hive CUSTOM authentication mode: connect to hiveserver through username and password

1. Official website description

Authentication/Security Configuration

HiveServer2 supports Anonymous (no authentication) with and without SASL, Kerberos (GSSAPI), pass through LDAP, Pluggable Custom Authentication and Pluggable Authentication Modules (PAM, supported Hive 0.13 onwards).

 
Authentication mode:

hive.server2.authentication – Authentication mode, default NONE. Options are NONE (uses plain SASL), NOSASL, KERBEROS, LDAP, PAM and CUSTOM.

 
Set following for CUSTOM mode:

hive.server2.custom.authentication.class – Custom authentication class that implements the org.apache.hive.service.auth.PasswdAuthenticationProvider interface.

 

官网：SettingUpHiveServer2-Authentication/SecurityConfiguration

 
 

Two, realize

Realize the logic:

1. Implement the org.apache.hive.service.auth.PasswdAuthenticationProvider interface, package it and put it under >${hive_home}/lib
2. Configure hive-site.xml in each hiveserver installation
3. restart hiveserver

Implementation class:
the logic is very simple, read the hive.jdbc_passwd.auth configuration, and identify the user and password. An exception is thrown if there is no configuration or the match is unsuccessful.

import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.hive.conf.HiveConf;
import org.apache.hive.service.auth.PasswdAuthenticationProvider;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import javax.security.sasl.AuthenticationException;


/**
 * @Description TODO
 * @Author lianggao
 * @Date 2023/6/12 下午3:45
 */
public class CustomPasswdAuthenticator implements PasswdAuthenticationProvider {
    
    
    private Logger LOG = LoggerFactory.getLogger(CustomPasswdAuthenticator.class);
    private static final String HIVE_JDBC_PASSWD_AUTH_PREFIX = "hive.jdbc_passwd.auth.%s";
    private Configuration conf = null;

    public CustomPasswdAuthenticator() {
    
    
    }

    public void Authenticate(String userName, String passwd) throws AuthenticationException {
    
    
        LOG.info("user: " + userName + " try login.");
        String passwdConf = this.getConf().get(String.format("hive.jdbc_passwd.auth.%s", userName));
        String message;
        if (passwdConf == null) {
    
    
            message = "user's ACL configration is not found. user:" + userName;
            LOG.info(message);
            throw new AuthenticationException(message);
        } else if (!passwd.equals(passwdConf)) {
    
    
            message = "user name and password is mismatch. user:" + userName;
            throw new AuthenticationException(message);
        }
    }

    public Configuration getConf() {
    
    
        if (this.conf == null) {
    
    
            this.conf = new Configuration(new HiveConf());
        }

        return this.conf;
    }

    public void setConf(Configuration conf) {
    
    
        this.conf = conf;
    }
}

Modified hive-site.xml

<!--自定义远程连接用户名和密码-->
<property>
<name>hive.server2.authentication</name>
<value>CUSTOM</value><!--默认为none，修改成CUSTOM-->
</property>
 
<!--指定解析jar包-->
<property>
<name>hive.server2.custom.authentication.class</name>
<value>org.apache.hadoop.hive.contrib.auth.CustomPasswdAuthenticator</value>
</property>  
 
<!--设置用户名和密码-->
<property>
 <name>hive.jdbc_passwd.auth.usename1111</name><!--用户名识别为：usename1111-->
 <value>pswd1111</value><!--密码-->
</property>  

restart hiveserver

 
 jps
 kill -9 hive_server_pid
 nohup ./hive --service hiveserver2 >> /tmp/hiveserver2.log 2>&1 

Connect hive test through beeline:

beeline -u jdbc:hive2://hostname:10000 -n usename1111 -p pswd1111

 
 

3. The second implementation

The user name and password can be written in the implementation class in advance, so that the configuration of hive-site.xml will be more concise

package hive.test;

import java.util.Hashtable;
import javax.security.sasl.AuthenticationException;
import org.apache.hive.service.auth.PasswdAuthenticationProvider;

/*
 javac -cp $HIVE_HOME/lib/hive-service-0.11-mapr.jar SampleAuthenticator.java -d .
 jar cf sampleauth.jar hive
 cp sampleauth.jar $HIVE_HOME/lib/.
*/


public class SampleAuthenticator implements PasswdAuthenticationProvider {
    
    

  Hashtable<String, String> store = null;

  public SampleAuthenticator () {
    
    
    store = new Hashtable<String, String>();
    store.put("user1", "passwd1");
    store.put("user2", "passwd2");
  }

  @Override
  public void Authenticate(String user, String  password)
      throws AuthenticationException {
    
    

    String storedPasswd = store.get(user);

    if (storedPasswd != null && storedPasswd.equals(password))
      return;
     
    throw new AuthenticationException("SampleAuthenticator: Error validating user");
  }

}

hive-site.xml

<property>
<name>hive.server2.authentication</name>
<value>CUSTOM</value>
</property>

<property>
<name>hive.server2.custom.authentication.class</name>
<value>hive.test.SampleAuthenticator</value>
</property>

 
 

Reference:
https://docs.ezmeral.hpe.com/datafabric-customer-managed/72/Hive/HiveServer2-CustomAuth.html