Kerberos是一種計算機網絡授權協議,用來在非安全網絡中,對個人通信以安全的手段進行身份認證。
具體HADOOP的訪問HDFS使用Kerberos的作用和原理請自己查閱相關文檔。
之前做項目時第一次使用Kbs訪問HDFS,當時不瞭解,翻閱資料搞了好久,也入了不少坑,現分享出來,方便大家。
下面代碼在項目親測過,可用
代碼如下:
package zqmKerberos;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.FileStatus;
import org.apache.hadoop.fs.FileSystem;
import org.apache.hadoop.security.UserGroupInformation;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.text.SimpleDateFormat;
import java.util.Date;
import java.util.HashMap;
import java.util.UUID;
import org.apache.hadoop.fs.Path;
public class BjKerberos {
public final String USER_KEY = "usergrp@zqm"; //用戶key
public final String KEY_TAB_PATH = "/home/usergrp.user-app_yxkj.keytab"; //keytab文件
public final String HDFS_PATH = "/user/finalRes"; //要訪問的HDFS路徑
public HashMap<String,String> map = new HashMap<String,String>();
public HashMap<String,String> Kerberos() throws IOException {
SimpleDateFormat df = new SimpleDateFormat("yyyyMMdd");
String currentDay = df.format(new Date());
// HDFS的Kerberos認證
System.setProperty("java.security.krb5.conf", "/home/krb5.conf");
Configuration conf = new Configuration();
// 必須加,不然會報找不到文件系統
conf.addResource(new Path("/home/hdfs-site.xml"));
conf.addResource(new Path("/home/core-site.xml"));
// 設置conf信息
conf.setBoolean("hadoop.security.authorization", true);
conf.set("hadoop.security.authentication", "kerberos");
try {
UserGroupInformation.setConfiguration(conf);
UserGroupInformation.loginUserFromKeytab(USER_KEY, KEY_TAB_PATH);
} catch (IOException e) {
e.printStackTrace();
}
System.out.println("Kerberos Checked Finsh! Get HDFS Data ! \n");
// 下面是自己的業務邏輯,不用看
FileSystem fs = FileSystem.get(conf);
FileStatus dir[] = fs.listStatus(new Path(HDFS_PATH));
for (int i = 0; i < dir.length; i++) {
FileStatus dir_two[] = fs.listStatus(dir[i].getPath());
for (int j = 0; j < dir_two.length; j++) {
if(dir_two[j].getPath().toString().contains(currentDay)){
FileStatus files[] = fs.listStatus(dir_two[j].getPath());
for(int n = 0; n < files.length; n++){
// 結果數據文件
System.out.println(files[n].getPath());
InputStream in = fs.open(files[n].getPath());
BufferedReader br = new BufferedReader(new InputStreamReader(in, "utf-8"));
String line = null;
while ((line = br.readLine()) != null) {
String str[] = line.split("\t");
// 因爲一個標識會被多人呼,所以加UUID使其唯一
map.put(str[0].trim() + "_" + UUID.randomUUID(), str[1].trim());
}
}
}
}
}
System.out.printf("HDFS Data Total number:%d (tiao)\n", map.size());
for (String key : map.keySet()) {
System.out.printf("Show first sample data: " + key + "\t" + map.get(key) + "\n");
break;
}
return map;
}
}
hdfs-site.xml,core-site.xml:這兩個文件是集羣配置文件,具體再哪裏?自己諮詢集羣維護人員,切記必須要有。