Na Li created SENTRY-2091:
-----------------------------
Summary: User-based Privilege is broken by SENTRY-769
Key: SENTRY-2091
URL: https://issues.apache.org/jira/browse/SENTRY-2091
Project: Sentry
Issue Type: Bug
Components: Sentry
Affects Versions: 2.1.0
Reporter: Na Li
Assignee: Na Li
SENTRY-769 throws exception when a user has no group. This breaks user-based
privilege as the exception prevents getting privilege using user-based
privilege.
For example, in the following code
{code}
Set<String> userPrivileges =
authProvider.getPolicyEngine().getPrivileges(
authProvider.getGroupMapping().getGroups(userName),
Sets.newHashSet(userName),
hiveAuthzBinding.getActiveRoleSet(),
hiveAuthzBinding.getAuthServer());
{code}
when user has no group, the exception causes the processing stops even when
user has privilege.
The solution is to catch the exception, and continue the processing.
{code}
try {
Set<String> groups = null;
try {
groups = authProvider.getGroupMapping().getGroups(userName)
} catch (SentryGroupNotFoundException ex) {
log.debug(...);
groups = new HashSet<String>();
}
Set<String> userPrivileges =
authProvider.getPolicyEngine().getPrivileges(
groups, Sets.newHashSet(userName),
hiveAuthzBinding.getActiveRoleSet(),
hiveAuthzBinding.getAuthServer());
...
}
{code}
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
