大数据Hive系列之HiveServer2用户安全认证

x33g5p2x  于2021-12-25 转载在 其他  
字(4.5k)|赞(0)|评价(0)|浏览(566)

1. 概述

1.1 目的

HiveServer2提供了JDBC链接操作Hive的功能,非常实用,但如果在使用HiveServer2时候,不注意安全控制,将非常危险,因为任何人都可以作为超级用户来操作Hive及HDFS数据。

1.2 认证方式

HiveServer2支持多种用户安全认证方式:NONE,NOSASL, KERBEROS, LDAP, PAM ,CUSTOM等等,本文采用CUSTOM。

2. 编写代码

  • 所需jar包

  • commons-logging-1.2.jar

  • hadoop-common-2.7.3.jar

  • hive-service-2.1.1.jar

2.1 编写权限认证类

package org.apache.hive;

import javax.security.sasl.AuthenticationException;

import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.hadoop.conf.Configurable;
import org.apache.hadoop.conf.Configuration;
import org.apache.hive.service.auth.PasswdAuthenticationProvider;

/** * 权限认证类 * * @author volitation * */
public class CustomHiveServer2Auth implements PasswdAuthenticationProvider, Configurable {

    private static final Log LOG = LogFactory.getLog(CustomHiveServer2Auth.class);

    private Configuration conf = null;

    private static final String HIVE_JDBC_PASSWD_AUTH_PREFIX = "hive.jdbc_passwd.auth.%s";

    public CustomHiveServer2Auth() {
        init();
    }

    public void init() {

    }

    public void Authenticate(String userName, String passwd) throws AuthenticationException {
        LOG.info("user: " + userName + " try login.");

        String passwdMD5 = getConf().get(String.format(HIVE_JDBC_PASSWD_AUTH_PREFIX, userName));

        if (passwdMD5 == null) {
            String message = "user's ACL configration is not found. user:" + userName;
            LOG.info(message);
            throw new AuthenticationException(message);
        }

        String md5 = new MD5().md5(passwd);

        if (!md5.equals(passwdMD5)) {
            String message = "user name and password is mismatch. user:" + userName;
            throw new AuthenticationException(message);
        }

        LOG.info("user " + userName + " login system successfully.");
    }

    public Configuration getConf() {
        if (conf == null) {
            this.conf = new Configuration();
        }
        return conf;
    }

    public void setConf(Configuration arg0) {
        this.conf = arg0;
    }
}

2.2 编写MD5加密类

package org.apache.hive;

import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;

/** * MD5加密类 * * @author volitation * */
public class MD5 {

    private MessageDigest digest;

    private char hexDigits[] = { '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f' };

    public MD5() {
        try {
            digest = MessageDigest.getInstance("MD5");
        } catch (NoSuchAlgorithmException e) {
            throw new RuntimeException(e);
        }
    }

    public String md5(String str) {
        byte[] btInput = str.getBytes();
        digest.reset();
        digest.update(btInput);
        byte[] md = digest.digest();
        // 把密文转换成十六进制的字符串形式
        int j = md.length;
        char strChar[] = new char[j * 2];
        int k = 0;
        for (int i = 0; i < j; i++) {
            byte byte0 = md[i];
            strChar[k++] = hexDigits[byte0 >>> 4 & 0xf];
            strChar[k++] = hexDigits[byte0 & 0xf];
        }
        return new String(strChar);
    }

    public static void main(String[] args) {
        String pwd = new MD5().md5("NFJD1234");
        System.out.println(pwd);

    }

}

2.3 配置pom,用Maven打jar包

<dependencies>
    <dependency>
        <groupId>hive-service</groupId>
        <artifactId>hive-service</artifactId>
        <version>2.1.1</version>
        <scope>system</scope>
        <systemPath>${basedir}/src/main/webapp/WEB-INF/lib/hive-service-2.1.1.jar</systemPath>
    </dependency>
    <dependency>
        <groupId>commons-logging</groupId>
        <artifactId>commons-logging</artifactId>
        <version>1.2</version>
        <scope>system</scope>
        <systemPath>${basedir}/src/main/webapp/WEB-INF/lib/commons-logging-1.2.jar</systemPath>
    </dependency>
    <dependency>
        <groupId>hadoop-common</groupId>
        <artifactId>hadoop-common</artifactId>
        <version>2.7.3</version>
        <scope>system</scope>
        <systemPath>${basedir}/src/main/webapp/WEB-INF/lib/hadoop-common-2.7.3.jar</systemPath>
    </dependency>
</dependencies>

3. Hive配置

3.1 上传jar包

  • $ cp ~/hive-jar/hive-server2-2.1.1.jar /apps/svr/hive/apache-hive-2.1.1-bin/lib/

3.2 配置hive-site.xml

  • $ cd /apps/svr/hive/apache-hive-2.1.1-bin/ && vim conf/hive-site.xml
<property>
    <name>hive.server2.thrift.port</name>
    <value>10000</value>
</property>
<property>
    <name>hive.server2.authentication</name>
    <value>CUSTOM</value>
</property>
<property>
    <name>hive.server2.custom.authentication.class</name>
    <value>org.apache.hive.CustomHiveServer2Auth</value>
</property>
<!-- username:hive ; password:hive!@#123 -->
<property>
    <name>hive.jdbc_passwd.auth.hive</name>
    <value>84fea338063c80fde150cb17995056d3</value>
    <description/>
</property>

4. HiveServer2启动验证

4.1 启动hiveserver2

  • $ hive --service hiveserver2 &

4.2 验证

$ beeline
beeline> !connect jdbc:hive2://192.168.9.87:10000 hive hive!@#123
0: jdbc:hive2://192.168.9.87:10000>

4.3 Web UI验证

http://192.168.9.87:10002

版权说明 : 本文为转载文章, 版权归原作者所有 版权申明

原文链接 : https://volitation.blog.csdn.net/article/details/78354974

内容来源于网络,如有侵权,请联系作者删除!

Hive

相关文章

    查看更多
    • 蜀ICP备2022004421号-2 NULL123 https://www.null123.com © All rights reserved
    • 本站内容来源互联网,如果侵犯您的权益请联系我们删除, 联系方式:448109455@qq.com