准备认证机制代码

场景说明

在安全集群环境下，各个组件之间的相互通信不能够简单的互通，而需要在通信之前进行相互认证，以确保通信的安全性。HBase应用开发需要进行ZooKeeper和Kerberos安全认证。用于ZooKeeper认证的文件为“jaas.conf”以及用于Kerberos安全认证的keytab文件和principal文件您可以联系管理员创建并获取。具体使用方法在样例代码中会有详细说明。

安全认证主要采用代码认证方式。支持Oracle JAVA平台和IBM JAVA平台。

• 代码认证

try {
   init();
   login();
   } 
catch (IOException e) {
   LOG.error("Failed to login because ", e);
   return;
}

• 初始化配置

private static void init() throws IOException{
     // Default load from conf directory
     CONF = new Configuration();
     String userdir = System.getProperty("user.dir") + File.separator + "conf" + File.separator;
     CONF.addResource(new Path(userdir + "core-site.xml"));
     CONF.addResource(new Path(userdir + "hdfs-site.xml"));
     CONF.addResource(new Path(userdir + "hbase-site.xml"));
}

• 安全登录

请根据实际情况，修改“userName”为实际用户名，例如“hbaseuser1”。

private static void login() throws IOException {
    if (User.isHBaseSecurityEnabled(conf)) {
      String userdir = System.getProperty("user.dir") + File.separator + "conf" + File.separator;
      userName = "HBaseDeveloper";
      userKeytabFile = userdir + "user.keytab";
      krb5File = userdir + "krb5.conf";

      /*
       * if need to connect zk, please provide jaas info about zk. of course,
       * you can do it as below:
       * System.setProperty("java.security.auth.login.config", confDirPath +
       * "jaas.conf"); but the demo can help you more : Note: if this process
       * will connect more than one zk cluster, the demo may be not proper. you
       * can contact us for more help
       */
      LoginUtil.setJaasConf(ZOOKEEPER_DEFAULT_LOGIN_CONTEXT_NAME, userName, userKeytabFile);
      LoginUtil.setZookeeperServerPrincipal(ZOOKEEPER_SERVER_PRINCIPAL_KEY,
          ZOOKEEPER_DEFAULT_SERVER_PRINCIPAL);
      LoginUtil.login(userName, userKeytabFile, krb5File, conf);
    }
  }