用于安全Hbase的Java客户端

用于安全Hbase的Java客户端

本文介绍了用于安全Hbase的Java客户端的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

您好,我正在尝试为安全hbase编写一个java客户端。
我也想从代码本身做kinit,因为我使用的是用户组信息类。
任何人都可以指出我在哪里出错了吗?



这是Im试图连接obase的主要方法。



我必须在CONfiguration对象中添加配置,而不是使用xml,因为客户端可以位于任何位置。



请参阅以下代码:

  public static void main(String [] args){
try {
System .setProperty(CommonConstants.KRB_REALM,ConfigUtil.getProperty(CommonConstants.HADOOP_CONF,krb.realm));
System.setProperty(CommonConstants.KRB_KDC,ConfigUtil.getProperty(CommonConstants.HADOOP_CONF,krb.kdc));
System.setProperty(CommonConstants.KRB_DEBUG,true);

final配置config = HBaseConfiguration.create();

config.set(CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHENTICATION,AUTH_KRB);
config.set(CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHORIZATION,AUTHORIZATION);
config.set(CommonConfigurationKeysPublic.FS_AUTOMATIC_CLOSE_KEY,AUTO_CLOSE);
config.set(CommonConfigurationKeysPublic.FS_DEFAULT_NAME_KEY,defaultFS);
config.set(hbase.zookeeper.quorum,ConfigUtil.getProperty(CommonConstants.HBASE_CONF,hbase.host));
config.set(hbase.zookeeper.property.clientPort,ConfigUtil.getProperty(CommonConstants.HBASE_CONF,hbase.port));
config.set(hbase.client.retries.number,Integer.toString(0));
config.set(zookeeper.session.timeout,Integer.toString(6000));
config.set(zookeeper.recovery.retry,Integer.toString(0));
config.set(hbase.master,gauravt-namenode.pbi.global.pvt:60000);
config.set(zookeeper.znode.parent,/ hbase-secure);
config.set(hbase.rpc.engine,org.apache.hadoop.hbase.ipc.SecureRpcEngine);
config.set(hbase.security.authentication,AUTH_KRB);
config.set(hbase.security.authorization,AUTHORIZATION);
config.set(hbase.master.kerberos.principal,hbase / [email protected]);
config.set(hbase.master.keytab.file,D:/var/lib/bda/secure/keytabs/hbase.service.keytab);
config.set(hbase.regionserver.kerberos.principal,hbase / [email protected]);
config.set(hbase.regionserver.keytab.file,D:/var/lib/bda/secure/keytabs/hbase.service.keytab);

UserGroupInformation.setConfiguration(config);
UserGroupInformation userGroupInformation = UserGroupInformation.loginUserFromKeytabAndReturnUGI(hbase / [email protected],D:/var/lib/bda/secure/keytabs/hbase.service.keytab );
UserGroupInformation.setLoginUser(userGroupInformation);

User user = User.create(userGroupInformation);
$ b $ user.runAs(new PrivilegedExceptionAction< Object>(){
$ b $ @Override
public Object run()抛出Exception {
HBaseAdmin admins = new HBaseAdmin(config);

if(admins.isTableAvailable(ambarismoketest)){
System.out.println(Table is available);
};

HConnection connection = HConnectionManager.createConnection(config);

HTableInterface table = connection.getTable(ambarismoketest);



admins.close();
System.out.println(table.get(new Get(null)));
return table.get(new Get(null));
}
});
System.out.println(UserGroupInformation.getLoginUser()。getUserName());

$ b} catch(Exception e){
// TODO自动生成的catch块
e.printStackTrace();
}

我收到以下异常:

 原因:org.apache.hadoop.ipc.RemoteException(javax.security.sasl.SaslException):GSS在org.apache处启动失败
。 hadoop.hbase.security.HBaseSaslRpcClient.readStatus(HBaseSaslRpcClient.java:110)
位于org.apache.hadoop.hbase.security.HBaseSaslRpcClient.saslConnect(HBaseSaslRpcClient.java:146)
位于org.apache。 hadoop.hbase.ipc.RpcClient $ Connection.setupSaslConnection(RpcClient.java:762)
at org.apache.hadoop.hbase.ipc.RpcClient $ Connection.access $ 600(RpcClient.java:354)
在org.apache.hadoop.hbase.ipc.RpcClient $ Connection $ 2.run(RpcClient.java:883)
at org.apache.hadoop.hbase.ipc.RpcClient $ Connection $ 2.run(RpcClient.java: 880)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAs(Subject.java:396)
at org.apache.hadoop。 security.UserGroupInformation.doAs(UserGroupInformation.java:1491)
at org .apache.hadoop.hbase.ipc.RpcClient $ Connection.setupIOstreams(RpcClient.java:880)
... 33 more

任何指针都会有帮助。

解决方案

不确定您是否仍然需要帮助。我认为设置hadoop.security.authentication属性缺少您的代码段。

我使用以下代码片段连接到安全HBase(在CDH5上)。您可以试一下。

  config.set(hbase.zookeeper.quorum,zookeeperHosts); 
config.set(hbase.zookeeper.property.clientPort,zookeeperPort);
config.set(hadoop.security.authentication,kerberos);
config.set(hbase.security.authentication,kerberos);
config.set(hbase.master.kerberos.principal,HBASE_MASTER_PRINCIPAL);
config.set(hbase.regionserver.kerberos.principal,HBASE_RS_PRINCIPAL);

UserGroupInformation.setConfiguration(config);
用户组信息。

HBaseAdmin admins = new HBaseAdmin(config);
TableName [] tables = admins.listTableNames(); (TableName table:tables)

{
System.out.println(table.toString());
}


Hi I am trying to write a java client for secure hbase.I want to do kinit also from code itself for that i`m using the usergroup information class.Can anyone point out where am I going wrong here?

this is the main method that Im trying to connect o hbase from.

I have to add the configuration in the CONfiguration object rather than using the xml, because the client can be located anywhere.

Please see the code below:

    public static void main(String [] args) {
    try {
        System.setProperty(CommonConstants.KRB_REALM, ConfigUtil.getProperty(CommonConstants.HADOOP_CONF, "krb.realm"));
        System.setProperty(CommonConstants.KRB_KDC, ConfigUtil.getProperty(CommonConstants.HADOOP_CONF,"krb.kdc"));
        System.setProperty(CommonConstants.KRB_DEBUG, "true");

        final Configuration config = HBaseConfiguration.create();

        config.set(CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHENTICATION, AUTH_KRB);
        config.set(CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHORIZATION, AUTHORIZATION);
        config.set(CommonConfigurationKeysPublic.FS_AUTOMATIC_CLOSE_KEY, AUTO_CLOSE);
        config.set(CommonConfigurationKeysPublic.FS_DEFAULT_NAME_KEY, defaultFS);
        config.set("hbase.zookeeper.quorum", ConfigUtil.getProperty(CommonConstants.HBASE_CONF, "hbase.host"));
        config.set("hbase.zookeeper.property.clientPort", ConfigUtil.getProperty(CommonConstants.HBASE_CONF, "hbase.port"));
        config.set("hbase.client.retries.number", Integer.toString(0));
        config.set("zookeeper.session.timeout", Integer.toString(6000));
        config.set("zookeeper.recovery.retry", Integer.toString(0));
        config.set("hbase.master", "gauravt-namenode.pbi.global.pvt:60000");
        config.set("zookeeper.znode.parent", "/hbase-secure");
        config.set("hbase.rpc.engine", "org.apache.hadoop.hbase.ipc.SecureRpcEngine");
        config.set("hbase.security.authentication", AUTH_KRB);
        config.set("hbase.security.authorization", AUTHORIZATION);
        config.set("hbase.master.kerberos.principal", "hbase/[email protected]");
        config.set("hbase.master.keytab.file", "D:/var/lib/bda/secure/keytabs/hbase.service.keytab");
        config.set("hbase.regionserver.kerberos.principal", "hbase/[email protected]");
        config.set("hbase.regionserver.keytab.file", "D:/var/lib/bda/secure/keytabs/hbase.service.keytab");

        UserGroupInformation.setConfiguration(config);
        UserGroupInformation userGroupInformation = UserGroupInformation.loginUserFromKeytabAndReturnUGI("hbase/[email protected]", "D:/var/lib/bda/secure/keytabs/hbase.service.keytab");
        UserGroupInformation.setLoginUser(userGroupInformation);

        User user = User.create(userGroupInformation);

        user.runAs(new PrivilegedExceptionAction<Object>() {

            @Override
            public Object run() throws Exception {
                HBaseAdmin admins = new HBaseAdmin(config);

                if(admins.isTableAvailable("ambarismoketest")) {
                    System.out.println("Table is available");
                };

                HConnection connection = HConnectionManager.createConnection(config);

                HTableInterface table = connection.getTable("ambarismoketest");



                admins.close();
                System.out.println(table.get(new Get(null)));
                return table.get(new Get(null));
            }
        });
        System.out.println(UserGroupInformation.getLoginUser().getUserName());


    } catch (Exception e) {
        // TODO Auto-generated catch block
        e.printStackTrace();
    }

I`m getting the following exception:

    Caused by: org.apache.hadoop.ipc.RemoteException(javax.security.sasl.SaslException): GSS initiate failed
at org.apache.hadoop.hbase.security.HBaseSaslRpcClient.readStatus(HBaseSaslRpcClient.java:110)
at org.apache.hadoop.hbase.security.HBaseSaslRpcClient.saslConnect(HBaseSaslRpcClient.java:146)
at org.apache.hadoop.hbase.ipc.RpcClient$Connection.setupSaslConnection(RpcClient.java:762)
at org.apache.hadoop.hbase.ipc.RpcClient$Connection.access$600(RpcClient.java:354)
at org.apache.hadoop.hbase.ipc.RpcClient$Connection$2.run(RpcClient.java:883)
at org.apache.hadoop.hbase.ipc.RpcClient$Connection$2.run(RpcClient.java:880)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAs(Subject.java:396)
at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1491)
at org.apache.hadoop.hbase.ipc.RpcClient$Connection.setupIOstreams(RpcClient.java:880)
... 33 more

Any pointers would be helpful.

解决方案

Not sure if you still need help. I think setting the "hadoop.security.authentication" property is missing from your snippet.

I am using following code snippet to connect to secure HBase (on CDH5). You can give a try.

config.set("hbase.zookeeper.quorum", zookeeperHosts);
config.set("hbase.zookeeper.property.clientPort", zookeeperPort);
config.set("hadoop.security.authentication", "kerberos");
config.set("hbase.security.authentication", "kerberos");
config.set("hbase.master.kerberos.principal", HBASE_MASTER_PRINCIPAL);
config.set("hbase.regionserver.kerberos.principal", HBASE_RS_PRINCIPAL);

UserGroupInformation.setConfiguration(config);
UserGroupInformation.loginUserFromKeytab(ZOOKEEPER_PRINCIPAL,ZOOKEEPER_KEYTAB);

HBaseAdmin admins = new HBaseAdmin(config);
TableName[] tables  = admins.listTableNames();

for(TableName table: tables){
    System.out.println(table.toString());
}

这篇关于用于安全Hbase的Java客户端的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

08-20 05:17