Help Center/ MapReduce Service/ Developer Guide (LTS)/ HBase Development Guide (Security Mode)/ Environment Preparation/ Preparing for Security Authentication/ Preparing Authentication Mechanism Code
Updated on 2024-08-10 GMT+08:00
View PDF
Share

Preparing Authentication Mechanism Code

Scenario

In a security cluster environment, the components must be mutually authenticated before communicating with each other to ensure communication security. ZooKeeper and Kerberos security authentications are required for HBase application development. The jaas.conf file is used for ZooKeeper authentication, and the keytab and krb5.conf files are used for Kerberos security authentication. For details, see the README.md file of the sample code.

The code authentication mode is used for security authentication. Oracle Java and IBM Java are supported.

The following code snippet belongs to the TestMain class of the com.huawei.bigdata.hbase.examples packet.

  • Code authentication 
    try {
   init();
   login();
   } 
catch (IOException e) {
   LOG.error("Failed to login because ", e);
   return;
}
  • Initializing configuration 
    private static void init() throws IOException {
        // Default load from conf directory
        conf = HBaseConfiguration.create();
        //In Windows environment
        String userdir = TestMain.class.getClassLoader().getResource("conf").getPath() + File.separator;[1]
        //In Linux environment
        //String userdir = System.getProperty("user.dir") + File.separator + "conf" + File.separator;
        conf.addResource(new Path(userdir + "core-site.xml"), false);
        conf.addResource(new Path(userdir + "hdfs-site.xml"), false);
        conf.addResource(new Path(userdir + "hbase-site.xml"), false);
}

    [1] userdir obtains the conf directory in the resource path after compilation. Save the core-site.xml, hdfs-site.xml, and hbase-site.xml configuration files required for initialization and the user credential file used for security authentication to the src/main/resources directory.

  • Security login

    Set userName to the actual username based on the actual situation, for example, developuser.

    On Windows and Linux, use the corresponding path obtaining mode.

    private static void login() throws IOException {
        if (User.isHBaseSecurityEnabled(conf)) {
            userName = "hbaseuser1";
           
            //In Windows environment
            String userdir = TestMain.class.getClassLoader().getResource("conf").getPath() + File.separator;
            //In Linux environment
            //String userdir = System.getProperty("user.dir") + File.separator + "conf" + File.separator;
 
            /*
             * if need to connect zk, please provide jaas info about zk. of course,
             * you can do it as below:
             * System.setProperty("java.security.auth.login.config", confDirPath +
             * "jaas.conf"); but the demo can help you more : Note: if this process
             * will connect more than one zk cluster, the demo may be not proper. you
             * can contact us for more help
             */
            LoginUtil.setJaasConf(ZOOKEEPER_DEFAULT_LOGIN_CONTEXT_NAME, userName, userKeytabFile);
            LoginUtil.login(userName, userKeytabFile, krb5File, conf);
        }
}