Help Center/ MapReduce Service/ Developer Guide (Normal_3.x)/ HBase Development Guide (Security Mode)/ Environment Preparation/ Preparing for Security Authentication/ Authentication for Accessing the ThriftServer Service
Updated on 2023-08-31 GMT+08:00
View PDF

Authentication for Accessing the ThriftServer Service

Scenario

HBase combines Thrift to provide HBase services for external applications. The ThriftServer instance is optional during HBase service installation. The ThriftServer system can access HBase users and has the read, write, execute, creation, and management permissions on all HBase namespaces and tables. Kerberos authentication is also required for accessing the ThriftServer service. HBase implements two sets of Thrift Server services. hbase-thrift-example is used to call the ThriftServer instance service.

Prerequisites

You have obtained the configuration file and authentication file required for running the sample project. For details, see Preparing the Configuration Files for Connecting to the Cluster.

Sample Configuration

  • Code authentication
    The following code snippets belong to the TestMain class in the com.huawei.bigdata.hbase.examples package of the hbase-thrift-example sample project. 
        private static void init() throws IOException {
        // Default load from conf directory
        conf = HBaseConfiguration.create();

        String userdir = TestMain.class.getClassLoader().getResource("conf").getPath() + File.separator;[1]
        //In Linux environment
        //String userdir = System.getProperty("user.dir") + File.separator + "conf" + File.separator;
        conf.addResource(new Path(userdir + "core-site.xml"), false);
        conf.addResource(new Path(userdir + "hdfs-site.xml"), false);
        conf.addResource(new Path(userdir + "hbase-site.xml"), false);
}

    [1] userdir obtains the conf directory in the resource path after compilation.

  • Security login
    Set userName to the actual username based on the actual situation, for example, developuser. 
        private static void login() throws IOException {
        if (User.isHBaseSecurityEnabled(conf)) {
            userName = " developuser ";

            //In Windows environment
            String userdir = TestMain.class.getClassLoader().getResource("conf").getPath() + File.separator;
            //In Linux environment
            //String userdir = System.getProperty("user.dir") + File.separator + "conf" + File.separator;

            userKeytabFile = userdir + "user.keytab";
            krb5File = userdir + "krb5.conf";
 
            /*
             * if need to connect zk, please provide jaas info about zk. of course,
             * you can do it as below:
             * System.setProperty("java.security.auth.login.config", confDirPath +
             * "jaas.conf"); but the demo can help you more : Note: if this process
             * will connect more than one zk cluster, the demo may be not proper. you
             * can contact us for more help
             */
            LoginUtil.setJaasConf(ZOOKEEPER_DEFAULT_LOGIN_CONTEXT_NAME, userName, userKeytabFile);
            LoginUtil.login(userName, userKeytabFile, krb5File, conf);
        }
}
  • Connecting to a ThriftServer instance
        try {    
        test = new ThriftSample();    
        test.test("10.120.16.170", THRIFT_PORT, conf);[2]
    } catch (TException | IOException e) {
        LOG.error("Test thrift error", e);
    }

    [2] The value of the input parameter test.test() is the IP address of the node where the ThriftServer instance to be accessed is located. Change the IP address to the actual one. The IP address of the node must be configured in the hosts file of the local host where the sample code is run.

    THRIFT_PORT is the value of hbase.regionserver.thrift.port configured for the ThriftServer instance. To obtain the IP address of the node where the ThriftServer instance is deployed, log in to FusionInsight Manager, choose Cluster > Services > HBase, and click the Instance tab.