使用kerberos下安全Hadoop时,通常是在linux系统下使用kinit命令进行身份认证,下面提供一种在java api中认证的方式:
import org.apache.hadoop.conf.Configuration;import org.apache.hadoop.fs.FSDataInputStream;import org.apache.hadoop.fs.FileSystem;import org.apache.hadoop.fs.Path;import org.apache.hadoop.security.SecurityUtil;import org.apache.hadoop.security.UserGroupInformation;import java.io.BufferedReader;import java.io.IOException;import java.io.InputStreamReader;import java.util.ArrayList;import java.util.List;import java.util.Map;/** * Created by sure on 15-5-12. */public class HdfsKerberos {static Configuration conf = new Configuration();public static void main(String[] args) throws IOException {//keytab文件的路径conf.set(KEYTAB_FILE_KEY, "/opt/sure.keytab");//principalconf.set(USER_NAME_KEY, "sure");login(conf);System.out.println(loadHdfsFile("/trident/trident-1-0-1431409180775.txt"));}public static List<String> loadHdfsFile(String filePath){List<String> resultList = new ArrayList<>();FileSystem fileSystem = null;try {fileSystem = FileSystem.get(conf);FSDataInputStream fs = fileSystem.open(new Path(filePath));BufferedReader bis = new BufferedReader(new InputStreamReader(fs,"UTF-8"));String line;while ((line = bis.readLine()) != null) {resultList.add(line);}fileSystem.close();} catch (IOException e) {e.printStackTrace();}return resultList;}public static final String KEYTAB_FILE_KEY = "hdfs.keytab.file";public static final String USER_NAME_KEY = "hdfs.kerberos.principal";public static void login(Configuration hdfsConfig) throws IOException {if (UserGroupInformation.isSecurityEnabled()) {String keytab = conf.get(KEYTAB_FILE_KEY);if (keytab != null) {hdfsConfig.set(KEYTAB_FILE_KEY, keytab);}String userName = conf.get(USER_NAME_KEY);if (userName != null) {hdfsConfig.set(USER_NAME_KEY, userName);}SecurityUtil.login(hdfsConfig, KEYTAB_FILE_KEY, USER_NAME_KEY);}}}
版权声明:本文为博主原创文章,未经博主允许不得转载。
,思想如钻子,必须集中在一点钻下去才有力量
