一般情况下,java客户端访问hbase集群,都是指定zk地址和端口后即可与hbase建立连接了,但是如果hbase集群开启了kerberos验证,那么就不能直接建立连接了,需要使用验证实体(principal)和其对应的keytab向hbase集群进行kerberos验证,验证通过后才能建立连接。
我创建的是maven项目,pom.xml文件的内容如下:
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>org.example</groupId>
<artifactId>untitled6</artifactId>
<version>1.0-SNAPSHOT</version>
<dependencies>
<!-- https://mvnrepository.com/artifact/org.apache.hbase/hbase-server -->
<dependency>
<groupId>org.apache.hbase</groupId>
<artifactId>hbase-server</artifactId>
<version>1.6.0</version>
</dependency>
<!-- https://mvnrepository.com/artifact/org.apache.hbase/hbase-common -->
<dependency>
<groupId>org.apache.hbase</groupId>
<artifactId>hbase-common</artifactId>
<version>1.6.0</version>
</dependency>
<!-- https://mvnrepository.com/artifact/org.apache.hbase/hbase-client -->
<dependency>
<groupId>org.apache.hbase</groupId>
<artifactId>hbase-client</artifactId>
<version>1.6.0</version>
</dependency>
</dependencies>
</project>
java应用访问不开启kerberos验证的hbase集群,代码示例:
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.hbase.client.*;
import org.apache.hadoop.security.UserGroupInformation;
import java.io.IOException;
public class TestHbaseKerberos {
public static void main(String[] args) {
Configuration conf = new Configuration();
/**
* zookeeper地址
*/
conf.set("hbase.zookeeper.quorum", "hdp26.bigdata.cn:2181,hdp27.bigdata.cn:2181,hdp28.bigdata.cn:2181");
/**
* zookeeper端口
*/
conf.set("hbase.zookeeper.property.clientport", "2181");
Connection connection = ConnectionFactory.createConnection(conf);
System.out.println(connection.isClosed());
}
}
java应用访问开启kerberos验证的hbase集群,代码示例:
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.hbase.client.*;
import org.apache.hadoop.security.UserGroupInformation;
import java.io.IOException;
public class TestHbaseKerberos {
public static void main(String[] args) {
Configuration conf = new Configuration();
/**
* zookeeper地址
*/
conf.set("hbase.zookeeper.quorum", "hdp26.bigdata.cn:2181,hdp27.bigdata.cn:2181,hdp28.bigdata.cn:2181");
/**
* zookeeper端口
*/
conf.set("hbase.zookeeper.property.clientport", "2181");
/**
* hbase使用kerberos验证
*/
conf.set("hbase.security.authentication", "kerberos");
/**
* hbase master节点的principal(验证实体)
*/
conf.set("hbase.master.kerberos.principal", "hbase/hdp26.bigdata.cn@HADOOP.COM");
/**
* 访问hbase集群的principal
*/
conf.set("kerberos.principal", "s3/hdp28.bigdata.cn@HADOOP.COM");
/**
* 访问hbase集群的principal对应的keytab文件路径
*/
conf.set("kerberos.keytab", "src\\files\\s3.keytab");
System.setProperty("java.security.krb5.conf", "src\\files\\krb5.conf");
UserGroupInformation.setConfiguration(conf);
try {
//使用待验证的实体,调用loginUserFromKeytab api向hbase进行kerberos验证
UserGroupInformation.loginUserFromKeytab("s3/hdp28.bigdata.cn@HADOOP.COM", "src\\files\\s3.keytab");
/**
* 验证通过后即可与hbase建立连接,对hbase进行操作
*/
Connection connection = ConnectionFactory.createConnection(conf);
System.out.println(connection.isClosed());
} catch (IOException e) {
System.out.println(e.getMessage());
}
}
}
注意:其中使用的principal和keytab都是kerberos管理员创建好后给到开发人员的。
网友评论