HiveServer2用户安全认证

其他 2018-05-13 12:31:30 阅读次数: 0

1. 概述

1.1 目的

HiveServer2提供了JDBC链接操作Hive的功能,非常实用,但如果在使用HiveServer2时候,不注意安全控制,将非常危险,因为任何人都可以作为超级用户来操作Hive及HDFS数据。

1.2 认证方式

HiveServer2支持多种用户安全认证方式:NONE,NOSASL, KERBEROS, LDAP, PAM ,CUSTOM等等,本文采用CUSTOM。

2. 编写代码

  • 所需jar包
    • commons-logging-1.2.jar
    • hadoop-common-2.7.3.jar
    • hive-service-2.1.1.jar

2.1 编写权限认证类

package org.apache.hive;

import javax.security.sasl.AuthenticationException;

import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.hadoop.conf.Configurable;
import org.apache.hadoop.conf.Configuration;
import org.apache.hive.service.auth.PasswdAuthenticationProvider;

/**
 * 权限认证类
 * 
 * @author volitation
 *
 */
public class CustomHiveServer2Auth implements PasswdAuthenticationProvider, Configurable {

    private static final Log LOG = LogFactory.getLog(CustomHiveServer2Auth.class);

    private Configuration conf = null;

    private static final String HIVE_JDBC_PASSWD_AUTH_PREFIX = "hive.jdbc_passwd.auth.%s";

    public CustomHiveServer2Auth() {
        init();
    }

    public void init() {

    }

    public void Authenticate(String userName, String passwd) throws AuthenticationException {
        LOG.info("user: " + userName + " try login.");

        String passwdMD5 = getConf().get(String.format(HIVE_JDBC_PASSWD_AUTH_PREFIX, userName));

        if (passwdMD5 == null) {
            String message = "user's ACL configration is not found. user:" + userName;
            LOG.info(message);
            throw new AuthenticationException(message);
        }

        String md5 = new MD5().md5(passwd);

        if (!md5.equals(passwdMD5)) {
            String message = "user name and password is mismatch. user:" + userName;
            throw new AuthenticationException(message);
        }

        LOG.info("user " + userName + " login system successfully.");
    }

    public Configuration getConf() {
        if (conf == null) {
            this.conf = new Configuration();
        }
        return conf;
    }

    public void setConf(Configuration arg0) {
        this.conf = arg0;
    }
}

2.2 编写MD5加密类

package org.apache.hive;

import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;

/**
 * MD5加密类
 * 
 * @author volitation
 *
 */
public class MD5 {

    private MessageDigest digest;

    private char hexDigits[] = { '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f' };

    public MD5() {
        try {
            digest = MessageDigest.getInstance("MD5");
        } catch (NoSuchAlgorithmException e) {
            throw new RuntimeException(e);
        }
    }

    public String md5(String str) {
        byte[] btInput = str.getBytes();
        digest.reset();
        digest.update(btInput);
        byte[] md = digest.digest();
        // 把密文转换成十六进制的字符串形式
        int j = md.length;
        char strChar[] = new char[j * 2];
        int k = 0;
        for (int i = 0; i < j; i++) {
            byte byte0 = md[i];
            strChar[k++] = hexDigits[byte0 >>> 4 & 0xf];
            strChar[k++] = hexDigits[byte0 & 0xf];
        }
        return new String(strChar);
    }

    public static void main(String[] args) {
        String pwd = new MD5().md5("NFJD1234");
        System.out.println(pwd);

    }

}

2.3 配置pom,用Maven打jar包

<dependencies>
    <dependency>
        <groupId>hive-service</groupId>
        <artifactId>hive-service</artifactId>
        <version>2.1.1</version>
        <scope>system</scope>
        <systemPath>${basedir}/src/main/webapp/WEB-INF/lib/hive-service-2.1.1.jar</systemPath>
    </dependency>
    <dependency>
        <groupId>commons-logging</groupId>
        <artifactId>commons-logging</artifactId>
        <version>1.2</version>
        <scope>system</scope>
        <systemPath>${basedir}/src/main/webapp/WEB-INF/lib/commons-logging-1.2.jar</systemPath>
    </dependency>
    <dependency>
        <groupId>hadoop-common</groupId>
        <artifactId>hadoop-common</artifactId>
        <version>2.7.3</version>
        <scope>system</scope>
        <systemPath>${basedir}/src/main/webapp/WEB-INF/lib/hadoop-common-2.7.3.jar</systemPath>
    </dependency>
</dependencies>

3. Hive配置

3.1 上传jar包

$ cp ~/hive-jar/hive-server2-2.1.1.jar /apps/svr/hive/apache-hive-2.1.1-bin/lib/

3.2 配置hive-site.xml

$ cd /apps/svr/hive/apache-hive-2.1.1-bin/ && vim conf/hive-site.xml 

<property>
    <name>hive.server2.thrift.port</name>
    <value>10000</value>
</property>
<property>
    <name>hive.server2.authentication</name>
    <value>CUSTOM</value>
</property>
<property>
    <name>hive.server2.custom.authentication.class</name>
    <value>org.apache.hive.CustomHiveServer2Auth</value>
</property>
<!-- username:hadoop ; password:hadoop@123456 -->
<property>
    <name>hive.jdbc_passwd.auth.hadoop</name>
    <value>ad1e4c5f9de2ffb89455da5cc5aa6635</value>
    <description/>
</property>
<!-- username:root ; password:root@123456 -->
<property>
    <name>hive.jdbc_passwd.auth.root</name>
    <value>f5fafdb9ec645a0cbf569e0a4590bacf</value>
    <description/>
</property>

4. HiveServer2启动验证

4.1 启动hiveserver2

$ hive –service hiveserver2 &

4.2 验证(任选一用户连接)

$ beeline
beeline> !connect jdbc:hive2://192.168.9.87:10000 root root@123456
beeline> !connect jdbc:hive2://192.168.9.87:10000 hadoop hadoop@123456

4.3 Web UI验证

http://192.168.9.87:10002

猜你喜欢

转载自blog.csdn.net/volitationlong/article/details/78354974
今日推荐
中国码农的“35岁魔咒”
蘭雅 CorelDRAW 插件 2024.5.1 国际劳动节版,免费下载
Arc Browser for Windows 1.0 正式 GA
90后程序员开发视频搬运软件、不到一年获利超 700 万,结局很刑!
《美国对全球网络空间安全与发展的威胁和破坏》报告发布
周排行
[编程题]学英语
[codeforces 1288A] Deadline 约数+模
Python的web开发
Docker在Centos 7上的部署
python编码
解决Ubuntu16.04 fatal error: json/json.h: No such file or directory
mysql并发插入
rest接口如何适应jsonp的方案
linux 终端上网设置
高数——等号两边同时求导、积分的解释
每日归档
更多
2024-05-04(7)
2024-05-03(19)
2024-05-02(0)
2024-05-01(4)
2024-04-30(1)
2024-04-29(40)
2024-04-28(0)
2024-04-27(56)
2024-04-26(39)
2024-04-25(22)

代码天地 © 2018 codetd.com

境外服务器   最新电视剧2022