JAVA connects to kerberos authenticated metastore

created at 06-13-2022 views: 2

Login to kerberos authentication

try {
            //Log in to kerberos
            String krb5File = paraConfig.getValue("Kerberos.krb5");
            String keyUser = paraConfig.getValue("Kerberos.keyuser");
            String keyPath = paraConfig.getValue("Kerberos.keyPath");
            String keyPrincipal = paraConfig.getValue("Kerberos.keyPrincipal");
            System.out.println("Start logging in to kerberos: user: " + keyUser + ", file: " + keyPath + ",keyPrincipal: " + keyPrincipal);

            //You can set export xxx=xxx directly in the startup script
            System.setProperty("java.security.krb5.conf", krb5File);
            System.setProperty("krb.principal", keyUser);
            System.out.println("Set system parameters completed" + krb5File + keyUser);
            Configuration conf = new Configuration();
            conf.set("hadoop.security.authentication", "kerberos");
            conf.set("kerberos.principal", keyPrincipal);
            UserGroupInformation.setConfiguration(conf);
            UserGroupInformation.loginUserFromKeytab(keyUser, keyPath);
            System.out.println("Login to kerberos successful! kerberos user: " + UserGroupInformation.getCurrentUser());
            return true;
        } catch (Throwable ex) {
            System.out.println("Login failure reason" + ex);
            return false;
        } finally {
            System.out.println("LOG END");
        }

Login to metastore

//The hive-site.xml file in the configuration path will be automatically loaded here; it stands to reason that the configuration will be overwritten, but my own configuration file has not been overwritten by the code; resulting in an error; understand my brother's guidance
HiveConf conf = new HiveConf();
        String value = config.getValue("HiveMetaStore.Principal");
        String sasl = config.getValue("HiveMetaStore.Sasl");
        String timeOut = config.getValue("HiveMetaStore.Timeout");
        String urls = config.getValue("HiveMetaStore.Uris");
        String retryDelay = config.getValue("HiveMetaStore.RetryDelay");
        LOG.info(String.format("The parameter is %s====%s======%s====%s====%s",value,sasl,timeOut,urls,retryDelay) );

        conf.setVar(HiveConf.ConfVars.METASTORE_KERBEROS_PRINCIPAL, value);
        conf.setVar(HiveConf.ConfVars.METASTORE_USE_THRIFT_SASL, sasl);
        conf.setVar(HiveConf.ConfVars.METASTORE_CLIENT_SOCKET_TIMEOUT, timeOut);
        conf.setVar(HiveConf.ConfVars.METASTOREURIS, urls);
        conf.setVar(HiveConf.ConfVars.METASTORE_CLIENT_CONNECT_RETRY_DELAY, retryDelay);

        DBName = config.getValue("Test.DBName", "probe_test");
        tableName = config.getValue("Test.TableName", "person_test");
        mode = Integer.parseInt(config.getValue("Test.Mode", "1"));

        client = new HiveMetaStoreClient(conf);

The startup script specifies HADOOP_HOME; If the hdfs file has user control, specify HADOOP_USER;

The configuration file is as follows:

#mode 1:չʾDB£»2½¨¿â ½¨±í 4 ɾ¿âɾ±í
Test.Mode=7
Test.DBName=test_probe_se
Test.TableName=test_person

#hive
HiveMetaStore.Sasl=true
HiveMetaStore.Timeout=50
HiveMetaStore.Uris=thrift://172.26.54.7:9083
HiveMetaStore.RetryDelay=5s

# kerberos
Kerberos.krb5=
Kerberos.keyuser=
Kerberos.keyPath=
Kerberos.keyPrincipal=
HiveMetaStore.Principal=

Personally, it is recommended not to put hive-site.xml into the package; the lesson of blood; Specify or use code configuration;

created at:06-13-2022
edited at: 06-13-2022: