthorizationChecker.html#afc19f2a3a15ba1b3739cf3fae2dbb20d">server_</a> = <span class="keyword">new</span> <a class="code" href="classcom_1_1cloudera_1_1impala_1_1authorization_1_1AuthorizeableServer.html">AuthorizeableServer</a>(config.<a class="code" href="classcom_1_1cloudera_1_1impala_1_1authorization_1_1AuthorizationConfig.html#a041c31da76467228c42baffa9e12246c">getServerName</a>());</div> |
| <div class="line"><a name="l00054"></a><span class="lineno"> 54</span>  <a class="code" href="classcom_1_1cloudera_1_1impala_1_1authorization_1_1AuthorizationChecker.html#a5e656d00862f4508f817b63bd2c0e863">provider_</a> = <a class="code" href="classcom_1_1cloudera_1_1impala_1_1authorization_1_1AuthorizationChecker.html#a93f8ab684c77474d39d859400eb93654">createProvider</a>(config, policy);</div> |
| <div class="line"><a name="l00055"></a><span class="lineno"> 55</span>  Preconditions.checkNotNull(<a class="code" href="classcom_1_1cloudera_1_1impala_1_1authorization_1_1AuthorizationChecker.html#a5e656d00862f4508f817b63bd2c0e863">provider_</a>);</div> |
| <div class="line"><a name="l00056"></a><span class="lineno"> 56</span>  } <span class="keywordflow">else</span> {</div> |
| <div class="line"><a name="l00057"></a><span class="lineno"> 57</span>  <a class="code" href="classcom_1_1cloudera_1_1impala_1_1authorization_1_1AuthorizationChecker.html#a5e656d00862f4508f817b63bd2c0e863">provider_</a> = null;</div> |
| <div class="line"><a name="l00058"></a><span class="lineno"> 58</span>  <a class="code" href="classcom_1_1cloudera_1_1impala_1_1authorization_1_1AuthorizationChecker.html#afc19f2a3a15ba1b3739cf3fae2dbb20d">server_</a> = null;</div> |
| <div class="line"><a name="l00059"></a><span class="lineno"> 59</span>  }</div> |
| <div class="line"><a name="l00060"></a><span class="lineno"> 60</span>  }</div> |
| <div class="line"><a name="l00061"></a><span class="lineno"> 61</span> </div> |
| <div class="line"><a name="l00062"></a><span class="lineno"> 62</span>  <span class="comment">/*</span></div> |
| <div class="line"><a name="l00063"></a><span class="lineno"> 63</span> <span class="comment"> * Creates a new ResourceAuthorizationProvider based on the given configuration.</span></div> |
| <div class="line"><a name="l00064"></a><span class="lineno"> 64</span> <span class="comment"> */</span></div> |
| <div class="line"><a name="l00065"></a><span class="lineno"><a class="line" href="classcom_1_1cloudera_1_1impala_1_1authorization_1_1AuthorizationChecker.html#a93f8ab684c77474d39d859400eb93654"> 65</a></span>  <span class="keyword">private</span> <span class="keyword">static</span> ResourceAuthorizationProvider <a class="code" href="classcom_1_1cloudera_1_1impala_1_1authorization_1_1AuthorizationChecker.html#a93f8ab684c77474d39d859400eb93654">createProvider</a>(<a class="code" href="classcom_1_1cloudera_1_1impala_1_1authorization_1_1AuthorizationConfig.html">AuthorizationConfig</a> config,</div> |
| <div class="line"><a name="l00066"></a><span class="lineno"> 66</span>  <a class="code" href="classcom_1_1cloudera_1_1impala_1_1catalog_1_1AuthorizationPolicy.html">AuthorizationPolicy</a> policy) {</div> |
| <div class="line"><a name="l00067"></a><span class="lineno"> 67</span>  <span class="keywordflow">try</span> {</div> |
| <div class="line"><a name="l00068"></a><span class="lineno"> 68</span>  ProviderBackend providerBe;</div> |
| <div class="line"><a name="l00069"></a><span class="lineno"> 69</span>  <span class="comment">// Create the appropriate backend provider.</span></div> |
| <div class="line"><a name="l00070"></a><span class="lineno"> 70</span>  <span class="keywordflow">if</span> (config.<a class="code" href="classcom_1_1cloudera_1_1impala_1_1authorization_1_1AuthorizationConfig.html#a5768546a8fc8db18eb1a9256c1d80f76">isFileBasedPolicy</a>()) {</div> |
| <div class="line"><a name="l00071"></a><span class="lineno"> 71</span>  providerBe = <span class="keyword">new</span> SimpleFileProviderBackend(config.<a class="code" href="classcom_1_1cloudera_1_1impala_1_1authorization_1_1AuthorizationConfig.html#a5ba958fd6bdecb5c2cac4f4171147c90">getSentryConfig</a>().getConfig(),</div> |
| <div class="line"><a name="l00072"></a><span class="lineno"> 72</span>  config.<a class="code" href="classcom_1_1cloudera_1_1impala_1_1authorization_1_1AuthorizationConfig.html#a13cf028ae8c765b60811297f59defe67">getPolicyFile</a>());</div> |
| <div class="line"><a name="l00073"></a><span class="lineno"> 73</span>  } <span class="keywordflow">else</span> {</div> |
| <div class="line"><a name="l00074"></a><span class="lineno"> 74</span>  <span class="comment">// Note: The second parameter to the ProviderBackend is a "resourceFile" path</span></div> |
| <div class="line"><a name="l00075"></a><span class="lineno"> 75</span>  <span class="comment">// which is not used by Impala. We cannot pass 'null' so instead pass an empty</span></div> |
| <div class="line"><a name="l00076"></a><span class="lineno"> 76</span>  <span class="comment">// string.</span></div> |
| <div class="line"><a name="l00077"></a><span class="lineno"> 77</span>  providerBe = <span class="keyword">new</span> SimpleCacheProviderBackend(config.<a class="code" href="classcom_1_1cloudera_1_1impala_1_1authorization_1_1AuthorizationConfig.html#a5ba958fd6bdecb5c2cac4f4171147c90">getSentryConfig</a>().getConfig(),</div> |
| <div class="line"><a name="l00078"></a><span class="lineno"> 78</span>  <span class="stringliteral">""</span>);</div> |
| <div class="line"><a name="l00079"></a><span class="lineno"> 79</span>  Preconditions.checkNotNull(policy);</div> |
| <div class="line"><a name="l00080"></a><span class="lineno"> 80</span>  ProviderBackendContext context = <span class="keyword">new</span> ProviderBackendContext();</div> |
| <div class="line"><a name="l00081"></a><span class="lineno"> 81</span>  context.setBindingHandle(policy);</div> |
| <div class="line"><a name="l00082"></a><span class="lineno"> 82</span>  providerBe.initialize(context);</div> |
| <div class="line"><a name="l00083"></a><span class="lineno"> 83</span>  }</div> |
| <div class="line"><a name="l00084"></a><span class="lineno"> 84</span> </div> |
| <div class="line"><a name="l00085"></a><span class="lineno"> 85</span>  SimpleDBPolicyEngine engine =</div> |
| <div class="line"><a name="l00086"></a><span class="lineno"> 86</span>  <span class="keyword">new</span> SimpleDBPolicyEngine(config.<a class="code" href="classcom_1_1cloudera_1_1impala_1_1authorization_1_1AuthorizationConfig.html#a041c31da76467228c42baffa9e12246c">getServerName</a>(), providerBe);</div> |
| <div class="line"><a name="l00087"></a><span class="lineno"> 87</span> </div> |
| <div class="line"><a name="l00088"></a><span class="lineno"> 88</span>  <span class="comment">// Try to create an instance of the specified policy provider class.</span></div> |
| <div class="line"><a name="l00089"></a><span class="lineno"> 89</span>  <span class="comment">// Re-throw any exceptions that are encountered.</span></div> |
| <div class="line"><a name="l00090"></a><span class="lineno"> 90</span>  String policyFile = config.getPolicyFile() == null ? <span class="stringliteral">""</span> : config.<a class="code" href="classcom_1_1cloudera_1_1impala_1_1authorization_1_1AuthorizationConfig.html#a13cf028ae8c765b60811297f59defe67">getPolicyFile</a>();</div> |
| <div class="line"><a name="l00091"></a><span class="lineno"> 91</span>  <span class="keywordflow">return</span> (ResourceAuthorizationProvider) ConstructorUtils.invokeConstructor(</div> |
| <div class="line"><a name="l00092"></a><span class="lineno"> 92</span>  Class.forName(config.getPolicyProviderClassName()),</div> |
| <div class="line"><a name="l00093"></a><span class="lineno"> 93</span>  <span class="keyword">new</span> Object[] {policyFile, engine});</div> |
| <div class="line"><a name="l00094"></a><span class="lineno"> 94</span>  } <span class="keywordflow">catch</span> (Exception e) {</div> |
| <div class="line"><a name="l00095"></a><span class="lineno"> 95</span>  <span class="comment">// Re-throw as unchecked exception.</span></div> |
| <div class="line"><a name="l00096"></a><span class="lineno"> 96</span>  <span class="keywordflow">throw</span> <span class="keyword">new</span> IllegalStateException(</div> |
| <div class="line"><a name="l00097"></a><span class="lineno"> 97</span>  <span class="stringliteral">"Error creating ResourceAuthorizationProvider: "</span>, e);</div> |
| <div class="line"><a name="l00098"></a><span class="lineno"> 98</span>  }</div> |
| <div class="line"><a name="l00099"></a><span class="lineno"> 99</span>  }</div> |
| <div class="line"><a name="l00100"></a><span class="lineno"> 100</span> </div> |
| <div class="line"><a name="l00101"></a><span class="lineno"> 101</span>  <span class="comment">/*</span></div> |
| <div class="line"><a name="l00102"></a><span class="lineno"> 102</span> <span class="comment"> * Returns the configuration used to create this AuthorizationProvider.</span></div> |
| <div class="line"><a name="l00103"></a><span class="lineno"> 103</span> <span class="comment"> */</span></div> |
| <div class="line"><a name="l00104"></a><span class="lineno"><a class="line" href="classcom_1_1cloudera_1_1impala_1_1authorization_1_1AuthorizationChecker.html#aae9e8e67943c27928b9613a331250bed"> 104</a></span>  <span class="keyword">public</span> <a class="code" href="classcom_1_1cloudera_1_1impala_1_1authorization_1_1AuthorizationConfig.html">AuthorizationConfig</a> <a class="code" href="classcom_1_1cloudera_1_1impala_1_1authorization_1_1AuthorizationChecker.html#aae9e8e67943c27928b9613a331250bed">getConfig</a>() { <span class="keywordflow">return</span> <a class="code" href="classcom_1_1cloudera_1_1impala_1_1authorization_1_1AuthorizationChecker.html#a786e52b4c04685e2910e48e0338a28c1">config_</a>; }</div> |
| <div class="line"><a name="l00105"></a><span class="lineno"> 105</span> </div> |
| <div class="line"><a name="l00111"></a><span class="lineno"><a class="line" href="classcom_1_1cloudera_1_1impala_1_1authorization_1_1AuthorizationChecker.html#a8bb083f4d321f55d836f46f1be8258e2"> 111</a></span>  <span class="keyword">public</span> Set<String> <a class="code" href="classcom_1_1cloudera_1_1impala_1_1authorization_1_1AuthorizationChecker.html#a8bb083f4d321f55d836f46f1be8258e2">getUserGroups</a>(<a class="code" href="classcom_1_1cloudera_1_1impala_1_1authorization_1_1User.html">User</a> user) {</div> |
| <div class="line"><a name="l00112"></a><span class="lineno"> 112</span>  <span class="keywordflow">return</span> provider_.getGroupMapping().getGroups(user.<a class="code" href="classcom_1_1cloudera_1_1impala_1_1authorization_1_1User.html#ace708d6892f6823086d3c0696cc1b923">getShortName</a>());</div> |
| <div class="line"><a name="l00113"></a><span class="lineno"> 113</span>  }</div> |
| <div class="line"><a name="l00114"></a><span class="lineno"> 114</span> </div> |
| <div class="line"><a name="l00119"></a><span class="lineno"><a class="line" href="classcom_1_1cloudera_1_1impala_1_1authorization_1_1AuthorizationChecker.html#a1205cffee311c483ea38eccf166f931a"> 119</a></span>  <span class="keyword">public</span> <span class="keywordtype">void</span> <a class="code" href="classcom_1_1cloudera_1_1impala_1_1authorization_1_1AuthorizationChecker.html#a1205cffee311c483ea38eccf166f931a">checkAccess</a>(<a class="code" href="classcom_1_1cloudera_1_1impala_1_1authorization_1_1User.html">User</a> user, <a class="code" href="classcom_1_1cloudera_1_1impala_1_1authorization_1_1PrivilegeRequest.html">PrivilegeRequest</a> privilegeRequest)</div> |
| <div class="line"><a name="l00120"></a><span class="lineno"> 120</span>  <span class="keywordflow">throws</span> <a class="code" href="classcom_1_1cloudera_1_1impala_1_1catalog_1_1AuthorizationException.html">AuthorizationException</a> {</div> |
| <div class="line"><a name="l00121"></a><span class="lineno"> 121</span>  Preconditions.checkNotNull(privilegeRequest);</div> |
| <div class="line"><a name="l00122"></a><span class="lineno"> 122</span> </div> |
| <div class="line"><a name="l00123"></a><span class="lineno"> 123</span>  <span class="keywordflow">if</span> (!<a class="code" href="classcom_1_1cloudera_1_1impala_1_1authorization_1_1AuthorizationChecker.html#a25ae8ea91cb5a66800d64e64de8227ab">hasAccess</a>(user, privilegeRequest)) {</div> |
| <div class="line"><a name="l00124"></a><span class="lineno"> 124</span>  <span class="keywordflow">if</span> (privilegeRequest.getAuthorizeable() instanceof <a class="code" href="classcom_1_1cloudera_1_1impala_1_1authorization_1_1AuthorizeableFn.html">AuthorizeableFn</a>) {</div> |
| <div class="line"><a name="l00125"></a><span class="lineno"> 125</span>  <span class="keywordflow">throw</span> <span class="keyword">new</span> <a class="code" href="classcom_1_1cloudera_1_1impala_1_1catalog_1_1AuthorizationException.html">AuthorizationException</a>(String.format(</div> |
| <div class="line"><a name="l00126"></a><span class="lineno"> 126</span>  <span class="stringliteral">"User '%s' does not have privileges to CREATE/DROP functions."</span>,</div> |
| <div class="line"><a name="l00127"></a><span class="lineno"> 127</span>  user.getName()));</div> |
| <div class="line"><a name="l00128"></a><span class="lineno"> 128</span>  }</div> |
| <div class="line"><a name="l00129"></a><span class="lineno"> 129</span> </div> |
| <div class="line"><a name="l00130"></a><span class="lineno"> 130</span>  <a class="code" href="enumcom_1_1cloudera_1_1impala_1_1authorization_1_1Privilege.html">Privilege</a> privilege = privilegeRequest.getPrivilege();</div> |
| <div class="line"><a name="l00131"></a><span class="lineno"> 131</span>  <span class="keywordflow">if</span> (EnumSet.of(<a class="code" href="enumcom_1_1cloudera_1_1impala_1_1authorization_1_1Privilege.html">Privilege</a>.<a class="code" href="enumcom_1_1cloudera_1_1impala_1_1authorization_1_1Privilege.html#a0afdb7884521372f875e9c6e37adab31">ANY</a>, <a class="code" href="enumcom_1_1cloudera_1_1impala_1_1authorization_1_1Privilege.html">Privilege</a>.<a class="code" href="enumcom_1_1cloudera_1_1impala_1_1authorization_1_1Privilege.html#a522b48ac9d54d37c97ccf3505efb794f">ALL</a>, <a class="code" href="enumcom_1_1cloudera_1_1impala_1_1authorization_1_1Privilege.html">Privilege</a>.<a class="code" href="enumcom_1_1cloudera_1_1impala_1_1authorization_1_1Privilege.html#a9fed402dec0a3f059dd55d7fd24f96ff">VIEW_METADATA</a>)</div> |
| <div class="line"><a name="l00132"></a><span class="lineno"> 132</span>  .contains(privilege)) {</div> |
| <div class="line"><a name="l00133"></a><span class="lineno"> 133</span>  <span class="keywordflow">throw</span> <span class="keyword">new</span> <a class="code" href="classcom_1_1cloudera_1_1impala_1_1catalog_1_1AuthorizationException.html">AuthorizationException</a>(String.format(</div> |
| <div class="line"><a name="l00134"></a><span class="lineno"> 134</span>  <span class="stringliteral">"User '%s' does not have privileges to access: %s"</span>,</div> |
| <div class="line"><a name="l00135"></a><span class="lineno"> 135</span>  user.getName(), privilegeRequest.getName()));</div> |
| <div class="line"><a name="l00136"></a><span class="lineno"> 136</span>  } <span class="keywordflow">else</span> {</div> |
| <div class="line"><a name="l00137"></a><span class="lineno"> 137</span>  <span class="keywordflow">throw</span> <span class="keyword">new</span> <a class="code" href="classcom_1_1cloudera_1_1impala_1_1catalog_1_1AuthorizationException.html">AuthorizationException</a>(String.format(</div> |
| <div class="line"><a name="l00138"></a><span class="lineno"> 138</span>  <span class="stringliteral">"User '%s' does not have privileges to execute '%s' on: %s"</span>,</div> |
| <div class="line"><a name="l00139"></a><span class="lineno"> 139</span>  user.getName(), privilege, privilegeRequest.getName()));</div> |
| <div class="line"><a name="l00140"></a><span class="lineno"> 140</span>  }</div> |
| <div class="line"><a name="l00141"></a><span class="lineno"> 141</span>  }</div> |
| <div class="line"><a name="l00142"></a><span class="lineno"> 142</span>  }</div> |
| <div class="line"><a name="l00143"></a><span class="lineno"> 143</span> </div> |
| <div class="line"><a name="l00144"></a><span class="lineno"> 144</span>  <span class="comment">/*</span></div> |
| <div class="line"><a name="l00145"></a><span class="lineno"> 145</span> <span class="comment"> * Returns true if the given user has permission to execute the given</span></div> |
| <div class="line"><a name="l00146"></a><span class="lineno"> 146</span> <span class="comment"> * request, false otherwise. Always returns true if authorization is disabled.</span></div> |
| <div class="line"><a name="l00147"></a><span class="lineno"> 147</span> <span class="comment"> */</span></div> |
| <div class="line"><a name="l00148"></a><span class="lineno"><a class="line" href="classcom_1_1cloudera_1_1impala_1_1authorization_1_1AuthorizationChecker.html#a25ae8ea91cb5a66800d64e64de8227ab"> 148</a></span>  <span class="keyword">public</span> <span class="keywordtype">boolean</span> <a class="code" href="classcom_1_1cloudera_1_1impala_1_1authorization_1_1AuthorizationChecker.html#a25ae8ea91cb5a66800d64e64de8227ab">hasAccess</a>(<a class="code" href="classcom_1_1cloudera_1_1impala_1_1authorization_1_1User.html">User</a> user, <a class="code" href="classcom_1_1cloudera_1_1impala_1_1authorization_1_1PrivilegeRequest.html">PrivilegeRequest</a> request) {</div> |
| <div class="line"><a name="l00149"></a><span class="lineno"> 149</span>  Preconditions.checkNotNull(user);</div> |
| <div class="line"><a name="l00150"></a><span class="lineno"> 150</span>  Preconditions.checkNotNull(request);</div> |
| <div class="line"><a name="l00151"></a><span class="lineno"> 151</span> </div> |
| <div class="line"><a name="l00152"></a><span class="lineno"> 152</span>  <span class="comment">// If authorization is not enabled the user will always have access. If this is</span></div> |
| <div class="line"><a name="l00153"></a><span class="lineno"> 153</span>  <span class="comment">// an internal request, the user will always have permission.</span></div> |
| <div class="line"><a name="l00154"></a><span class="lineno"> 154</span>  <span class="keywordflow">if</span> (!<a class="code" href="classcom_1_1cloudera_1_1impala_1_1authorization_1_1AuthorizationChecker.html#a786e52b4c04685e2910e48e0338a28c1">config_</a>.<a class="code" href="classcom_1_1cloudera_1_1impala_1_1authorization_1_1AuthorizationConfig.html#adeccbd612316e1d3548d6ec2c46e9b0f">isEnabled</a>() || user instanceof <a class="code" href="classcom_1_1cloudera_1_1impala_1_1authorization_1_1ImpalaInternalAdminUser.html">ImpalaInternalAdminUser</a>) {</div> |
| <div class="line"><a name="l00155"></a><span class="lineno"> 155</span>  <span class="keywordflow">return</span> <span class="keyword">true</span>;</div> |
| <div class="line"><a name="l00156"></a><span class="lineno"> 156</span>  }</div> |
| <div class="line"><a name="l00157"></a><span class="lineno"> 157</span> </div> |
| <div class="line"><a name="l00158"></a><span class="lineno"> 158</span>  EnumSet<DBModelAction> actions = request.getPrivilege().getHiveActions();</div> |
| <div class="line"><a name="l00159"></a><span class="lineno"> 159</span> </div> |
| <div class="line"><a name="l00160"></a><span class="lineno"> 160</span>  List<DBModelAuthorizable> authorizeables = Lists.newArrayList(</div> |
| <div class="line"><a name="l00161"></a><span class="lineno"> 161</span>  server_.getHiveAuthorizeableHierarchy());</div> |
| <div class="line"><a name="l00162"></a><span class="lineno"> 162</span>  <span class="comment">// If request.getAuthorizeable() is null, the request is for server-level permission.</span></div> |
| <div class="line"><a name="l00163"></a><span class="lineno"> 163</span>  <span class="keywordflow">if</span> (request.<a class="code" href="classcom_1_1cloudera_1_1impala_1_1authorization_1_1PrivilegeRequest.html#a925d456586c67845876fcbdb1c6acb1d">getAuthorizeable</a>() != null) {</div> |
| <div class="line"><a name="l00164"></a><span class="lineno"> 164</span>  authorizeables.addAll(request.getAuthorizeable().getHiveAuthorizeableHierarchy());</div> |
| <div class="line"><a name="l00165"></a><span class="lineno"> 165</span>  }</div> |
| <div class="line"><a name="l00166"></a><span class="lineno"> 166</span> </div> |
| <div class="line"><a name="l00167"></a><span class="lineno"> 167</span>  <span class="comment">// The Hive Access API does not currently provide a way to check if the user</span></div> |
| <div class="line"><a name="l00168"></a><span class="lineno"> 168</span>  <span class="comment">// has any privileges on a given resource.</span></div> |
| <div class="line"><a name="l00169"></a><span class="lineno"> 169</span>  <span class="keywordflow">if</span> (request.<a class="code" href="classcom_1_1cloudera_1_1impala_1_1authorization_1_1PrivilegeRequest.html#a9449c5b404ecb06025e857fe738047df">getPrivilege</a>().getAnyOf()) {</div> |
| <div class="line"><a name="l00170"></a><span class="lineno"> 170</span>  <span class="keywordflow">for</span> (DBModelAction action: actions) {</div> |
| <div class="line"><a name="l00171"></a><span class="lineno"> 171</span>  <span class="keywordflow">if</span> (<a class="code" href="classcom_1_1cloudera_1_1impala_1_1authorization_1_1AuthorizationChecker.html#a5e656d00862f4508f817b63bd2c0e863">provider_</a>.hasAccess(<span class="keyword">new</span> Subject(user.<a class="code" href="classcom_1_1cloudera_1_1impala_1_1authorization_1_1User.html#ace708d6892f6823086d3c0696cc1b923">getShortName</a>()), authorizeables,</div> |
| <div class="line"><a name="l00172"></a><span class="lineno"> 172</span>  EnumSet.of(action), <a class="code" href="namespaceimpala__udf.html#a790d3383266c2a2ac837719b434b6d4aa32f9ddb062393a118b7dd138f71a3ff0">ActiveRoleSet.ALL</a>)) {</div> |
| <div class="line"><a name="l00173"></a><span class="lineno"> 173</span>  <span class="keywordflow">return</span> <span class="keyword">true</span>;</div> |
| <div class="line"><a name="l00174"></a><span class="lineno"> 174</span>  }</div> |
| <div class="line"><a name="l00175"></a><span class="lineno"> 175</span>  }</div> |
| <div class="line"><a name="l00176"></a><span class="lineno"> 176</span>  <span class="keywordflow">return</span> <span class="keyword">false</span>;</div> |
| <div class="line"><a name="l00177"></a><span class="lineno"> 177</span>  } <span class="keywordflow">else</span> <span class="keywordflow">if</span> (request.<a class="code" href="classcom_1_1cloudera_1_1impala_1_1authorization_1_1PrivilegeRequest.html#a9449c5b404ecb06025e857fe738047df">getPrivilege</a>() == Privilege.CREATE && authorizeables.size() > 1) {</div> |
| <div class="line"><a name="l00178"></a><span class="lineno"> 178</span>  <span class="comment">// CREATE on an object requires CREATE on the parent,</span></div> |
| <div class="line"><a name="l00179"></a><span class="lineno"> 179</span>  <span class="comment">// so don't check access on the object we're creating.</span></div> |
| <div class="line"><a name="l00180"></a><span class="lineno"> 180</span>  authorizeables.remove(authorizeables.size() - 1);</div> |
| <div class="line"><a name="l00181"></a><span class="lineno"> 181</span>  }</div> |
| <div class="line"><a name="l00182"></a><span class="lineno"> 182</span>  <span class="keywordflow">return</span> provider_.hasAccess(<span class="keyword">new</span> Subject(user.<a class="code" href="classcom_1_1cloudera_1_1impala_1_1authorization_1_1User.html#ace708d6892f6823086d3c0696cc1b923">getShortName</a>()), authorizeables, actions,</div> |
| <div class="line"><a name="l00183"></a><span class="lineno"> 183</span>  ActiveRoleSet.ALL);</div> |
| <div class="line"><a name="l00184"></a><span class="lineno"> 184</span>  }</div> |
| <div class="line"><a name="l00185"></a><span class="lineno"> 185</span> }</div> |
| <div class="ttc" id="classcom_1_1cloudera_1_1impala_1_1authorization_1_1PrivilegeRequest_html"><div class="ttname"><a href="classcom_1_1cloudera_1_1impala_1_1authorization_1_1PrivilegeRequest.html">com.cloudera.impala.authorization.PrivilegeRequest</a></div><div class="ttdef"><b>Definition:</b> <a href="PrivilegeRequest_8java_source.html#l00024">PrivilegeRequest.java:24</a></div></div> |
| <div class="ttc" id="classcom_1_1cloudera_1_1impala_1_1authorization_1_1AuthorizationChecker_html_a25ae8ea91cb5a66800d64e64de8227ab"><div class="ttname"><a href="classcom_1_1cloudera_1_1impala_1_1authorization_1_1AuthorizationChecker.html#a25ae8ea91cb5a66800d64e64de8227ab">com.cloudera.impala.authorization.AuthorizationChecker.hasAccess</a></div><div class="ttdeci">boolean hasAccess(User user, PrivilegeRequest request)</div><div class="ttdef"><b>Definition:</b> <a href="AuthorizationChecker_8java_source.html#l00148">AuthorizationChecker.java:148</a></div></div> |
| <div class="ttc" id="classcom_1_1cloudera_1_1impala_1_1authorization_1_1PrivilegeRequest_html_a9449c5b404ecb06025e857fe738047df"><div class="ttname"><a href="classcom_1_1cloudera_1_1impala_1_1authorization_1_1PrivilegeRequest.html#a9449c5b404ecb06025e857fe738047df">com.cloudera.impala.authorization.PrivilegeRequest.getPrivilege</a></div><div class="ttdeci">Privilege getPrivilege()</div><div class="ttdef"><b>Definition:</b> <a href="PrivilegeRequest_8java_source.html#l00051">PrivilegeRequest.java:51</a></div></div> |
| <div class="ttc" id="classcom_1_1cloudera_1_1impala_1_1authorization_1_1User_html"><div class="ttname"><a href="classcom_1_1cloudera_1_1impala_1_1authorization_1_1User.html">com.cloudera.impala.authorization.User</a></div><div class="ttdef"><b>Definition:</b> <a href="User_8java_source.html#l00022">User.java:22</a></div></div> |
| <div class="ttc" id="classcom_1_1cloudera_1_1impala_1_1authorization_1_1AuthorizeableFn_html"><div class="ttname"><a href="classcom_1_1cloudera_1_1impala_1_1authorization_1_1AuthorizeableFn.html">com.cloudera.impala.authorization.AuthorizeableFn</a></div><div class="ttdef"><b>Definition:</b> <a href="AuthorizeableFn_8java_source.html#l00027">AuthorizeableFn.java:27</a></div></div> |
| <div class="ttc" id="classcom_1_1cloudera_1_1impala_1_1authorization_1_1AuthorizationChecker_html_aae9e8e67943c27928b9613a331250bed"><div class="ttname"><a href="classcom_1_1cloudera_1_1impala_1_1authorization_1_1AuthorizationChecker.html#aae9e8e67943c27928b9613a331250bed">com.cloudera.impala.authorization.AuthorizationChecker.getConfig</a></div><div class="ttdeci">AuthorizationConfig getConfig()</div><div class="ttdef"><b>Definition:</b> <a href="AuthorizationChecker_8java_source.html#l00104">AuthorizationChecker.java:104</a></div></div> |
| <div class="ttc" id="classcom_1_1cloudera_1_1impala_1_1authorization_1_1AuthorizationConfig_html_a5ba958fd6bdecb5c2cac4f4171147c90"><div class="ttname"><a href="classcom_1_1cloudera_1_1impala_1_1authorization_1_1AuthorizationConfig.html#a5ba958fd6bdecb5c2cac4f4171147c90">com.cloudera.impala.authorization.AuthorizationConfig.getSentryConfig</a></div><div class="ttdeci">SentryConfig getSentryConfig()</div><div class="ttdef"><b>Definition:</b> <a href="AuthorizationConfig_8java_source.html#l00143">AuthorizationConfig.java:143</a></div></div> |
| <div class="ttc" id="classcom_1_1cloudera_1_1impala_1_1authorization_1_1AuthorizationChecker_html_afc19f2a3a15ba1b3739cf3fae2dbb20d"><div class="ttname"><a href="classcom_1_1cloudera_1_1impala_1_1authorization_1_1AuthorizationChecker.html#afc19f2a3a15ba1b3739cf3fae2dbb20d">com.cloudera.impala.authorization.AuthorizationChecker.server_</a></div><div class="ttdeci">final AuthorizeableServer server_</div><div class="ttdef"><b>Definition:</b> <a href="AuthorizationChecker_8java_source.html#l00044">AuthorizationChecker.java:44</a></div></div> |
| <div class="ttc" id="classcom_1_1cloudera_1_1impala_1_1authorization_1_1User_html_ace708d6892f6823086d3c0696cc1b923"><div class="ttname"><a href="classcom_1_1cloudera_1_1impala_1_1authorization_1_1User.html#ace708d6892f6823086d3c0696cc1b923">com.cloudera.impala.authorization.User.getShortName</a></div><div class="ttdeci">String getShortName()</div><div class="ttdef"><b>Definition:</b> <a href="User_8java_source.html#l00037">User.java:37</a></div></div> |
| <div class="ttc" id="classcom_1_1cloudera_1_1impala_1_1catalog_1_1AuthorizationPolicy_html"><div class="ttname"><a href="classcom_1_1cloudera_1_1impala_1_1catalog_1_1AuthorizationPolicy.html">com.cloudera.impala.catalog.AuthorizationPolicy</a></div><div class="ttdef"><b>Definition:</b> <a href="AuthorizationPolicy_8java_source.html#l00055">AuthorizationPolicy.java:55</a></div></div> |
| <div class="ttc" id="classcom_1_1cloudera_1_1impala_1_1authorization_1_1AuthorizationChecker_html_a5e656d00862f4508f817b63bd2c0e863"><div class="ttname"><a href="classcom_1_1cloudera_1_1impala_1_1authorization_1_1AuthorizationChecker.html#a5e656d00862f4508f817b63bd2c0e863">com.cloudera.impala.authorization.AuthorizationChecker.provider_</a></div><div class="ttdeci">final ResourceAuthorizationProvider provider_</div><div class="ttdef"><b>Definition:</b> <a href="AuthorizationChecker_8java_source.html#l00042">AuthorizationChecker.java:42</a></div></div> |
| <div class="ttc" id="namespaceimpala__udf_html_a790d3383266c2a2ac837719b434b6d4aa32f9ddb062393a118b7dd138f71a3ff0"><div class="ttname"><a href="namespaceimpala__udf.html#a790d3383266c2a2ac837719b434b6d4aa32f9ddb062393a118b7dd138f71a3ff0">impala_udf::ALL</a></div><div class="ttdef"><b>Definition:</b> <a href="uda-test-harness_8h_source.html#l00033">uda-test-harness.h:33</a></div></div> |
| <div class="ttc" id="classcom_1_1cloudera_1_1impala_1_1authorization_1_1AuthorizationChecker_html_a8bb083f4d321f55d836f46f1be8258e2"><div class="ttname"><a href="classcom_1_1cloudera_1_1impala_1_1authorization_1_1AuthorizationChecker.html#a8bb083f4d321f55d836f46f1be8258e2">com.cloudera.impala.authorization.AuthorizationChecker.getUserGroups</a></div><div class="ttdeci">Set< String > getUserGroups(User user)</div><div class="ttdef"><b>Definition:</b> <a href="AuthorizationChecker_8java_source.html#l00111">AuthorizationChecker.java:111</a></div></div> |
| <div class="ttc" id="classcom_1_1cloudera_1_1impala_1_1authorization_1_1AuthorizationConfig_html_adeccbd612316e1d3548d6ec2c46e9b0f"><div class="ttname"><a href="classcom_1_1cloudera_1_1impala_1_1authorization_1_1AuthorizationConfig.html#adeccbd612316e1d3548d6ec2c46e9b0f">com.cloudera.impala.authorization.AuthorizationConfig.isEnabled</a></div><div class="ttdeci">boolean isEnabled()</div><div class="ttdef"><b>Definition:</b> <a href="AuthorizationConfig_8java_source.html#l00118">AuthorizationConfig.java:118</a></div></div> |
| <div class="ttc" id="classcom_1_1cloudera_1_1impala_1_1authorization_1_1AuthorizationChecker_html"><div class="ttname"><a href="classcom_1_1cloudera_1_1impala_1_1authorization_1_1AuthorizationChecker.html">com.cloudera.impala.authorization.AuthorizationChecker</a></div><div class="ttdef"><b>Definition:</b> <a href="AuthorizationChecker_8java_source.html#l00041">AuthorizationChecker.java:41</a></div></div> |
| <div class="ttc" id="classcom_1_1cloudera_1_1impala_1_1authorization_1_1AuthorizationChecker_html_a1205cffee311c483ea38eccf166f931a"><div class="ttname"><a href="classcom_1_1cloudera_1_1impala_1_1authorization_1_1AuthorizationChecker.html#a1205cffee311c483ea38eccf166f931a">com.cloudera.impala.authorization.AuthorizationChecker.checkAccess</a></div><div class="ttdeci">void checkAccess(User user, PrivilegeRequest privilegeRequest)</div><div class="ttdef"><b>Definition:</b> <a href="AuthorizationChecker_8java_source.html#l00119">AuthorizationChecker.java:119</a></div></div> |
| <div class="ttc" id="enumcom_1_1cloudera_1_1impala_1_1authorization_1_1Privilege_html_a522b48ac9d54d37c97ccf3505efb794f"><div class="ttname"><a href="enumcom_1_1cloudera_1_1impala_1_1authorization_1_1Privilege.html#a522b48ac9d54d37c97ccf3505efb794f">com.cloudera.impala.authorization.Privilege.ALL</a></div><div class="ttdeci">ALL</div><div class="ttdef"><b>Definition:</b> <a href="Privilege_8java_source.html#l00025">Privilege.java:25</a></div></div> |
| <div class="ttc" id="enumcom_1_1cloudera_1_1impala_1_1authorization_1_1Privilege_html"><div class="ttname"><a href="enumcom_1_1cloudera_1_1impala_1_1authorization_1_1Privilege.html">com.cloudera.impala.authorization.Privilege</a></div><div class="ttdef"><b>Definition:</b> <a href="Privilege_8java_source.html#l00024">Privilege.java:24</a></div></div> |
| <div class="ttc" id="classcom_1_1cloudera_1_1impala_1_1authorization_1_1AuthorizationChecker_html_a93f8ab684c77474d39d859400eb93654"><div class="ttname"><a href="classcom_1_1cloudera_1_1impala_1_1authorization_1_1AuthorizationChecker.html#a93f8ab684c77474d39d859400eb93654">com.cloudera.impala.authorization.AuthorizationChecker.createProvider</a></div><div class="ttdeci">static ResourceAuthorizationProvider createProvider(AuthorizationConfig config, AuthorizationPolicy policy)</div><div class="ttdef"><b>Definition:</b> <a href="AuthorizationChecker_8java_source.html#l00065">AuthorizationChecker.java:65</a></div></div> |
| <div class="ttc" id="enumcom_1_1cloudera_1_1impala_1_1authorization_1_1Privilege_html_a9fed402dec0a3f059dd55d7fd24f96ff"><div class="ttname"><a href="enumcom_1_1cloudera_1_1impala_1_1authorization_1_1Privilege.html#a9fed402dec0a3f059dd55d7fd24f96ff">com.cloudera.impala.authorization.Privilege.VIEW_METADATA</a></div><div class="ttdeci">VIEW_METADATA</div><div class="ttdef"><b>Definition:</b> <a href="Privilege_8java_source.html#l00032">Privilege.java:32</a></div></div> |
| <div class="ttc" id="classcom_1_1cloudera_1_1impala_1_1authorization_1_1AuthorizationConfig_html"><div class="ttname"><a href="classcom_1_1cloudera_1_1impala_1_1authorization_1_1AuthorizationConfig.html">com.cloudera.impala.authorization.AuthorizationConfig</a></div><div class="ttdef"><b>Definition:</b> <a href="AuthorizationConfig_8java_source.html#l00027">AuthorizationConfig.java:27</a></div></div> |
| <div class="ttc" id="classcom_1_1cloudera_1_1impala_1_1authorization_1_1AuthorizationConfig_html_a13cf028ae8c765b60811297f59defe67"><div class="ttname"><a href="classcom_1_1cloudera_1_1impala_1_1authorization_1_1AuthorizationConfig.html#a13cf028ae8c765b60811297f59defe67">com.cloudera.impala.authorization.AuthorizationConfig.getPolicyFile</a></div><div class="ttdeci">String getPolicyFile()</div><div class="ttdef"><b>Definition:</b> <a href="AuthorizationConfig_8java_source.html#l00138">AuthorizationConfig.java:138</a></div></div> |
| <div class="ttc" id="classcom_1_1cloudera_1_1impala_1_1authorization_1_1ImpalaInternalAdminUser_html"><div class="ttname"><a href="classcom_1_1cloudera_1_1impala_1_1authorization_1_1ImpalaInternalAdminUser.html">com.cloudera.impala.authorization.ImpalaInternalAdminUser</a></div><div class="ttdef"><b>Definition:</b> <a href="ImpalaInternalAdminUser_8java_source.html#l00022">ImpalaInternalAdminUser.java:22</a></div></div> |
| <div class="ttc" id="classcom_1_1cloudera_1_1impala_1_1authorization_1_1AuthorizationChecker_html_a786e52b4c04685e2910e48e0338a28c1"><div class="ttname"><a href="classcom_1_1cloudera_1_1impala_1_1authorization_1_1AuthorizationChecker.html#a786e52b4c04685e2910e48e0338a28c1">com.cloudera.impala.authorization.AuthorizationChecker.config_</a></div><div class="ttdeci">final AuthorizationConfig config_</div><div class="ttdef"><b>Definition:</b> <a href="AuthorizationChecker_8java_source.html#l00043">AuthorizationChecker.java:43</a></div></div> |
| <div class="ttc" id="classcom_1_1cloudera_1_1impala_1_1authorization_1_1AuthorizeableServer_html"><div class="ttname"><a href="classcom_1_1cloudera_1_1impala_1_1authorization_1_1AuthorizeableServer.html">com.cloudera.impala.authorization.AuthorizeableServer</a></div><div class="ttdef"><b>Definition:</b> <a href="AuthorizeableServer_8java_source.html#l00031">AuthorizeableServer.java:31</a></div></div> |
| <div class="ttc" id="classcom_1_1cloudera_1_1impala_1_1catalog_1_1AuthorizationException_html"><div class="ttname"><a href="classcom_1_1cloudera_1_1impala_1_1catalog_1_1AuthorizationException.html">com.cloudera.impala.catalog.AuthorizationException</a></div><div class="ttdef"><b>Definition:</b> <a href="AuthorizationException_8java_source.html#l00021">AuthorizationException.java:21</a></div></div> |
| <div class="ttc" id="classcom_1_1cloudera_1_1impala_1_1authorization_1_1PrivilegeRequest_html_a925d456586c67845876fcbdb1c6acb1d"><div class="ttname"><a href="classcom_1_1cloudera_1_1impala_1_1authorization_1_1PrivilegeRequest.html#a925d456586c67845876fcbdb1c6acb1d">com.cloudera.impala.authorization.PrivilegeRequest.getAuthorizeable</a></div><div class="ttdeci">Authorizeable getAuthorizeable()</div><div class="ttdef"><b>Definition:</b> <a href="PrivilegeRequest_8java_source.html#l00057">PrivilegeRequest.java:57</a></div></div> |
| <div class="ttc" id="classcom_1_1cloudera_1_1impala_1_1authorization_1_1AuthorizationConfig_html_a041c31da76467228c42baffa9e12246c"><div class="ttname"><a href="classcom_1_1cloudera_1_1impala_1_1authorization_1_1AuthorizationConfig.html#a041c31da76467228c42baffa9e12246c">com.cloudera.impala.authorization.AuthorizationConfig.getServerName</a></div><div class="ttdeci">String getServerName()</div><div class="ttdef"><b>Definition:</b> <a href="AuthorizationConfig_8java_source.html#l00133">AuthorizationConfig.java:133</a></div></div> |
| <div class="ttc" id="enumcom_1_1cloudera_1_1impala_1_1authorization_1_1Privilege_html_a0afdb7884521372f875e9c6e37adab31"><div class="ttname"><a href="enumcom_1_1cloudera_1_1impala_1_1authorization_1_1Privilege.html#a0afdb7884521372f875e9c6e37adab31">com.cloudera.impala.authorization.Privilege.ANY</a></div><div class="ttdeci">ANY</div><div class="ttdef"><b>Definition:</b> <a href="Privilege_8java_source.html#l00035">Privilege.java:35</a></div></div> |
| <div class="ttc" id="classcom_1_1cloudera_1_1impala_1_1authorization_1_1AuthorizationChecker_html_a3887160f6ea6c7179848e30c35ce38e1"><div class="ttname"><a href="classcom_1_1cloudera_1_1impala_1_1authorization_1_1AuthorizationChecker.html#a3887160f6ea6c7179848e30c35ce38e1">com.cloudera.impala.authorization.AuthorizationChecker.AuthorizationChecker</a></div><div class="ttdeci">AuthorizationChecker(AuthorizationConfig config, AuthorizationPolicy policy)</div><div class="ttdef"><b>Definition:</b> <a href="AuthorizationChecker_8java_source.html#l00049">AuthorizationChecker.java:49</a></div></div> |
| <div class="ttc" id="classcom_1_1cloudera_1_1impala_1_1authorization_1_1AuthorizationConfig_html_a5768546a8fc8db18eb1a9256c1d80f76"><div class="ttname"><a href="classcom_1_1cloudera_1_1impala_1_1authorization_1_1AuthorizationConfig.html#a5768546a8fc8db18eb1a9256c1d80f76">com.cloudera.impala.authorization.AuthorizationConfig.isFileBasedPolicy</a></div><div class="ttdeci">boolean isFileBasedPolicy()</div><div class="ttdef"><b>Definition:</b> <a href="AuthorizationConfig_8java_source.html#l00128">AuthorizationConfig.java:128</a></div></div> |
| </div><!-- fragment --></div><!-- contents --> |
| </div><!-- doc-content --> |
| <!-- start footer part --> |
| <div id="nav-path" class="navpath"><!-- id is needed for treeview function! --> |
| <ul> |
| <li class="navelem"><a class="el" href="dir_ca2797c59c2e868cd2eca72571423f6a.html">fe</a></li><li class="navelem"><a class="el" href="dir_9456c03c9c6e5a96e843b28fc5c6395b.html">src</a></li><li class="navelem"><a class="el" href="dir_31c8d7a6e8855be2d8d6fa4227c487c3.html">main</a></li><li class="navelem"><a class="el" href="dir_d2615d3423c50009d0fa2801d3e0150c.html">java</a></li><li class="navelem"><a class="el" href="dir_df2af9fb37a2f3aedd0dd3e7b116eedc.html">com</a></li><li class="navelem"><a class="el" href="dir_48ee7e70be44cce637301d7ac948c4e1.html">cloudera</a></li><li class="navelem"><a class="el" href="dir_c062777d65f1b5dc463ca31df638b83a.html">impala</a></li><li class="navelem"><a class="el" href="dir_bec895f44d6fcd300d320a07cbbd7871.html">authorization</a></li><li class="navelem"><a class="el" href="AuthorizationChecker_8java.html">AuthorizationChecker.java</a></li> |
| <li class="footer">Generated on Thu May 7 2015 16:10:38 for Impala by |
| <a href="http://www.doxygen.org/index.html"> |
| <img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.8.6 </li> |
| </ul> |
| </div> |
| </body> |
| </html> |
