hive 配置用户名_配置HiveServer2的安全策略之自定义用户名密码验证
具體從網上看
http://doc.mapr.com/display/MapR/Using+HiveServer2#UsingHiveServer2-ConfiguringCustomAuthentication
一共提供了三種安全認證方式,我們通常采用的為第三種自定義的方式。
To implement custom authentication for HiveServer2, create a custom Authenticator class derived from the following interface:
從這段話看出來我們要實現一個接口:PasswdAuthenticationProvider (org.apache.hive.service.auth.PasswdAuthenticationProvider)我們來看看這個接口
public interface PasswdAuthenticationProvider {
/**
* The Authenticate method is called by the HiveServer2 authentication layer
* to authenticate users for their requests.
* If a user is to be granted, return nothing/throw nothing.
* When a user is to be disallowed, throw an appropriate {@link AuthenticationException}.
*
* For an example implementation, see {@link LdapAuthenticationProviderImpl}.
*
* @param user - The username received over the connection request
* @param password - The password received over the connection request
* @throws AuthenticationException - When a user is found to be
* invalid by the implementation
*/
void Authenticate(String user, String password) throws AuthenticationException;
}
有一個方法要實現,實現了這個接口就可以自定義驗證用戶名密碼了。代碼不是太多
package org.apache.hadoop.hive.contrib.auth;
import javax.security.sasl.AuthenticationException;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.hadoop.conf.Configurable;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.hive.contrib.utils.MD5Util;
import org.apache.hive.service.auth.PasswdAuthenticationProvider;
public class XXXXPasswdAuthenticator implements PasswdAuthenticationProvider,Configurable {
private static final Log LOG=LogFactory.getLog(XXXXPasswdAuthenticator.class);
private Configuration conf=null;
private static final String HIVE_JDBC_PASSWD_AUTH_PREFIX="hive.jdbc_passwd.auth.%s";
public XXXXPasswdAuthenticator() {
init();
}
/**
*
*/
public void init(){
}
@Override
public void Authenticate(String userName, String passwd)
throws AuthenticationException {
LOG.info("user: "+userName+" try login.");
String passwdMD5 = getConf().get(String.format(HIVE_JDBC_PASSWD_AUTH_PREFIX, userName));
if(passwdMD5==null){
String message = "user's ACL configration is not found. user:"+userName;
LOG.info(message);
throw new AuthenticationException(message);
}
String md5 = MD5Util.md5Hex(passwd);
if(!md5.equals(passwdMD5)){
String message = "user name and password is mismatch. user:"+userName;
throw new AuthenticationException(message);
}
LOG.info("user "+userName+" login system successfully.");
}
@Override
public Configuration getConf() {
if(conf==null){
this.conf=new Configuration();
}
return conf;
}
@Override
public void setConf(Configuration arg0) {
this.conf=arg0;
}
}
Add the following properties to the hive-site.xml file, then restart Hiveserver2:
開啟自定義驗證配置
hive.server2.authentication
CUSTOM
hive.server2.custom.authentication.class
org.apache.hadoop.hive.contrib.auth.XXXXPasswdAuthenticator
相信看懂代碼的人應該明白怎么做了,我們要把用戶名密碼配置到hive-site.xml配置文件中。
hive.jdbc_passwd.auth.hive_r
b531c271de4552ca2dec510d318c87f9
多個用戶可以添加多個property,里面配置的即用戶名密碼了。
以上代碼打包jar包,上傳到hive/lib下即可實現HiveServer2的安全策略之自定義用戶名密碼驗證了。
總結
以上是生活随笔為你收集整理的hive 配置用户名_配置HiveServer2的安全策略之自定义用户名密码验证的全部內容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: linux更改nginx最大访问数,Li
- 下一篇: 打桩时不修改源码_考研网上报名点了修改报