Using HiveServer2 - Authentication
2015-06-17 22:32
169 查看
To configure Hive for use with HiveServer2, include the following configuration properties in the
To implement custom authentication for HiveServer2, create a custom Authenticator class derived from the following interface:
e.g.
Add the following properties to the hive-site.xml file, then restart Hiveserver2:
User name and password would be set in hive-site.xml
.../hive-site.xmlconfiguration file.
<property> <name>hive.support.concurrency</name> <description>Enable Hive's Table Lock Manager Service</description> <value>true</value> </property> <property> <name>hive.zookeeper.quorum</name> <description>Zookeeper quorum used by Hive's Table Lock Manager</description> <value><zk node1>,<zk node2>,...,<zk nodeN></value> </property> <property> <name>hive.zookeeper.client.port</name> <value>5181</value> <description>The Zookeeper client port. The MapR default clientPort is 5181.</description> </property>
To implement custom authentication for HiveServer2, create a custom Authenticator class derived from the following interface:
public interface PasswdAuthenticationProvider { /** * The Authenticate method is called by the HiveServer2 authentication layer * to authenticate users for their requests. * If a user is to be granted, return nothing/throw nothing. * When a user is to be disallowed, throw an appropriate {@link AuthenticationException}. * * For an example implementation, see {@link LdapAuthenticationProviderImpl}. * * @param user - The username received over the connection request * @param password - The password received over the connection request * @throws AuthenticationException - When a user is found to be * invalid by the implementation */ void Authenticate(String user, String password) throws AuthenticationException; }
e.g.
ackage org.apache.hadoop.hive.contrib.auth; import javax.security.sasl.AuthenticationException; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.apache.hadoop.conf.Configurable; import org.apache.hadoop.conf.Configuration; import org.apache.hadoop.hive.contrib.utils.MD5Util; import org.apache.hive.service.auth.PasswdAuthenticationProvider; public class XXXXPasswdAuthenticator implements PasswdAuthenticationProvider,Configurable { private static final Log LOG=LogFactory.getLog(XXXXPasswdAuthenticator.class); private Configuration conf=null; private static final String HIVE_JDBC_PASSWD_AUTH_PREFIX="hive.jdbc_passwd.auth.%s"; public XXXXPasswdAuthenticator() { init(); } /** * */ public void init(){ } @Override public void Authenticate(String userName, String passwd) throws AuthenticationException { LOG.info("user: "+userName+" try login."); String passwdMD5 = getConf().get(String.format(HIVE_JDBC_PASSWD_AUTH_PREFIX, userName)); if(passwdMD5==null){ String message = "user's ACL configration is not found. user:"+userName; LOG.info(message); throw new AuthenticationException(message); } String md5 = MD5Util.md5Hex(passwd); if(!md5.equals(passwdMD5)){ String message = "user name and password is mismatch. user:"+userName; throw new AuthenticationException(message); } LOG.info("user "+userName+" login system successfully."); } @Override public Configuration getConf() { if(conf==null){ this.conf=new Configuration(); } return conf; } @Override public void setConf(Configuration arg0) { this.conf=arg0; } }
Add the following properties to the hive-site.xml file, then restart Hiveserver2:
<property> <name>hive.server2.authentication</name> <value>CUSTOM</value> </property> <property> <name>hive.server2.custom.authentication.class</name> <value>org.apache.hadoop.hive.contrib.auth.XXXXPasswdAuthenticator</value> </property>
User name and password would be set in hive-site.xml
<property> <name>hive.jdbc_passwd.auth.hive_user1</name> <value>b531c271de4552ca2dec510d318c87f9</value> <description/> </property> <property> <name>hive.jdbc_passwd.auth.hive_user2</name> <value>b531c271de4552ca2dec510d318c87f9</value> <description/> </property>
相关文章推荐
- Effective C++条款06解读 : 若不想使用编译器自动生成的函数, 就应该明确拒绝
- LCA与RMQ
- j2se学习笔记-IO_4 Object流
- CF 7A Kalevitch and Chess
- 定义模型
- 进程间通信(6) - 消息队列(posix)
- Android 获取设备信息、获取手机信息
- 深入浅出Objective-c
- 1_CC2530 Zstack 2.5.1a 低功耗模式
- BCG静态编译且支持中文
- 2015061708 - 波斯王子遗忘之沙游戏志
- 转: mysql create view 创建视图
- 每天一个linux命令(48):watch命令
- 第二阶段绩效评估结果
- 回文数猜想(hd1282)
- hihoCoder #1176 : 欧拉路·一 (简单)
- 在hibernate中如果一对多关联,并以多的一方的参数作为条件则必须使用
- 20150617-Python冒泡排序
- 黑马程序员------2015.6.17java基础--异常--package---线程
- PDO query和execute区别