Configuring Security Authentication for JDBC to Access Hive
In a cluster with Kerberos authentication enabled, security authentication must be complete before the client connects to the component to ensure communication security. Both ZooKeeper and Kerberos security authentication are required for Hive application development.
The JDBC sample project contains security authentication code, can run in Windows and Linux environments, and does not depend on the cluster client. The HCatalog, Python, and Python 3 sample projects provide only examples running in the Linux environment and depend on the cluster client installed in the Linux environment for authentication. The sample project code does not need security authentication.
Prerequisites
You have obtained the configuration file and authentication file required for running the sample project. For details, see Preparing the Configuration Files for Connecting to the Cluster.
Configuring Secure Login
Security code authentication is adopted for Oracle Java and IBM Java.
The following code is included in the com.huawei.bigdata.hive.example package of the hive-examples/hive-jdbc-example sample project. This package contains JDBCExample and JDBCExamplePreLogin classes, which implement the same functions but require different authentication modes. JDBCExample uses the keytab file concatenated in the JDBC connection for authentication. The JDBC connection of JDBCExamplePreLogin does not contain authentication information, and the Hadoop common interface UserGroupInformation is used for authentication.
In the JDBCExample or JDBCExamplePreLogin class, change USER_NAME to the username you use, for example, developuser. The sample code is as follows:
//Set USER_NAME for the new user. "xxx" indicates the name of the created user for authentication. For example, if the created user is developuser, set USER_NAME to developuser.
USER_NAME = "xxx";
if ("KERBEROS".equalsIgnoreCase(auth)) {
// Set the keytab and ZooKeeper authentication principal of the client.
USER_KEYTAB_FILE = "src/main/resources/user.keytab";
ZOOKEEPER_DEFAULT_SERVER_PRINCIPAL = "zookeeper/" + getUserRealm();
System.setProperty(ZOOKEEPER_SERVER_PRINCIPAL_KEY, ZOOKEEPER_DEFAULT_SERVER_PRINCIPAL);
}
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
