package org.apache.hadoop.hive.ql.security.authorization.plugin.metastore;

import java.io.IOException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.hive.conf.HiveConf;
import org.apache.hadoop.hive.metastore.HiveMetaStore;
import org.apache.hadoop.hive.metastore.MetaStoreFilterHook;
import org.apache.hadoop.hive.metastore.MetaStorePreEventListener;
import org.apache.hadoop.hive.metastore.TableType;
import org.apache.hadoop.hive.metastore.api.Catalog;
import org.apache.hadoop.hive.metastore.api.Database;
import org.apache.hadoop.hive.metastore.api.InvalidOperationException;
import org.apache.hadoop.hive.metastore.api.MetaException;
import org.apache.hadoop.hive.metastore.api.NoSuchObjectException;
import org.apache.hadoop.hive.metastore.api.Partition;
import org.apache.hadoop.hive.metastore.api.PartitionSpec;
import org.apache.hadoop.hive.metastore.api.Table;
import org.apache.hadoop.hive.metastore.api.TableMeta;
import org.apache.hadoop.hive.metastore.events.PreAlterTableEvent;
import org.apache.hadoop.hive.metastore.events.PreCreateTableEvent;
import org.apache.hadoop.hive.metastore.events.PreDropTableEvent;
import org.apache.hadoop.hive.metastore.events.PreEventContext;
import org.apache.hadoop.hive.metastore.utils.MetaStoreUtils;
import org.apache.hadoop.hive.ql.metadata.HiveException;
import org.apache.hadoop.hive.ql.metadata.HiveUtils;
import org.apache.hadoop.hive.ql.security.HiveMetastoreAuthenticationProvider;
import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizer;
import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizerFactory;
import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzSessionContext;
import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveMetastoreClientFactoryImpl;
import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject;
import org.apache.hadoop.hive.ql.security.authorization.plugin.metastore.events.AddPartitionEvent;
import org.apache.hadoop.hive.ql.security.authorization.plugin.metastore.events.AlterDatabaseEvent;
import org.apache.hadoop.hive.ql.security.authorization.plugin.metastore.events.AlterPartitionEvent;
import org.apache.hadoop.hive.ql.security.authorization.plugin.metastore.events.AlterTableEvent;
import org.apache.hadoop.hive.ql.security.authorization.plugin.metastore.events.CreateDatabaseEvent;
import org.apache.hadoop.hive.ql.security.authorization.plugin.metastore.events.CreateFunctionEvent;
import org.apache.hadoop.hive.ql.security.authorization.plugin.metastore.events.CreateTableEvent;
import org.apache.hadoop.hive.ql.security.authorization.plugin.metastore.events.DropDatabaseEvent;
import org.apache.hadoop.hive.ql.security.authorization.plugin.metastore.events.DropFunctionEvent;
import org.apache.hadoop.hive.ql.security.authorization.plugin.metastore.events.DropPartitionEvent;
import org.apache.hadoop.hive.ql.security.authorization.plugin.metastore.events.DropTableEvent;
import org.apache.hadoop.hive.ql.security.authorization.plugin.metastore.events.LoadPartitionDoneEvent;
import org.apache.hadoop.hive.ql.security.authorization.plugin.metastore.events.ReadDatabaseEvent;
import org.apache.hadoop.hive.ql.security.authorization.plugin.metastore.events.ReadTableEvent;
import org.apache.hadoop.hive.ql.security.authorization.plugin.metastore.filtercontext.DatabaseFilterContext;
import org.apache.hadoop.hive.ql.security.authorization.plugin.metastore.filtercontext.TableFilterContext;
import org.apache.hadoop.security.UserGroupInformation;

/* loaded from: input_file:org/apache/hadoop/hive/ql/security/authorization/plugin/metastore/HiveMetaStoreAuthorizer.class */
public class HiveMetaStoreAuthorizer extends MetaStorePreEventListener implements MetaStoreFilterHook {
    private static final Log LOG = LogFactory.getLog(HiveMetaStoreAuthorizer.class);
    private static final ThreadLocal<Configuration> tConfig = new ThreadLocal<Configuration>() { // from class: org.apache.hadoop.hive.ql.security.authorization.plugin.metastore.HiveMetaStoreAuthorizer.1
        /* JADX INFO: Access modifiers changed from: protected */
        /* JADX WARN: Can't rename method to resolve collision */
        @Override // java.lang.ThreadLocal
        public Configuration initialValue() {
            return null;
        }
    };
    private static final ThreadLocal<HiveMetastoreAuthenticationProvider> tAuthenticator = new ThreadLocal<HiveMetastoreAuthenticationProvider>() { // from class: org.apache.hadoop.hive.ql.security.authorization.plugin.metastore.HiveMetaStoreAuthorizer.2
        /* JADX INFO: Access modifiers changed from: protected */
        /* JADX WARN: Can't rename method to resolve collision */
        @Override // java.lang.ThreadLocal
        public HiveMetastoreAuthenticationProvider initialValue() {
            try {
                return (HiveMetastoreAuthenticationProvider) HiveUtils.getAuthenticator((Configuration) HiveMetaStoreAuthorizer.tConfig.get(), HiveConf.ConfVars.HIVE_METASTORE_AUTHENTICATOR_MANAGER);
            } catch (HiveException e) {
                throw new IllegalStateException("Authentication provider instantiation failure", e);
            }
        }
    };

    public HiveMetaStoreAuthorizer(Configuration configuration) {
        super(configuration);
    }

    @Override // org.apache.hadoop.hive.metastore.MetaStorePreEventListener
    public final void onEvent(PreEventContext preEventContext) throws MetaException, NoSuchObjectException, InvalidOperationException {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> HiveMetaStoreAuthorizer.onEvent(): EventType=" + preEventContext.getEventType());
        }
        try {
            HiveAuthorizer createHiveMetaStoreAuthorizer = createHiveMetaStoreAuthorizer();
            if (!skipAuthorization()) {
                checkPrivileges(buildAuthzContext(preEventContext), createHiveMetaStoreAuthorizer);
            }
            if (LOG.isDebugEnabled()) {
                LOG.debug("<== HiveMetaStoreAuthorizer.onEvent(): EventType=" + preEventContext.getEventType());
            }
        } catch (Exception e) {
            LOG.error("HiveMetaStoreAuthorizer.onEvent(): failed", e);
            throw new MetaException(e.getMessage());
        }
    }

    @Override // org.apache.hadoop.hive.metastore.MetaStoreFilterHook
    public final List<String> filterDatabases(List<String> list) throws MetaException {
        if (LOG.isDebugEnabled()) {
            LOG.debug("HiveMetaStoreAuthorizer.filterDatabases()");
        }
        if (list == null) {
            return Collections.emptyList();
        }
        List<String> filterDatabaseObjects = filterDatabaseObjects(new DatabaseFilterContext(list).getAuthzContext());
        if (CollectionUtils.isEmpty(filterDatabaseObjects)) {
            filterDatabaseObjects = Collections.emptyList();
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("HiveMetaStoreAuthorizer.filterDatabases() :" + filterDatabaseObjects);
        }
        return filterDatabaseObjects;
    }

    @Override // org.apache.hadoop.hive.metastore.MetaStoreFilterHook
    public final Database filterDatabase(Database database) throws MetaException, NoSuchObjectException {
        if (database != null) {
            String name = database.getName();
            if (filterDatabases(Collections.singletonList(name)).isEmpty()) {
                throw new NoSuchObjectException(String.format("Database %s does not exist", name));
            }
        }
        return database;
    }

    @Override // org.apache.hadoop.hive.metastore.MetaStoreFilterHook
    public final List<String> filterTableNames(String str, String str2, List<String> list) throws MetaException {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> HiveMetaStoreAuthorizer.filterTableNames()");
        }
        List<String> list2 = null;
        if (list != null) {
            String dBName = getDBName(str2);
            list2 = filterTableNames(new TableFilterContext(dBName, list).getAuthzContext(), dBName, list);
            if (CollectionUtils.isEmpty(list2)) {
                list2 = Collections.emptyList();
            }
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== HiveMetaStoreAuthorizer.filterTableNames() : " + list2);
        }
        return list2;
    }

    @Override // org.apache.hadoop.hive.metastore.MetaStoreFilterHook
    public final Table filterTable(Table table) throws MetaException, NoSuchObjectException {
        if (table == null || !filterTables(Collections.singletonList(table)).isEmpty()) {
            return table;
        }
        throw new NoSuchObjectException(String.format("Database %s does not exist", table.getTableName()));
    }

    @Override // org.apache.hadoop.hive.metastore.MetaStoreFilterHook
    public final List<Table> filterTables(List<Table> list) throws MetaException {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> HiveMetaStoreAuthorizer.filterTables()");
        }
        List<Table> list2 = null;
        if (list != null) {
            list2 = filterTableObjects(new TableFilterContext(list).getAuthzContext(), list);
            if (CollectionUtils.isEmpty(list2)) {
                list2 = Collections.emptyList();
            }
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== HiveMetaStoreAuthorizer.filterTables(): " + list2);
        }
        return list2;
    }

    @Override // org.apache.hadoop.hive.metastore.MetaStoreFilterHook
    public final Catalog filterCatalog(Catalog catalog) throws MetaException {
        return catalog;
    }

    @Override // org.apache.hadoop.hive.metastore.MetaStoreFilterHook
    public final List<String> filterCatalogs(List<String> list) throws MetaException {
        return list;
    }

    @Override // org.apache.hadoop.hive.metastore.MetaStoreFilterHook
    public final List<TableMeta> filterTableMetas(String str, String str2, List<TableMeta> list) throws MetaException {
        return list;
    }

    @Override // org.apache.hadoop.hive.metastore.MetaStoreFilterHook
    public final List<Partition> filterPartitions(List<Partition> list) throws MetaException {
        return list;
    }

    @Override // org.apache.hadoop.hive.metastore.MetaStoreFilterHook
    public final List<PartitionSpec> filterPartitionSpecs(List<PartitionSpec> list) throws MetaException {
        return list;
    }

    @Override // org.apache.hadoop.hive.metastore.MetaStoreFilterHook
    public final Partition filterPartition(Partition partition) throws MetaException, NoSuchObjectException {
        return partition;
    }

    @Override // org.apache.hadoop.hive.metastore.MetaStoreFilterHook
    public final List<String> filterPartitionNames(String str, String str2, String str3, List<String> list) throws MetaException {
        return list;
    }

    private List<String> filterDatabaseObjects(HiveMetaStoreAuthzInfo hiveMetaStoreAuthzInfo) throws MetaException {
        List<String> list = null;
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> HiveMetaStoreAuthorizer.filterDatabaseObjects()");
        }
        try {
            List<HivePrivilegeObject> filterListCmdObjects = createHiveMetaStoreAuthorizer().filterListCmdObjects(hiveMetaStoreAuthzInfo.getInputHObjs(), hiveMetaStoreAuthzInfo.getHiveAuthzContext());
            if (CollectionUtils.isNotEmpty(filterListCmdObjects)) {
                list = getFilterDatabaseList(filterListCmdObjects);
            }
            if (LOG.isDebugEnabled()) {
                LOG.debug("<== HiveMetaStoreAuthorizer.filterDatabaseObjects() :" + list);
            }
            return list;
        } catch (Exception e) {
            throw new MetaException("Error in HiveMetaStoreAuthorizer.filterDatabase()" + e.getMessage());
        }
    }

    private List<Table> filterTableObjects(HiveMetaStoreAuthzInfo hiveMetaStoreAuthzInfo, List<Table> list) throws MetaException {
        List<Table> list2 = null;
        try {
            List<HivePrivilegeObject> filterListCmdObjects = createHiveMetaStoreAuthorizer().filterListCmdObjects(hiveMetaStoreAuthzInfo.getInputHObjs(), hiveMetaStoreAuthzInfo.getHiveAuthzContext());
            if (CollectionUtils.isNotEmpty(filterListCmdObjects)) {
                list2 = getFilteredTableList(filterListCmdObjects, list);
            }
            return list2;
        } catch (Exception e) {
            throw new MetaException("Error in HiveMetaStoreAuthorizer.filterTables()" + e.getMessage());
        }
    }

    private List<String> getFilterDatabaseList(List<HivePrivilegeObject> list) {
        ArrayList arrayList = new ArrayList();
        Iterator<HivePrivilegeObject> it = list.iterator();
        while (it.hasNext()) {
            arrayList.add(it.next().getDbname());
        }
        return arrayList;
    }

    private List<Table> getFilteredTableList(List<HivePrivilegeObject> list, List<Table> list2) {
        ArrayList arrayList = new ArrayList();
        for (HivePrivilegeObject hivePrivilegeObject : list) {
            Table filteredTable = getFilteredTable(hivePrivilegeObject.getDbname(), hivePrivilegeObject.getObjectName(), list2);
            if (filteredTable != null) {
                arrayList.add(filteredTable);
            }
        }
        return arrayList;
    }

    private Table getFilteredTable(String str, String str2, List<Table> list) {
        Table table = null;
        Iterator<Table> it = list.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            Table next = it.next();
            String dbName = next.getDbName();
            String tableName = next.getTableName();
            if (str.equals(dbName) && str2.equals(tableName)) {
                table = next;
                break;
            }
        }
        return table;
    }

    private List<String> filterTableNames(HiveMetaStoreAuthzInfo hiveMetaStoreAuthzInfo, String str, List<String> list) throws MetaException {
        List<String> list2 = null;
        try {
            List<HivePrivilegeObject> filterListCmdObjects = createHiveMetaStoreAuthorizer().filterListCmdObjects(hiveMetaStoreAuthzInfo.getInputHObjs(), hiveMetaStoreAuthzInfo.getHiveAuthzContext());
            if (CollectionUtils.isNotEmpty(filterListCmdObjects)) {
                list2 = getFilteredTableNames(filterListCmdObjects, str, list);
            }
            return list2;
        } catch (Exception e) {
            throw new MetaException("Error in HiveMetaStoreAuthorizer.filterTables()" + e.getMessage());
        }
    }

    private List<String> getFilteredTableNames(List<HivePrivilegeObject> list, String str, List<String> list2) {
        ArrayList arrayList = new ArrayList();
        for (HivePrivilegeObject hivePrivilegeObject : list) {
            String filteredTableNames = getFilteredTableNames(hivePrivilegeObject.getDbname(), hivePrivilegeObject.getObjectName(), str, list2);
            if (filteredTableNames != null) {
                arrayList.add(filteredTableNames);
            }
        }
        return arrayList;
    }

    private String getFilteredTableNames(String str, String str2, String str3, List<String> list) {
        String str4 = null;
        Iterator<String> it = list.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            String next = it.next();
            if (str.equals(str3) && str2.equals(next)) {
                str4 = next;
                break;
            }
        }
        return str4;
    }

    private String getDBName(String str) {
        if (str != null) {
            return str.substring(str.indexOf("#") + 1);
        }
        return null;
    }

    HiveMetaStoreAuthzInfo buildAuthzContext(PreEventContext preEventContext) throws MetaException {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> HiveMetaStoreAuthorizer.buildAuthzContext(): EventType=" + preEventContext.getEventType());
        }
        HiveMetaStoreAuthorizableEvent hiveMetaStoreAuthorizableEvent = null;
        if (preEventContext != null) {
            switch (preEventContext.getEventType()) {
                case CREATE_DATABASE:
                    hiveMetaStoreAuthorizableEvent = new CreateDatabaseEvent(preEventContext);
                    break;
                case ALTER_DATABASE:
                    hiveMetaStoreAuthorizableEvent = new AlterDatabaseEvent(preEventContext);
                    break;
                case DROP_DATABASE:
                    hiveMetaStoreAuthorizableEvent = new DropDatabaseEvent(preEventContext);
                    break;
                case CREATE_TABLE:
                    hiveMetaStoreAuthorizableEvent = new CreateTableEvent(preEventContext);
                    if (isViewOperation(preEventContext) && !isSuperUser(getCurrentUser(hiveMetaStoreAuthorizableEvent))) {
                        ((PreCreateTableEvent) preEventContext).getTable().getParameters().put("Authorized", "false");
                        break;
                    }
                    break;
                case ALTER_TABLE:
                    hiveMetaStoreAuthorizableEvent = new AlterTableEvent(preEventContext);
                    if (isViewOperation(preEventContext) && !isSuperUser(getCurrentUser(hiveMetaStoreAuthorizableEvent))) {
                        ((PreAlterTableEvent) preEventContext).getNewTable().getParameters().put("Authorized", "false");
                        break;
                    }
                    break;
                case DROP_TABLE:
                    hiveMetaStoreAuthorizableEvent = new DropTableEvent(preEventContext);
                    if (!isViewOperation(preEventContext) || !isSuperUser(getCurrentUser(hiveMetaStoreAuthorizableEvent))) {
                    }
                    break;
                case ADD_PARTITION:
                    hiveMetaStoreAuthorizableEvent = new AddPartitionEvent(preEventContext);
                    break;
                case ALTER_PARTITION:
                    hiveMetaStoreAuthorizableEvent = new AlterPartitionEvent(preEventContext);
                    break;
                case LOAD_PARTITION_DONE:
                    hiveMetaStoreAuthorizableEvent = new LoadPartitionDoneEvent(preEventContext);
                    break;
                case DROP_PARTITION:
                    hiveMetaStoreAuthorizableEvent = new DropPartitionEvent(preEventContext);
                    break;
                case READ_TABLE:
                    hiveMetaStoreAuthorizableEvent = new ReadTableEvent(preEventContext);
                    break;
                case READ_DATABASE:
                    hiveMetaStoreAuthorizableEvent = new ReadDatabaseEvent(preEventContext);
                    break;
                case CREATE_FUNCTION:
                    hiveMetaStoreAuthorizableEvent = new CreateFunctionEvent(preEventContext);
                    break;
                case DROP_FUNCTION:
                    hiveMetaStoreAuthorizableEvent = new DropFunctionEvent(preEventContext);
                    break;
                case AUTHORIZATION_API_CALL:
                case READ_ISCHEMA:
                case CREATE_ISCHEMA:
                case DROP_ISCHEMA:
                case ALTER_ISCHEMA:
                case ADD_SCHEMA_VERSION:
                case ALTER_SCHEMA_VERSION:
                case DROP_SCHEMA_VERSION:
                case READ_SCHEMA_VERSION:
                case CREATE_CATALOG:
                case ALTER_CATALOG:
                case DROP_CATALOG:
                    if (!isSuperUser(getCurrentUser())) {
                        throw new MetaException(getErrorMessage(preEventContext, getCurrentUser()));
                    }
                    break;
            }
        }
        HiveMetaStoreAuthzInfo authzContext = hiveMetaStoreAuthorizableEvent != null ? hiveMetaStoreAuthorizableEvent.getAuthzContext() : null;
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== HiveMetaStoreAuthorizer.buildAuthzContext(): EventType=" + preEventContext.getEventType() + "; ret=" + authzContext);
        }
        return authzContext;
    }

    HiveAuthorizer createHiveMetaStoreAuthorizer() throws Exception {
        HiveAuthorizer hiveAuthorizer = null;
        HiveConf hiveConf = (HiveConf) tConfig.get();
        if (hiveConf == null) {
            HiveConf hiveConf2 = new HiveConf(super.getConf(), HiveConf.class);
            tConfig.set(hiveConf2);
            hiveConf = hiveConf2;
        }
        HiveAuthorizerFactory authorizerFactory = HiveUtils.getAuthorizerFactory(hiveConf, HiveConf.ConfVars.HIVE_AUTHORIZATION_MANAGER);
        if (authorizerFactory != null) {
            HiveMetastoreAuthenticationProvider hiveMetastoreAuthenticationProvider = tAuthenticator.get();
            hiveMetastoreAuthenticationProvider.setConf(hiveConf);
            HiveAuthzSessionContext.Builder builder = new HiveAuthzSessionContext.Builder();
            builder.setClientType(HiveAuthzSessionContext.CLIENT_TYPE.HIVEMETASTORE);
            builder.setSessionString("HiveMetaStore");
            hiveAuthorizer = authorizerFactory.createHiveAuthorizer(new HiveMetastoreClientFactoryImpl(), hiveConf, hiveMetastoreAuthenticationProvider, builder.build());
        }
        return hiveAuthorizer;
    }

    boolean isSuperUser(String str) {
        return MetaStoreUtils.checkUserHasHostProxyPrivileges(str, getConf(), HiveMetaStore.HMSHandler.getIPAddress());
    }

    boolean isViewOperation(PreEventContext preEventContext) {
        boolean z = false;
        switch (preEventContext.getEventType()) {
            case CREATE_TABLE:
                z = isViewType(((PreCreateTableEvent) preEventContext).getTable());
                break;
            case ALTER_TABLE:
                PreAlterTableEvent preAlterTableEvent = (PreAlterTableEvent) preEventContext;
                z = isViewType(preAlterTableEvent.getOldTable()) || isViewType(preAlterTableEvent.getNewTable());
                break;
            case DROP_TABLE:
                z = isViewType(((PreDropTableEvent) preEventContext).getTable());
                break;
        }
        return z;
    }

    private void checkPrivileges(HiveMetaStoreAuthzInfo hiveMetaStoreAuthzInfo, HiveAuthorizer hiveAuthorizer) throws MetaException {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> HiveMetaStoreAuthorizer.checkPrivileges(): authzContext=" + hiveMetaStoreAuthzInfo + ", authorizer=" + hiveAuthorizer);
        }
        try {
            hiveAuthorizer.checkPrivileges(hiveMetaStoreAuthzInfo.getOperationType(), hiveMetaStoreAuthzInfo.getInputHObjs(), hiveMetaStoreAuthzInfo.getOutputHObjs(), hiveMetaStoreAuthzInfo.getHiveAuthzContext());
            if (LOG.isDebugEnabled()) {
                LOG.debug("<== HiveMetaStoreAuthorizer.checkPrivileges(): authzContext=" + hiveMetaStoreAuthzInfo + ", authorizer=" + hiveAuthorizer);
            }
        } catch (Exception e) {
            throw new MetaException(e.getMessage());
        }
    }

    private boolean skipAuthorization() {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> HiveMetaStoreAuthorizer.skipAuthorization()");
        }
        UserGroupInformation ugi = getUGI();
        boolean isSuperUser = ugi == null ? true : isSuperUser(ugi.getShortUserName());
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== HiveMetaStoreAuthorizer.skipAuthorization(): " + isSuperUser);
        }
        return isSuperUser;
    }

    private boolean isViewType(Table table) {
        boolean z = false;
        String tableType = table.getTableType();
        if (TableType.MATERIALIZED_VIEW.name().equals(tableType) || TableType.VIRTUAL_VIEW.name().equals(tableType)) {
            z = true;
        }
        return z;
    }

    private String getErrorMessage(PreEventContext preEventContext, String str) {
        return "Operation type " + preEventContext.getEventType().name() + " not allowed for user:" + str;
    }

    private String getErrorMessage(String str, String str2) {
        return "Operation type " + str + " not allowed for user:" + str2;
    }

    private String getCurrentUser() {
        try {
            return UserGroupInformation.getCurrentUser().getShortUserName();
        } catch (IOException e) {
            return null;
        }
    }

    private String getCurrentUser(HiveMetaStoreAuthorizableEvent hiveMetaStoreAuthorizableEvent) {
        return hiveMetaStoreAuthorizableEvent.getAuthzContext().getUGI().getShortUserName();
    }

    private UserGroupInformation getUGI() {
        try {
            return UserGroupInformation.getCurrentUser();
        } catch (IOException e) {
            return null;
        }
    }
}
