Help Center> MapReduce Service> Developer Guide (3.x)> HBase Development Guide (Security Mode)> Environment Preparation> Preparing for Security Authentication> Preparing Authentication Mechanism Code
View PDF

Preparing Authentication Mechanism Code

Scenario

In a secure cluster environment, components must perform mutual authentication before communicating with each other to ensure communication security. HBase application development requires ZooKeeper and Kerberos security authentication. For the jaas.conf file used for ZooKeeper authentication and the keytab file and principal file used for Kerberos authentication, you can contact the administrator to create the files and obtain them. For details about how to use the files, see related description in the sample code.

Security authentication uses the code authentication mode. This example project applies to the Oracle Java platform and the IBM Java platform.

The following code snippet belongs to the TestMain class of the com.huawei.bigdata.hbase.examples package.

  • Code authentication 
    try {
   init();
   login();
   } 
catch (IOException e) {
   LOG.error("Failed to login because ", e);
   return;
}
  • Initial configuration 
    private static void init() throws IOException {
        // Default load from conf directory
        conf = HBaseConfiguration.create();
        //In Windows environment
        String userdir = TestMain.class.getClassLoader().getResource("conf").getPath() + File.separator;[1]
        //In Linux environment
        //String userdir = System.getProperty("user.dir") + File.separator + "conf" + File.separator;
        conf.addResource(new Path(userdir + "core-site.xml"), false);
        conf.addResource(new Path(userdir + "hdfs-site.xml"), false);
        conf.addResource(new Path(userdir + "hbase-site.xml"), false);
}

    [1] userdiruserdir obtains the conf directory in the resource path after compilation. Save the core-site.xml, hdfs-site.xml, and hbase-site.xml configuration files required for initialization and the user credential file used for security authentication to the src/main/resources directory.

  • Secure login

    Set userName to the actual user name based on the actual situation, for example, developuser.

    In the Windows and Linux operating systems, use the corresponding path to obtain the software package.

    private static void login() throws IOException {
        if (User.isHBaseSecurityEnabled(conf)) {
            userName = "hbaseuser1";
            //In Windows environment
            String userdir = TestMain.class.getClassLoader().getResource("conf").getPath() + File.separator;
            //In Linux environment
            //String userdir = System.getProperty("user.dir") + File.separator + "conf" + File.separator;
 
            /*
             * if need to connect zk, please provide jaas info about zk. of course,
             * you can do it as below:
             * System.setProperty("java.security.auth.login.config", confDirPath +
             * "jaas.conf"); but the demo can help you more : Note: if this process
             * will connect more than one zk cluster, the demo may be not proper. you
             * can contact us for more help
             */
            LoginUtil.setJaasConf(ZOOKEEPER_DEFAULT_LOGIN_CONTEXT_NAME, userName, userKeytabFile);
            LoginUtil.login(userName, userKeytabFile, krb5File, conf);
        }
}