大数据Hive系列之HiveServer2用户安全认证

x33g5p2x  于2021-12-25 转载在 其他  
字(4.5k)|赞(0)|评价(0)|浏览(605)

1. 概述

1.1 目的

HiveServer2提供了JDBC链接操作Hive的功能,非常实用,但如果在使用HiveServer2时候,不注意安全控制,将非常危险,因为任何人都可以作为超级用户来操作Hive及HDFS数据。

1.2 认证方式

HiveServer2支持多种用户安全认证方式:NONE,NOSASL, KERBEROS, LDAP, PAM ,CUSTOM等等,本文采用CUSTOM。

2. 编写代码

  • 所需jar包

  • commons-logging-1.2.jar

  • hadoop-common-2.7.3.jar

  • hive-service-2.1.1.jar

2.1 编写权限认证类

  1. package org.apache.hive;
  3. import javax.security.sasl.AuthenticationException;
  5. import org.apache.commons.logging.Log;
  6. import org.apache.commons.logging.LogFactory;
  7. import org.apache.hadoop.conf.Configurable;
  8. import org.apache.hadoop.conf.Configuration;
  9. import org.apache.hive.service.auth.PasswdAuthenticationProvider;
  11. /** * 权限认证类 * * @author volitation * */
  12. public class CustomHiveServer2Auth implements PasswdAuthenticationProvider, Configurable {
  14.     private static final Log LOG = LogFactory.getLog(CustomHiveServer2Auth.class);
  16.     private Configuration conf = null;
  18.     private static final String HIVE_JDBC_PASSWD_AUTH_PREFIX = "hive.jdbc_passwd.auth.%s";
  20.     public CustomHiveServer2Auth() {
  21.         init();
  22.     }
  24.     public void init() {
  26.     }
  28.     public void Authenticate(String userName, String passwd) throws AuthenticationException {
  29.         LOG.info("user: " + userName + " try login.");
  31.         String passwdMD5 = getConf().get(String.format(HIVE_JDBC_PASSWD_AUTH_PREFIX, userName));
  33.         if (passwdMD5 == null) {
  34.             String message = "user's ACL configration is not found. user:" + userName;
  35.             LOG.info(message);
  36.             throw new AuthenticationException(message);
  37.         }
  39.         String md5 = new MD5().md5(passwd);
  41.         if (!md5.equals(passwdMD5)) {
  42.             String message = "user name and password is mismatch. user:" + userName;
  43.             throw new AuthenticationException(message);
  44.         }
  46.         LOG.info("user " + userName + " login system successfully.");
  47.     }
  49.     public Configuration getConf() {
  50.         if (conf == null) {
  51.             this.conf = new Configuration();
  52.         }
  53.         return conf;
  54.     }
  56.     public void setConf(Configuration arg0) {
  57.         this.conf = arg0;
  58.     }
  59. }

2.2 编写MD5加密类

  1. package org.apache.hive;
  3. import java.security.MessageDigest;
  4. import java.security.NoSuchAlgorithmException;
  6. /** * MD5加密类 * * @author volitation * */
  7. public class MD5 {
  9.     private MessageDigest digest;
  11.     private char hexDigits[] = { '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f' };
  13.     public MD5() {
  14.         try {
  15.             digest = MessageDigest.getInstance("MD5");
  16.         } catch (NoSuchAlgorithmException e) {
  17.             throw new RuntimeException(e);
  18.         }
  19.     }
  21.     public String md5(String str) {
  22.         byte[] btInput = str.getBytes();
  23.         digest.reset();
  24.         digest.update(btInput);
  25.         byte[] md = digest.digest();
  26.         // 把密文转换成十六进制的字符串形式
  27.         int j = md.length;
  28.         char strChar[] = new char[j * 2];
  29.         int k = 0;
  30.         for (int i = 0; i < j; i++) {
  31.             byte byte0 = md[i];
  32.             strChar[k++] = hexDigits[byte0 >>> 4 & 0xf];
  33.             strChar[k++] = hexDigits[byte0 & 0xf];
  34.         }
  35.         return new String(strChar);
  36.     }
  38.     public static void main(String[] args) {
  39.         String pwd = new MD5().md5("NFJD1234");
  40.         System.out.println(pwd);
  42.     }
  44. }

2.3 配置pom,用Maven打jar包

  1. <dependencies>
  2.     <dependency>
  3.         <groupId>hive-service</groupId>
  4.         <artifactId>hive-service</artifactId>
  5.         <version>2.1.1</version>
  6.         <scope>system</scope>
  7.         <systemPath>${basedir}/src/main/webapp/WEB-INF/lib/hive-service-2.1.1.jar</systemPath>
  8.     </dependency>
  9.     <dependency>
  10.         <groupId>commons-logging</groupId>
  11.         <artifactId>commons-logging</artifactId>
  12.         <version>1.2</version>
  13.         <scope>system</scope>
  14.         <systemPath>${basedir}/src/main/webapp/WEB-INF/lib/commons-logging-1.2.jar</systemPath>
  15.     </dependency>
  16.     <dependency>
  17.         <groupId>hadoop-common</groupId>
  18.         <artifactId>hadoop-common</artifactId>
  19.         <version>2.7.3</version>
  20.         <scope>system</scope>
  21.         <systemPath>${basedir}/src/main/webapp/WEB-INF/lib/hadoop-common-2.7.3.jar</systemPath>
  22.     </dependency>
  23. </dependencies>

3. Hive配置

3.1 上传jar包

  • $ cp ~/hive-jar/hive-server2-2.1.1.jar /apps/svr/hive/apache-hive-2.1.1-bin/lib/

3.2 配置hive-site.xml

  • $ cd /apps/svr/hive/apache-hive-2.1.1-bin/ && vim conf/hive-site.xml
  1. <property>
  2.     <name>hive.server2.thrift.port</name>
  3.     <value>10000</value>
  4. </property>
  5. <property>
  6.     <name>hive.server2.authentication</name>
  7.     <value>CUSTOM</value>
  8. </property>
  9. <property>
  10.     <name>hive.server2.custom.authentication.class</name>
  11.     <value>org.apache.hive.CustomHiveServer2Auth</value>
  12. </property>
  13. <!-- username:hive ; password:hive!@#123 -->
  14. <property>
  15.     <name>hive.jdbc_passwd.auth.hive</name>
  16.     <value>84fea338063c80fde150cb17995056d3</value>
  17.     <description/>
  18. </property>

4. HiveServer2启动验证

4.1 启动hiveserver2

  • $ hive --service hiveserver2 &

4.2 验证

$ beeline
beeline> !connect jdbc:hive2://192.168.9.87:10000 hive hive!@#123
0: jdbc:hive2://192.168.9.87:10000>

4.3 Web UI验证

http://192.168.9.87:10002

版权说明 : 本文为转载文章, 版权归原作者所有 版权申明

原文链接 : https://volitation.blog.csdn.net/article/details/78354974

内容来源于网络,如有侵权,请联系作者删除!

Hive

相关文章

    查看更多
    • 蜀ICP备13028337号-1 大数据知识库 https://www.saoniuhuo.com © All rights reserved
    • 本站内容来源互联网,如果侵犯您的权益请联系我们删除, 联系方式:448109455@qq.com