You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by pr...@apache.org on 2021/12/09 04:24:29 UTC

[ranger] 01/02: RANGER-3298: Add coarse URI check for Hive Agent -PMD fix

This is an automated email from the ASF dual-hosted git repository.

pradeep pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git

commit 00dd3fcd88aa6e10bf1f2e3a68c76a85c7218de2
Author: Ramesh Mani <rm...@apache.org>
AuthorDate: Wed Dec 8 10:42:37 2021 -0800

    RANGER-3298: Add coarse URI check for Hive Agent -PMD fix
    
    Signed-off-by: pradeep <pr...@apache.org>
---
 .../ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java b/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
index ad857e4..951e550 100644
--- a/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
+++ b/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
@@ -66,7 +66,6 @@ import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveResourceACLs;
 import org.apache.hadoop.hive.ql.session.SessionState;
 import org.apache.hadoop.ipc.Server;
 import org.apache.hadoop.security.UserGroupInformation;
-import org.apache.ranger.authorization.hadoop.config.RangerConfiguration;
 import org.apache.ranger.authorization.hadoop.constants.RangerHadoopConstants;
 import org.apache.ranger.authorization.utils.StringUtil;
 import org.apache.ranger.plugin.model.RangerPolicy;
@@ -862,7 +861,7 @@ public class RangerHiveAuthorizer extends RangerHiveAuthorizerBase {
             }
 
             if (shouldCheckAccess) {
-              if (!isURIAccessAllowed(user, permission, path, fs, RangerHivePlugin.URIPermissionCoarseCheck)) {
+              if (!isURIAccessAllowed(user, permission, path, fs)) {
                 throw new HiveAccessControlException(
                     String.format("Permission denied: user [%s] does not have [%s] privilege on [%s]", user,
                         permission.name(), path));
@@ -960,7 +959,7 @@ public class RangerHiveAuthorizer extends RangerHiveAuthorizerBase {
             }
 
             if (shouldCheckAccess) {
-              if (!isURIAccessAllowed(user, permission, path, fs, RangerHivePlugin.URIPermissionCoarseCheck)) {
+              if (!isURIAccessAllowed(user, permission, path, fs)) {
                 throw new HiveAccessControlException(
                     String.format("Permission denied: user [%s] does not have [%s] privilege on [%s]", user,
                         permission.name(), path));
@@ -2099,7 +2098,7 @@ public class RangerHiveAuthorizer extends RangerHiveAuthorizerBase {
 	}
 
   private boolean isURIAccessAllowed(String userName, FsAction action, Path filePath, FileSystem fs) {
-		return isURIAccessAllowed(userName, action, filePath, fs, false);
+		return isURIAccessAllowed(userName, action, filePath, fs, RangerHivePlugin.URIPermissionCoarseCheck);
 	}
 
 	private boolean isURIAccessAllowed(String userName, FsAction action, Path filePath, FileSystem fs, boolean coarseCheck) {