Support Questions

chrsvarma · ‎04-04-2016

not able to use refect function using beeline, same query just works fine with hivecli.

both in hivecli & beeline when i search for show functions i could see reflect .. I donot see any denials in ranger

SELECT reflect("java.net.URLDecoder","decode",search_query) FROM jlp_endeca_searches limit 5; Error: Error while compiling statement: FAILED: SemanticException UDF reflect is not allowed (state=42000,code=40000)

chrsvarma · ‎04-04-2016

desc function reflect; Error: Error while processing statement: FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.exec.DDLTask. org.apache.hadoop.hive.ql.parse.SemanticException: UDF reflect is not allowed (state=08S01,code=1)

it is working with hive though:

hive> describe function reflect; OK reflect(class,method[,arg1[,arg2..]]) calls method with reflection Time taken: 1.973 seconds, Fetched: 1 row(s)

agillan · ‎04-06-2016

Hi Raja, the Reflect UDF is actually blacklisted by default when running queries through HiveServer2 (beeline, ODBC, JDBC connections), as it can be a security risk. See this JIRA, for example: HIVE-8893. This works in hive CLI, because the hive CLI does not use HiveServer2. The JIRA is available in HDP 2.2.4 and higher.

You can check this by running this in beeline:

set hive.server2.builtin.udf.blacklist;

reflect will probably be listed there. You can remove it from the blacklist property and also make sure this property is empty:

hive.server2.builtin.udf.whitelist

Apply the changes and restart HiveServer2 and you should see the reflect UDF working.

See Apache Hive documentation on these properties for further info.

vinaykumarpotnu · ‎07-22-2016

Hi @Ana Gillan

how to remove reflect from the blacklist ?

oleggorj · ‎09-06-2017

Symptom

Not able to use reflect function using beeline, but the query works OK with Hvi CLI.

Error Message:

Error while compiling statement: FAILED: SemanticException UDF reflect is not allowed (state=42000,code=40000)

Cause

When running set hive.server2.builtin.udf.blacklist from beeline, it will return the following as blacklisted:

jdbc:hive2://localhost:10000/default> set hive.server2.builtin.udf.blacklist;

+------------------------------------------------------------------+--+

| set |

+------------------------------------------------------------------+--+

| hive.server2.builtin.udf.blacklist=reflect,reflect2,java_method |

+------------------------------------------------------------------+--+

Reflect UDF is blacklisted by default when running queries through HiveServer2 (beeline, ODBC, JDBC connections), as it was found to be a security risk.

The code was modified so if the parameter hive.server2.builtin.udf.blacklist has not been configured or it is blank, its default value will be "reflect,reflect2,java_method".

Resolution

1. Open the Ambari UI

2. Add the custom property in Ambari hive.server2.builtin.udf.blacklist under Hive / Configs / Advanced / Custom hive-site and give it any value, for example "empty_blacklist".

3. Restart services as requested by Ambari.

4. Connect again with beeline and verify that blacklist only includes the dummy value now.

0: jdbc:hive2://localhost:10000/default> set hive.server2.builtin.udf.blacklist;
+-------------------------------------------+--+

| hive.server2.builtin.udf.blacklist=empty_blacklist |

+-------------------------------------------+--+

5. Reflect should work now without issues.

Cloudera Community

Support Questions

UDF reflect is not allowed - beeline