CDH 6.3.2 Hive自定义用户名密码验证

精品微信小程序开发门户,代码全部亲测可用

CDH 6.3.2 Hive自定义用户名密码验证

留下评论 ,

为了增强hive的安全性,可以自定义用户名密码验证。

首先写成相应的工具类

import javax.security.sasl.AuthenticationException;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.hive.conf.HiveConf;
import org.slf4j.Logger;
public class CustomPasswdAuthenticator implements org.apache.hive.service.auth.PasswdAuthenticationProvider{
    private Logger LOG = org.slf4j.LoggerFactory.getLogger(CustomPasswdAuthenticator.class);
    private static final String HIVE_JDBC_PASSWD_AUTH_PREFIX="hive.jdbc_passwd.auth.%s";
    private Configuration conf=null;
    @Override
    public void Authenticate(String userName, String passwd)  
              throws AuthenticationException {  
            LOG.info("user: "+userName+" try login.");  
            String passwdConf = getConf().get(String.format(HIVE_JDBC_PASSWD_AUTH_PREFIX, userName));  
            if(passwdConf==null){  
              String message = "user's ACL configration is not found. user:"+userName;  
              LOG.info(message);  
              throw new AuthenticationException(message);  
            }   
            if(!passwd.equals(passwdConf)){  
              String message = "user name and password is mismatch. user:"+userName;  
              throw new AuthenticationException(message);  
            }  
          }  
          public Configuration getConf() {  
            if(conf==null){  
              this.conf=new Configuration(new HiveConf());  
            }  
            return conf;  
          }  
          public void setConf(Configuration conf) {  
            this.conf=conf;  
          }
}

把这个工具类打包成jar包放在hive根目录的lib目录下,
/opt/cloudera/parcels/CDH/lib/hive/lib/hiveAuth.jar


HDFS修改core-site.xml配置

搜索 core-site.xml

core-site.xml 的群集范围高级配置代码段(安全阀)

<property>   
  <name>hadoop.proxyuser.hadoop.hosts</name>  
   <value>*</value> </property>
 <property>    
 <name>hadoop.proxyuser.hadoop.groups</name>   
  <value>*</value> 
</property>





Hive修改hive-site.xml配置

<property>
    <name>hive.security.authorization.enabled</name>
    <value>true</value>
</property>
<property>
    <name>hive.security.authorization.createtable.owner.grants</name>
    <value>ALL</value>
</property>
<property>
    <name>hive.security.authorization.task.factory</name>
    <value>org.apache.hadoop.hive.ql.parse.authorization.HiveAuthorizationTaskFactoryImpl</value>
</property>
<property>
    <name>hive.users.in.admin.role</name>
    <value>hdfs</value>
</property>
<property>
    <name>hive.server2.authentication</name>
    <value>CUSTOM</value>
</property>
<property>
    <name>hive.server2.custom.authentication.class</name>
    <value>org.apache.hadoop.hive.contrib.auth.CustomPasswdAuthenticator </value>
</property>

<property>
    <name>hive.jdbc_passwd.auth.hdfs</name>
    <value>2ad4fed18d94500baa7dcf70fd7b1ecf</value>
</property>

重启hadoop和hive

关注公众号“大模型全栈程序员”回复“小程序”获取1000个小程序打包源码。更多免费资源在http://www.gitweixin.com/?p=2627

发表评论

邮箱地址不会被公开。 必填项已用*标注