Java HDFS Kerberos 认证

Kerberos 认证

代码如下：

package com.gridsum.datasocket;

import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.FileSystem;
import org.apache.hadoop.fs.LocatedFileStatus;
import org.apache.hadoop.fs.Path;
import org.apache.hadoop.fs.RemoteIterator;
import org.apache.hadoop.security.UserGroupInformation;

import java.io.IOException;

public class Kerberos {


    public static final String USER_KEY = "[email protected]";
    public static final String KEY_TAB_PATH = "test.keytab";

    static Configuration conf = new Configuration();

    static {
        System.setProperty("java.security.krb5.conf", "D:\\krb5.conf");
        conf.set("hadoop.security.authentication", "kerberos");
        conf.set("fs.defaultFS", "hdfs://192.168.20.1:8020");

        try {
            UserGroupInformation.setConfiguration(conf);
            UserGroupInformation.loginUserFromKeytab(USER_KEY, KEY_TAB_PATH);
        } catch (IOException e) {
            e.printStackTrace();
        }
    }

    public static void main(String[] args) throws IOException {
        FileSystem fs = FileSystem.get(conf);
        RemoteIterator<LocatedFileStatus> it = fs.listFiles(new Path("/user/"), true);
        while (it.hasNext()){
            LocatedFileStatus next = it.next();
            System.out.println(next.getPath().getName());

        }
    }
}
           

主要是3行

System.setProperty("java.security.krb5.conf", "D:\\krb5.conf");//配置krb5.conf的路径
        conf.set("hadoop.security.authentication", "kerberos"); //配置认证方式，有kerberos和simple两种
        conf.set("fs.defaultFS", "hdfs://192.168.20.1:8020");//namenode的地址和端口
           

System.setProperty("java.security.krb5.conf", "D:\\krb5.conf")

这一行必须要有，否则会报以下错误

java.lang.ExceptionInInitializerError
Caused by: java.lang.IllegalArgumentException: Can't get Kerberos realm
    at org.apache.hadoop.security.HadoopKerberosName.setConfiguration(HadoopKerberosName.java:)
    at org.apache.hadoop.security.UserGroupInformation.initialize(UserGroupInformation.java:)
    at org.apache.hadoop.security.UserGroupInformation.setConfiguration(UserGroupInformation.java:)
    at com.gridsum.datasocket.Kerberos.<clinit>(Kerberos.java:)
Caused by: java.lang.reflect.InvocationTargetException
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:)
    at java.lang.reflect.Method.invoke(Method.java:)
    at org.apache.hadoop.security.authentication.util.KerberosUtil.getDefaultRealm(KerberosUtil.java:)
    at org.apache.hadoop.security.HadoopKerberosName.setConfiguration(HadoopKerberosName.java:)
    ...  more
Caused by: KrbException: Cannot locate default realm
    at sun.security.krb5.Config.getDefaultRealm(Config.java:)
    ...  more
Exception in thread "main"