zhzhenqin
/
java-classic-code


			
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100
							package com.primeton.dsp.datarelease.data.bdata;


import com.primeton.dsp.datarelease.server.model.DspHiveResource;
import lombok.extern.slf4j.Slf4j;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.hive.conf.HiveConf;

import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.SQLException;
import java.util.Set;

/**
 *
 * Hive Kerberos 认证方式获得连接
 *
 *
 * <pre>
 *
 * Created by zhaopx.
 * User: zhaopx
 * Date: 2020/4/22
 * Time: 18:02
 *
 * </pre>
 *
 * @author zhaopx
 */
@Slf4j
public class Krb5HiveConnectionServiceImpl implements HiveConnectionService {


    /**
     * Hive 数据源
     */
    final DspHiveResource hiveResource;


    String hiveUrl;

    public Krb5HiveConnectionServiceImpl(DspHiveResource hiveResource) {
        this.hiveResource = hiveResource;
    }

    @Override
    public boolean doAuth() {
        //KrbUser = "hadoop/cdh-node1@HADOOP.COM";
        // 认证传过来
        AuthPrincipalCreator authPrincipalCreator = AuthPrincipalCreator.useDataReleaseConf(hiveResource.getAuthBasePath());
        Set<String> principals = authPrincipalCreator.listPrincipals();
        log.info("find existed principals: {}", principals);
        AuthPrincipal kerberosPrincipal = authPrincipalCreator.getKerberosPrincipal(hiveResource.getHiveDbUser());

        String userKeytab = kerberosPrincipal.getUserKeytabFile().getAbsolutePath();
        String krb5File = kerberosPrincipal.getKrb5File().getAbsolutePath();
        String krbUser = kerberosPrincipal.getPrincipal();
        StringBuffer buffer = new StringBuffer(hiveResource.getHiveUrl());
        buffer.append(";principal=").append(krbUser);
        hiveUrl = buffer.toString();
        log.info("HIVE_URL : " + hiveUrl);

        // 分别加载 core、hdfs、hive site 文件
        Configuration conf = new Configuration();
        try {
            if (kerberosPrincipal.getCoreSite() != null) {
                conf.addResource(kerberosPrincipal.getCoreSite().toURL());
                log.info("add config: {}", kerberosPrincipal.getCoreSite().getAbsolutePath());
            }

            if (kerberosPrincipal.getHdfsSite() != null) {
                conf.addResource(kerberosPrincipal.getHdfsSite().toURL());
                log.info("add config: {}", kerberosPrincipal.getHdfsSite().getAbsolutePath());
            }

            if (kerberosPrincipal.getHiveSite() != null) {
                conf.addResource(kerberosPrincipal.getHiveSite().toURL());
                log.info("add config: {}", kerberosPrincipal.getHiveSite().getAbsolutePath());
            }
        } catch (Exception e) {
            throw new IllegalStateException(e);
        }

        // Kerberos 认证
        KerberosUtil.loginKerberos(conf, krbUser, userKeytab, krb5File);
        log.info("hive kerberos 认证通过。");
        return true;
    }

    @Override
    public Connection getConnection() throws SQLException {
        try {
            Class.forName("org.apache.hive.jdbc.HiveDriver");
        } catch (ClassNotFoundException e) {
            throw new SQLException("找不到Hive驱动：org.apache.hive.jdbc.HiveDriver.", e);
        }
        return DriverManager.getConnection(hiveUrl, "", "");
    }
}