Kerberos 认证
代码如下:
package com.gridsum.datasocket;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.FileSystem;
import org.apache.hadoop.fs.LocatedFileStatus;
import org.apache.hadoop.fs.Path;
import org.apache.hadoop.fs.RemoteIterator;
import org.apache.hadoop.security.UserGroupInformation;
import java.io.IOException;
public class Kerberos {
public static final String USER_KEY = "[email protected]";
public static final String KEY_TAB_PATH = "test.keytab";
static Configuration conf = new Configuration();
static {
System.setProperty("java.security.krb5.conf", "D:\\krb5.conf");
conf.set("hadoop.security.authentication", "kerberos");
conf.set("fs.defaultFS", "hdfs://192.168.20.1:8020");
try {
UserGroupInformation.setConfiguration(conf);
UserGroupInformation.loginUserFromKeytab(USER_KEY, KEY_TAB_PATH);
} catch (IOException e) {
e.printStackTrace();
}
}
public static void main(String[] args) throws IOException {
FileSystem fs = FileSystem.get(conf);
RemoteIterator<LocatedFileStatus> it = fs.listFiles(new Path("/user/"), true);
while (it.hasNext()){
LocatedFileStatus next = it.next();
System.out.println(next.getPath().getName());
}
}
}
主要是3行
System.setProperty("java.security.krb5.conf", "D:\\krb5.conf");//配置krb5.conf的路径
conf.set("hadoop.security.authentication", "kerberos"); //配置认证方式,有kerberos和simple两种
conf.set("fs.defaultFS", "hdfs://192.168.20.1:8020");//namenode的地址和端口
System.setProperty("java.security.krb5.conf", "D:\\krb5.conf")
这一行必须要有,否则会报以下错误
java.lang.ExceptionInInitializerError
Caused by: java.lang.IllegalArgumentException: Can't get Kerberos realm
at org.apache.hadoop.security.HadoopKerberosName.setConfiguration(HadoopKerberosName.java:)
at org.apache.hadoop.security.UserGroupInformation.initialize(UserGroupInformation.java:)
at org.apache.hadoop.security.UserGroupInformation.setConfiguration(UserGroupInformation.java:)
at com.gridsum.datasocket.Kerberos.<clinit>(Kerberos.java:)
Caused by: java.lang.reflect.InvocationTargetException
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:)
at java.lang.reflect.Method.invoke(Method.java:)
at org.apache.hadoop.security.authentication.util.KerberosUtil.getDefaultRealm(KerberosUtil.java:)
at org.apache.hadoop.security.HadoopKerberosName.setConfiguration(HadoopKerberosName.java:)
... more
Caused by: KrbException: Cannot locate default realm
at sun.security.krb5.Config.getDefaultRealm(Config.java:)
... more
Exception in thread "main"