Simply put
The reason why authentication needs to be added when connecting to Hive in the Java code is that Hive is a distributed data processing system that is typically deployed in a multi-user environment, where access to data is controlled by policies and permissions.
Therefore, to ensure the security and integrity of the data, it is necessary to authenticate users before granting them access to the data.
In the code snippet provided, Kerberos is used as the authentication mechanism, which is a widely used network authentication protocol that provides strong authentication and secure communication over insecure networks.
The code sets the appropriate configuration properties for Kerberos authentication and uses the UserGroupInformation class to log in the user from the keytab file, which contains the user’s credentials.文章来源:https://www.toymoban.com/news/detail-469444.html
By using Kerberos authentication, the code ensures that only authorized users are granted access to the Hive data, which helps to prevent unauthorized access or data breaches.文章来源地址https://www.toymoban.com/news/detail-469444.html
Java Code connect to Hive
System.setProperty(KRB5_CONF, dataSource.getKrbConfigFile());
org.apache.hadoop.conf.Configuration conf = new org.apache.hadoop.conf.Configuration();
conf.set(CommonConfigurationKeys.HADOOP_SECURITY_AUTHORIZATION, "true");
conf.set(CommonConfigurationKeys.HADOOP_SECURITY_AUTHENTICATION, "kerberos");
UserGroupInformation.setConfiguration(conf);
try {
UserGroupInformation.loginUserFromKeytab(dataSource.getKrbUser(), dataSource.getKeytabFile());
} catch (IOException e) {
throw new RuntimeException(e);
}
Explain Code
- The
System.setPropertymethod is used to set theKRB5_CONFsystem property to the path of the Kerberos configuration file (specified bydataSource.getKrbConfigFile()). This file contains configuration information required by the Kerberos authentication system, such as the location of the Kerberos realm, the KDC (Key Distribution Center), and the Kerberos ticket-granting ticket (TGT) server. - Next, a new
org.apache.hadoop.conf.Configurationobject is created to hold Hadoop configuration properties. - The
conf.setmethod is used to enable Hadoop security authorization and authentication by setting the value of theCommonConfigurationKeys.HADOOP_SECURITY_AUTHORIZATIONandCommonConfigurationKeys.HADOOP_SECURITY_AUTHENTICATIONkeys totrueandkerberos, respectively. This ensures that all Hadoop interactions are authenticated using Kerberos. - The
UserGroupInformation.setConfigurationmethod is used to set the global configuration for all UserGroupInformation instances to the newly created configuration object. - Finally, the
UserGroupInformation.loginUserFromKeytabmethod is used to log in the user specified bydataSource.getKrbUser()using the keytab file specified bydataSource.getKeytabFile(). A keytab is a file that contains the shared secret key used to authenticate the specified user to the Kerberos server. This method performs a login operation that retrieves a Kerberos ticket-granting ticket (TGT) for the specified user from the KDC and stores it in a cache for later use by Hadoop. If the login operation fails, anIOExceptionis thrown and the application terminates with a runtime exception.
Overall, this code sets up the necessary configuration properties for Hadoop to use Kerberos authentication and logs in the user specified by the keytab file, allowing the application to securely access Hadoop resources. It is typically used in secure Hadoop clusters where Kerberos is the authentication mechanism.
到了这里,关于Java 访问连接Hive的Kerberos认证前提的文章就介绍完了。如果您还想了解更多内容,请在右上角搜索TOY模板网以前的文章或继续浏览下面的相关文章,希望大家以后多多支持TOY模板网!
