自定義Hive權(quán)限控制(4)擴展Hive以實現(xiàn)自定義權(quán)限控制

??public static enum ConfVars {	KUXUNUSER("hive.kuxun.username",""), //用戶名	KUXUNPASSWORD("hive.kuxun.password",""),//密碼	KUXUN_HIVESERVER_URL("hive.kuxun.hiveserver.url",""), //權(quán)限認證數(shù)據(jù)庫地址	KUXUN_HIVESERVER_USER("hive.kuxun.hiveserver.username",""),//權(quán)限認證數(shù)據(jù)庫用戶名	KUXUN_HIVESERVER_PASSWORD("hive.kuxun.hiveserver.password",""),//權(quán)限認證數(shù)據(jù)庫密碼	KUXUN_RESERVE_A("hive.kuxun.resrver.a",""),//保留	KUXUN_RESERVE_B("hive.kuxun.resrver.b",""),//保留	KUXUN_RESERVE_C("hive.kuxun.resrver.c",""),//保留	KUXUN_RESERVE_D("hive.kuxun.resrver.d",""),//保留????????.......}

private String username ="";private String password ="";

this.username = HiveConf.getVar(conf, HiveConf.ConfVars.KUXUNUSER);this.password = HiveConf.getVar(conf, HiveConf.ConfVars.KUXUNPASSWORD);

private void doAuthorizationExtend(BaseSemanticAnalyzer sem) throws HiveException, AuthorizationException {	//獲取用戶權(quán)限信息	UserAuthDataMode ua ;	try{	ua = new UserAuthDataMode(this.username,this.password,this.conf);	ua.run();	}catch(Exception e){	throw new AuthorizationException(e.getMessage());	}	if(ua.isSuperUser()){	LOG.error("current user is super user,do not check authorization.");	return ;	}	LOG.warn("current user is ["+this.username+"]. start check authorization.......");????LOG.warn("current user["+this.username+"] execute command ["+this.userCommand+"].");?	HashSet inputs = sem.getInputs();	SessionState ss = SessionState.get();	HiveOperation op = ss.getHiveOperation();	if (op != null) {}//不處理這種方式，hiveserver并不提供寫入操作	LOG.debug("---------auth KUXUN--------------");	if (inputs != null && inputs.size() > 0) {	if (inputs.size() > ua.getMaxMapCount()){	String errorMsg = "The max partition numbers which you can handler in one job is ["+ua.getMaxMapCount()+"],but current is ["+inputs.size()+"]. Pemission denied.";	Exception ex = new Exception(errorMsg);	throw new AuthorizationException(errorMsg,ex);	}	for (ReadEntity read : inputs) {	if (read.getPartition() != null) {	Table tbl = read.getTable();	String tblName = tbl.getTableName();	LOG.debug("-----dbName.tableName---------"+tbl.getDbName()+"."+tblName);	String tblFullName = tbl.getDbName()+"."+tblName;	//如果當前表所在db不在用戶權(quán)限db中 ,同時表不在用戶權(quán)限table中，則拋出異常	if(ua.getDbNameList().indexOf(tbl.getDbName()) partValueList = part.getValues();	List partList = tbl.getPartitionKeys();	int partSize = partList.size();	for (int i=0;i tsoTopMap = parseCtx	.getTopToTable();?	for (Map.Entry> topOpMap : querySem	.getParseContext().getTopOps().entrySet()) {	Operator topOp = topOpMap	.getValue();	if (topOp instanceof TableScanOperator	&& tsoTopMap.containsKey(topOp)) {	TableScanOperator tableScanOp = (TableScanOperator) topOp;	Table tbl = tsoTopMap.get(tableScanOp);	String dbName = tbl.getDbName();	String tblName = tbl.getTableName();	List neededColumnIds = tableScanOp	.getNeededColumnIDs();	List columns = tbl.getCols();	List cols = new ArrayList();	if (neededColumnIds != null){	LOG.debug("-------neededColumnIds-----"+neededColumnIds.size());	}else{	LOG.debug("-------neededColumnIds-----null");	}	if (neededColumnIds != null	&& neededColumnIds.size() > 0) {	for (int i = 0; i < neededColumnIds.size(); i++) {	cols.add(columns.get(neededColumnIds.get(i))	.getName());	}	} else {	for (int i = 0; i < columns.size(); i++) {	cols.add(columns.get(i).getName());	}	}	//判斷非分區(qū)表，是否存在于權(quán)限對象中	String fullTableName = dbName +"."+tblName;	if(ua.getDbNameList().indexOf(tbl.getDbName()) authColList = ua.getExcludeColumnList().get(fullTableName);	for(String col:cols){	if(authColList.indexOf(col) !=-1){	throw new AuthorizationException("table ["+fullTableName+"] column ["+col+"] Pemission denied.");	}	LOG.debug("--------col------------"+dbName+"."+tblName+":"+col);	}	}	//判斷是否有必須包含的列，但是在使用中沒有使用的	if(ua.getIncludeColumnList().containsKey(fullTableName)){	List authColList = ua.getIncludeColumnList().get(fullTableName);	for(String authCol:authColList){	if(cols.indexOf(authCol) == -1 ){	throw new AuthorizationException("table ["+fullTableName+"] must contain??column ["+authCol+"]. Pemission denied.");	}	}	}?	}	}	}	}}

public int compile(String command, boolean resetTaskIds){??????try{????	??doAuthorizationExtend(sem);??????}catch (AuthorizationException authExp){????	??errorMessage ="FAILED:Kuxun Authorization failed:" + authExp.getMessage()??????????+ " Please contact anyoneking@163.com for your information." ;????	??console.printError("Kuxun Authorization failed:" + authExp.getMessage()??????????????????+ "Please contact anyoneking@163.com for your information.");??????????????return 403;??????}}請注意：errorMessage在獲取異常后，必須要進行賦值，否則通過hive client訪問的時候，出現(xiàn)異常的時候不會給出異常提示，只會給出NUll。

??hive.kuxun.username??test???hive.kuxun.password??test?????hive.kuxun.hiveserver.url??jdbc:mysql://localhost:3306/hiveserver??hiveserver jdbc connection url???hive.kuxun.hiveserver.username??test??username to use against hiveserver database???hive.kuxun.hiveserver.password??test??password to use against hiveserver database