package com.primeton.dsp.datarelease.data.bdata;

import lombok.extern.slf4j.Slf4j;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.security.UserGroupInformation;

import java.io.IOException;


/**
 *
 * Kerberos 认证
 *
 * @author zhaopx
 */
@Slf4j
public class KerberosUtil {


    /**
     * 开始登陆，如果登陆失败抛出 SecurityException
     * @param conf
     * @param principal
     * @param userKeytabFile
     * @param krb5File
     */
    public static void loginKerberos(Configuration conf, String principal, String userKeytabFile, String krb5File) {
        System.setProperty("java.security.krb5.conf", krb5File);
        conf.setBoolean("hadoop.security.authorization", true);
        conf.set("hadoop.security.authentication", "kerberos");
        try {
            UserGroupInformation.setConfiguration(conf);
            UserGroupInformation.loginUserFromKeytab(principal, userKeytabFile);
            log.info("kerberos 认证成功!");
        } catch (IOException e) {
            log.error("kerberos 认证失败!", e);
            throw new SecurityException("kerberos 认证失败!", e);
        }
    }
}