You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@hive.apache.org by "Sushanth Sowmyan (JIRA)" <ji...@apache.org> on 2013/08/10 02:06:48 UTC

[jira] [Commented] (HIVE-5048) StorageBasedAuthorization provider causes an NPE when asked to authorize from client side.

    [ https://issues.apache.org/jira/browse/HIVE-5048?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13735560#comment-13735560 ] 

Sushanth Sowmyan commented on HIVE-5048:
----------------------------------------

Note on reproduction, you'd hit this issue only if you have hive.security.authorization.enabled set to true, and hive.security.authorization.manager set to "org.apache.hadoop.hive.ql.security.authorization.StorageBasedAuthorizationProvider".

If anyone is experiencing this issue, the work around till this bug is fixed is one of the following :

a) If you would like to turn off the client-side authorization provider, set "hive.security.authorization.enabled" to false.
b) If you desire another client-side authorization instead, set "hive.security.authorization.manager" to something SBAP
c) If you want SBAP behaviour for your authorization, you can use this from the metastore-side, by setting "hive.security.metastore.authorization.manager" to "org.apache.hadoop.hive.ql.security.authorization.StorageBasedAuthorizationProvider" (sets HMAP as SBAP) and "hive.metastore.pre.event.listeners" to "org.apache.hadoop.hive.ql.security.AuthorizationPreEventListener" (turns on metastore-side auth)




                
> StorageBasedAuthorization provider causes an NPE when asked to authorize from client side.
> ------------------------------------------------------------------------------------------
>
>                 Key: HIVE-5048
>                 URL: https://issues.apache.org/jira/browse/HIVE-5048
>             Project: Hive
>          Issue Type: Bug
>          Components: Security
>            Reporter: Sushanth Sowmyan
>            Assignee: Sushanth Sowmyan
>
> StorageBasedAuthorizationProvider(henceforth referred to as SBAP) is a HiveMetastoreAuthorizationProvider (henceforth referred to as HMAP, and HiveAuthorizationProvider as HAP) that was introduced as part of HIVE-3705.
> As long as it's used as a HMAP, i.e. from the metastore-side, as was its initial implementation intent, everything's great. However, HMAP extends HAP, and there is no reason SBAP shouldn't be expected to work as a HAP as well. However, it uses a wh variable that is never initialized if it is called as a HAP, and hence, it will always fail when authorize is called on it.
> We should change SBAP so that it correctly initiazes wh so that it can be run as a HAP as well.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira