1 pom文件添加依赖
<dependencies>
<dependency>
<groupId>log4j</groupId>
<artifactId>log4j</artifactId>
<version>1.2.17</version>
</dependency>
<dependency>
<groupId>org.apache.hadoop</groupId>
<artifactId>hadoop-common</artifactId>
<version>3.0.0-cdh6.3.2</version>
</dependency>
<dependency>
<groupId>org.apache.hadoop</groupId>
<artifactId>hadoop-client</artifactId>
<version>3.0.0-cdh6.3.2</version>
</dependency>
</dependencies>
2 工程添加额外jar包
3 kerberos工具类
package com.hainiu;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.security.UserGroupInformation;
import java.io.IOException;
public class KerberosAuthenticator {
/**
* kerberos认证
* @param configuration hadoop配置文件
* @param krb5Path kerberos配置文件(krb5.conf)路径
* @param principal 认证主体名
* @param keytabPath keytab文件路径
*/
public void kerberosAuth(Configuration configuration, String krb5Path, String principal, String keytabPath){
// 通过系统设置参数设置krb5.conf
System.setProperty("java.security.krb5.conf",krb5Path);
// 指定kerberos 权限认证
configuration.set("hadoop.security.authentication","Kerberos");
// 用 UserGroupInformation 类做kerberos认证
UserGroupInformation.setConfiguration(configuration);
try {
// 用于刷新票据,当票据过期的时候自动刷新
UserGroupInformation.getLoginUser().checkTGTAndReloginFromKeytab();
// 通过 keytab 登录
// 参数1:认证主体
// 参数2:认证文件
UserGroupInformation.loginUserFromKeytab(principal,keytabPath);
UserGroupInformation loginUser = UserGroupInformation.getLoginUser();
System.out.println("loginUser:" + loginUser);
} catch (IOException e) {
e.printStackTrace();
}
}
}
4 配置文件
准备krb5配置文件、keytab配置文件、hadoop配置文件如下
重新rebuild 工程
5 操作代码
package com.hainiu;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.security.UserGroupInformation;
import java.security.PrivilegedAction;
import java.sql.*;
public class ImpalaJDBC {
public static void main(String[] args) {
//准备kerberos相关信息
String krb5Path = "src/main/conf/krb5.conf";
String principal = "impala@HAINIU.COM";
String keytabPath = "src/main/conf/impala.keytab";
//定义impala驱动类
String JDBC_DRIVER = "com.cloudera.impala.jdbc41.Driver";
//定义impala链接url
//认证方式AuthMech为1的时候:kerberos认证,为2的时候ldap认证(使用用户名密码),为3的时候不认证。
//KrbHostFQDN为kerberos服务节点地址。
//KrbServiceName为认证名,这个认证名不是我们的认证主体。
String JDBC_URL = "jdbc:impala://worker-1:21050/default;AuthMech=1;KrbHostFQDN=worker-1;KrbServiceName=impala";
//hadoop配置文件
Configuration configuration = new Configuration();
// KerberosInit kerberosInit = new KerberosInit();
new KerberosAuthenticator().kerberosAuth(configuration,krb5Path,principal,keytabPath);
//通过kerberos认证方式去连接impala
try {
UserGroupInformation loginUser = UserGroupInformation.getLoginUser();
loginUser.doAs(new PrivilegedAction<Object>() {
@Override
public Object run() {
try {
Class.forName(JDBC_DRIVER);
try(
Connection connection = DriverManager.getConnection(JDBC_URL);
PreparedStatement ps = connection.prepareStatement("select count(1) from xinniu.impala_t1");
ResultSet rs = ps.executeQuery();
){
while (rs.next()){
int countNum = rs.getInt(1);
System.out.println("countNum = " + countNum);
}
}catch (SQLException ee){
ee.printStackTrace();
}
} catch (Exception e) {
e.printStackTrace();
}
return null;
}
});
} catch (Exception e) {
e.printStackTrace();
}
}
}
