KeyTab File Authentication Using HSFabric
Description
This section describes how to use the KeyTab file to connect to HetuEngine, assemble SQL statements, and send the SQL statements to HetuEngine for execution to add, delete, modify, and query Hive data sources.
public class JDBCExampleZk {
private static Properties properties = new Properties();
private final static String PATH_TO_JAAS_ZK_CONF = JDBCExample.class.getClassLoader()
.getResource("jaas-zk.conf")
.getPath();
private final static String PATH_TO_KRB5_CONF = JDBCExample.class.getClassLoader()
.getResource("krb5.conf")
.getPath();
private final static String PATH_TO_USER_KEYTAB = JDBCExample.class.getClassLoader()
.getResource("user.keytab")
.getPath();
private final static String PATH_TO_HETUSERVER_JKS = JDBCExamplePasswordZK.class.getClassLoader()
.getResource("hetuserver.jks")
.getPath();
private static void init() throws ClassNotFoundException {
System.setProperty("user.timezone", "UTC");
System.setProperty("java.security.auth.login.config", PATH_TO_JAAS_ZK_CONF);
System.setProperty("java.security.krb5.conf", PATH_TO_KRB5_CONF);
properties.setProperty("user", "hivetest");
properties.setProperty("SSL", "true");
properties.setProperty("KerberosConfigPath", PATH_TO_KRB5_CONF);
properties.setProperty("KerberosPrincipal", "hivetest");
properties.setProperty("KerberosKeytabPath", PATH_TO_USER_KEYTAB);
properties.setProperty("SSLTrustStorePath", PATH_TO_HETUSERVER_JKS);
properties.setProperty("KerberosRemoteServiceName", "HTTP");
properties.setProperty("tenant", "default");
properties.setProperty("deploymentMode", "on_yarn");
properties.setProperty("ZooKeeperAuthType", "kerberos");
properties.setProperty("ZooKeeperSaslClientConfig", "Client");
Class.forName("io.XXXsql.jdbc.XXXDriver");
}
/**
* Program entry
*
* @param args no need program parameter
*/
public static void main(String[] args) {
Connection connection = null;
ResultSet result = null;
PreparedStatement statement = null;
String url = "jdbc:XXX://192.168.1.130:2181,192.168.1.131:2181,192.168.1.132:2181/hive/default?"
+ "serviceDiscoveryMode=zooKeeper&zooKeeperNamespace=hsbroker";
try {
init();
String sql = "show tables";
connection = DriverManager.getConnection(url, properties);
statement = connection.prepareStatement(sql.trim());
result = statement.executeQuery();
ResultSetMetaData resultMetaData = result.getMetaData();
Integer colNum = resultMetaData.getColumnCount();
for (int j = 1; j <= colNum; j++) {
System.out.print(resultMetaData.getColumnLabel(j) + "\t");
}
System.out.println();
while (result.next()) {
for (int j = 1; j <= colNum; j++) {
System.out.print(result.getString(j) + "\t");
}
System.out.println();
}
} catch (SQLException | ClassNotFoundException e) {
e.printStackTrace();
} finally {
if (result != null) {
try {
result.close();
} catch (SQLException e) {
e.printStackTrace();
}
}
if (statement != null) {
try {
statement.close();
} catch (SQLException e) {
e.printStackTrace();
}
}
if (connection != null) {
try {
connection.close();
} catch (SQLException e) {
e.printStackTrace();
}
}
}
}
}
Table 1 describes the parameters in the preceding code.
Parameter |
Description |
|---|---|
url |
jdbc:XXX://zkNode1_IP:zkNode1_Port,zkNode2_IP:zkNode2_Port,zkNode3_IP:zkNode3_Port/catalog/schema?serviceDiscoveryMode=zooKeeper&zooKeeperNamespace=hsbroker
NOTE:
|
user |
Username for accessing HetuEngine, that is, the username of the human-machine user created in the cluster. |
socksProxy |
Indicates the SOCKS proxy server, for example, localhost:1080. |
httpProxy |
Indicates the HTTP proxy server address, for example, localhost:8888. |
applicationNamePrefix |
Indicates the prefix to be attached to any specified ApplicationName client information property that is used to set the source name for a HetuEngine query. If neither this property nor ApplicationName is set, the source for the query is HetuEngine JDBC. |
accessToken |
Indicates the token-based authentication token. |
SSL |
Indicates whether to use the HTTPS connection. The default value is false. |
SSLKeyStorePath |
Indicates the Java KeyStore file path. |
SSLKeyStorePassword |
Indicates the Java KeyStore password. |
SSLTrustStorePath |
Indicates the Java TrustStore file path. |
SSLTrustStorePassword |
Indicates the Java TrustStore password. |
KerberosRemoteServiceName |
Indicates the Kerberos service name, which is fixed to HTTP. |
KerberosPrincipal |
Indicates the username corresponding to keytab specified by KerberosKeytabPath. |
KerberosUseCanonicalHostname |
Indicates whether to use the standardized host name. The default value is false. |
KerberosConfigPath |
The krb5 configuration file to access the data source user. For details, see Preparing for Security Authentication. |
KerberosKeytabPath |
Indicates the keytab configuration file of the data source user, which can be obtained by following the instructions in Preparing for Security Authentication. |
KerberosCredentialCachePath |
Indicates the Kerberos credential cache path. |
extraCredentials |
Indicates additional credentials used to connect to external systems. extraCredentials is the key-value pair list, for example, foo:bar;abc: xyz creates credentials abc = xyz and foo = bar. |
java.security.auth.login.config |
Indicates the path of the jaas-zk.conf configuration file, which is used to access ZooKeeper in security mode. |
java.security.krb5.conf |
Indicates the krb5 configuration file. For details, see Preparing for Security Authentication. |
ZooKeeperAuthType |
Indicates the ZooKeeper authentication mode. The value is kerberos in security mode. |
ZooKeeperSaslClientConfig |
Indicates the item name in the jaas-zk.conf configuration file. |
tenant |
Indicates the tenant to which a user belongs. |
deploymentMode |
Only on_yarn is supported. |
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
