Help Center> CloudTable Service> Developer Guide> Developing OpenTSDB Applications> Sample Code Description> Performing IAM Authentication for Clusters
View PDF

Performing IAM Authentication for Clusters

Function Description

If IAM authentication is enabled for CloudTable, OpenTSDB must use HTTPS for connection, and the header of an HTTP request must carry parameters listed in the following table.

Table 1 Parameters carried in the HTTP header

HTTP Header

Value

X-TSD-IamAuth

true

X-Auth-ProjectId

ProjectID of the cluster

X-Auth-User

Tenant name

X-Auth-AK

Tenant's AccessKey

X-Auth-Token

Token information generated by using the tenant's AccessKey and SecretKey

You can generate a token using the following method.

On the shell interface of the operating system of the client host, go to the HBase directory on the client host and run the token tool. The command format of the token tool is as follows:

./bin/hbase com.huawei.cloudtable.tool.RestTokenUtil <AccessKey> <SecretKey> <UserName>

AccessKey: User's AccessKey

SecretKey: User's SecretKey

UserName: Username

Example:

./bin/hbase com.huawei.cloudtable.tool.RestTokenUtil YourAccessKey YourSecretKey YourUserName

Sample Code

When the HTTPS connection is used, the application side does not need to verify the certificate. You can skip the certificate verification for the HTTP client that is created using the following method:

  private static CloseableHttpClient createSSLClientDefault() {
    try {
      X509TrustManager x509mgr = new X509TrustManager() {
        public void checkClientTrusted(X509Certificate[] xcs, String string) {
        }

        public void checkServerTrusted(X509Certificate[] xcs, String string) {
        }

        public X509Certificate[] getAcceptedIssuers() {
          return null;
        }
      };
      SSLContext sslContext = SSLContext.getInstance("TLS");
      sslContext.init(null, new TrustManager[] { x509mgr }, null);
      @SuppressWarnings("deprecation")
      SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(sslContext,
          SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);

      return HttpClients.custom().setSSLSocketFactory(sslsf).build();
    } catch (KeyManagementException e) {
      throw new RuntimeException(e);
    } catch (NoSuchAlgorithmException e) {
      throw new RuntimeException(e);
    } catch (Exception e) {
      throw new RuntimeException(e);
    }
  }

When constructing an HTTP request, you need to add the required header to the HTTP request using the following method:

HttpPost httpPost = new HttpPost(PUT_URL);
httpPost .addHeader("X-TSD-IamAuth", "true");
httpPost .addHeader("X-Auth-ProjectId", PROJECT_ID);
httpPost .addHeader("X-Auth-User", USER);
httpPost .addHeader("X-Auth-AK", AK);
httpPost .addHeader("X-Auth-Token", TOKEN);

Parent topic: Sample Code Description