在线支持
在线支持
微信支持
微信支持
【API访问实例】使用hyperbase API访问启用Kerberos的服务demo
2022-10-24 18:42:14
104次阅读
0个评论

如果需使用API来进行权限的管理,可考虑如下实例:


使用Java API访问启用Kerberos的服务示例

环境准备:

配置Kerberos客户端

配置默认路径:/etc/krb5.conf (Linux) 或者 C://Windows/krb5.ini (Windows)

或者

添加Java程序启动参数 -Djava.security.krb5.conf=<your_krb5_conf_path> 来指定Kerberos客户端配置

文件路径

确保客户端时间与集群时间同步

NOTE: client的机器时间和集群时间的时间差需在5分钟之内。


1. 程序的 Classpath 中加入配置文件目录(hbase-site.xml, core-site.xml)时,使用UserGroupInformation.loginUserFromKeytab 登录:


Example 1. 访问Hyperbase示例

import java.io.IOException;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.hbase.HBaseConfiguration;
import org.apache.hadoop.hbase.HTableDescriptor;
import org.apache.hadoop.hbase.client.HBaseAdmin;
import org.apache.hadoop.security.UserGroupInformation;
public class HBaseSecureTest {
  public static void main(String[] args) throws IOException {
    UserGroupInformation.loginUserFromKeytab(“hbase/tw-node2125”,
“/etc/hyperbase1/hbase.keytab”);①
    Configuration conf = HBaseConfiguration.create();
    HBaseAdmin hBaseAdmin = new HBaseAdmin(conf);
    hBaseAdmin.createTable(new HTableDescriptor(“t1”));
  }
}

① "/etc/hyperbase1/hbase.keytab"表示客户端的加密文件所在地址,而非服务端的,所以需要根据具体
的客户端地址加以修改;“hbase/tw-node2125”中前者表示用户名,后者表示集群的任意一台机器,
可以不写。


2.当 Classpath 中没有加入配置文件目录(hbase-site.xml, core-site.xml)时,需要按如下方式在代码里设置一些配置项。

Example 2. 访问Hyperbase示例


import java.io.IOException;


import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.hbase.HBaseConfiguration;
import org.apache.hadoop.hbase.HTableDescriptor;
import org.apache.hadoop.hbase.client.HBaseAdmin;
import org.apache.hadoop.security.UserGroupInformation;


public class HBaseSecureTest {
  public static void main(String[] args) throws IOException {
    Configuration HBASE_CONFIG = new Configuration();
    HBASE_CONFIG.set(“hbase.zookeeper.quorum”,
“172.16.2.125,172.16.2.126,172.16.2.127”); ①
    HBASE_CONFIG.set(“hbase.master.kerberos.principal”,
“hbase/_HOST@TDH”);
    HBASE_CONFIG.set(“hbase.regionserver.kerberos.principal”,
“hbase/_HOST@TDH”);
    HBASE_CONFIG.set(“hbase.security.authentication”, “kerberos”);
    HBASE_CONFIG.set(“hadoop.security.authentication”, “kerberos”);


    HBASE_CONFIG.set(“zookeeper.znode.parent”, “/hyperbase1”);


    Configuration conf = HBaseConfiguration.create(HBASE_CONFIG);

    UserGroupInformation.setConfiguration(conf);
    UserGroupInformation.loginUserFromKeytab(“hbase/tw-node2125”,
“/etc/hyperbase1/hbase.keytab”);
    HBaseAdmin hBaseAdmin = new HBaseAdmin(conf);
    hBaseAdmin.createTable(new HTableDescriptor(“t1”));
  }
}
① 以下四条命令中的参数都是固定写法。

3.使用不同的 UserGroupInformation 对象执行不同的代码段

UserGroupInformation ugi1 =
UserGroupInformation.loginUserFromKeytabAndReturnUGI(principal1,
keytab1);
UserGroupInformation ugi2 =
UserGroupInformation.loginUserFromKeytabAndReturnUGI(principal2,
keytab2);

ugi1.doAs(new PrivilegeExceptionAction {
    override T run() {
        action1;
        return T;
    }
);
ugi2.doAs(new PrivilegeExceptionAction {
    override T run() {
        action2;
        return T;
    }
);


4.Hyperbase 操作
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.hbase.;
import org.apache.hadoop.hbase.client.
;
import org.apache.hadoop.hbase.util.Bytes;
import org.apache.hadoop.security.UserGroupInformation;


import java.io.IOException;
import java.util.ArrayList;
import java.util.List;


/**

  • Created by gordon on 2015/6/16.
    */
    public class HyperbaseSecureTest {
    private static Configuration conf = null;
    static {
    Configuration HBASE_CONFIG = new Configuration();
    HBASE_CONFIG.set(“hbase.zookeeper.quorum”, “transwarpnode5,
    transwarp-node6,transwarp-node7”);
    HBASE_CONFIG.set(“hbase.master.kerberos.principal”,
    “hbase/_HOST@TDH”);
    HBASE_CONFIG.set(“hbase.regionserver.kerberos.principal”,
    “hbase/_HOST@TDH”);
    HBASE_CONFIG.set(“hbase.security.authentication”, “kerberos”);
    HBASE_CONFIG.set(“zookeeper.znode.parent”, “/hyperbase1”);
    HBASE_CONFIG.set(“hadoop.security.authentication”, “kerberos”);
    conf = HBaseConfiguration.create(HBASE_CONFIG);

}
/**

  • 创建一张表
    /
    public static void creatTable(String tableName, String[] familys)
    throws Exception {
    HBaseAdmin admin = new HBaseAdmin(conf);
    if (admin.tableExists(tableName)) {
    System.out.println(“table already exists!”);
    } else {
    HTableDescriptor tableDesc = new HTableDescriptor(tableName);
    for(int i=0; i<familys.length; i++){
    tableDesc.addFamily(new HColumnDescriptor(familys[i]));
    }
    admin.createTable(tableDesc);
    System.out.println(“create table " + tableName + " ok.”);
    }
    }
    /
    *
  • 删除表
    /
    public static void deleteTable(String tableName) throws Exception {
    try {
    HBaseAdmin admin = new HBaseAdmin(conf);
    admin.disableTable(tableName);
    admin.deleteTable(tableName);
    System.out.println(“delete table " + tableName + " ok.”);
    } catch (MasterNotRunningException e) {
    e.printStackTrace();
    } catch (ZooKeeperConnectionException e) {
    e.printStackTrace();
    }
    }
    /
    *
  • 插入一行记录
    /
    public static void addRecord (String tableName, String rowKey, String
    family, String qualifier, String value)
    throws Exception{
    try {
    HTable table = new HTable(conf, tableName);
    Put put = new Put(Bytes.toBytes(rowKey));
    put.add(Bytes.toBytes(family),Bytes.toBytes(qualifier),Bytes.toBytes(value
    ));
    table.put(put);
    System.out.println(“insert recored " + rowKey + " to table " +
    tableName +” ok.");
    } catch (IOException e) {
    e.printStackTrace();
    }
    }
    /
    *
  • 删除一行记录
    */

public static void delRecord (String tableName, String rowKey) throws
IOException{
HTable table = new HTable(conf, tableName);
List list = new ArrayList();
Delete del = new Delete(rowKey.getBytes());
list.add(del);
table.delete(list);
System.out.println(“del recored " + rowKey + " ok.”);
}
/**

  • 查找一行记录
    /
    public static void getOneRecord (String tableName, String rowKey)
    throws IOException{
    HTable table = new HTable(conf, tableName);
    Get get = new Get(rowKey.getBytes());
    Result rs = table.get(get);
    for(KeyValue kv : rs.raw()){
    System.out.print(new String(kv.getRow()) + " " );
    System.out.print(new String(kv.getFamily()) + “:” );
    System.out.print(new String(kv.getQualifier()) + " " );
    System.out.print(kv.getTimestamp() + " " );
    System.out.println(new String(kv.getValue()));
    }
    }
    /
    *
  • 显示所有数据
    */
    public static void getAllRecord (String tableName) {
    try{
    HTable table = new HTable(conf, tableName);
    Scan s = new Scan();
    ResultScanner ss = table.getScanner(s);
    for(Result r:ss){
    for(KeyValue kv : r.raw()){
    System.out.print(new String(kv.getRow()) + " “);
    System.out.print(new String(kv.getFamily()) + “:”);
    System.out.print(new String(kv.getQualifier()) + " “);
    System.out.print(kv.getTimestamp() + " “);
    System.out.println(new String(kv.getValue()));
    }
    }
    } catch (IOException e){
    e.printStackTrace();
    }
    }
    public static void main(String[] args) throws IOException {
    try {
    UserGroupInformation.setConfiguration(conf);
    UserGroupInformation.loginUserFromKeytab(“hbase/transwarpnode5”,
    “/etc/hyperbase1/hbase.keytab”);
    // HBaseAdmin hBaseAdmin = new HBaseAdmin(conf);
    // hBaseAdmin.createTable(new HTableDescriptor(“gordon2”));
    String tablename = “scores”;
    String[] familys = {“grade”, “course”};
    [header]
    Preface | 5
    HyperbaseSecureTest.creatTable(tablename, familys);
    //add record zkb
    HyperbaseSecureTest.addRecord(tablename,“zkb”,“grade”,””,“5”);
    HyperbaseSecureTest.addRecord(tablename,“zkb”,“course”,”",“90”);
    HyperbaseSecureTest.addRecord(tablename,“zkb”,“course”,“math”,“97”);
    HyperbaseSecureTest.addRecord(tablename,“zkb”,“course”,“art”,“87”);
    //add record baoniu
    HyperbaseSecureTest.addRecord(tablename,“baoniu”,“grade”,"",“4”);
    HyperbaseSecureTest.addRecord(tablename,“baoniu”,“course”,“math”,“89”);
    System.out.println("===========get one record========");
    HyperbaseSecureTest.getOneRecord(tablename, “zkb”);
    System.out.println("===========show all record========");
    HyperbaseSecureTest.getAllRecord(tablename);
    System.out.println("===========del one record========");
    HyperbaseSecureTest.delRecord(tablename, “baoniu”);
    HyperbaseSecureTest.getAllRecord(tablename);
    System.out.println("===========show all record========");
    HyperbaseSecureTest.getAllRecord(tablename);
    } catch (Exception e) {
    e.printStackTrace();
    }
    }
    }
    HBase权限管理API示例(Hyperbase authorization api demo)
    // Hyperbase提供了AccessControlClient这个类用来操作Hyperbase的权限管理。
    import org.apache.hadoop.conf.Configuration;
    import org.apache.hadoop.hbase.HBaseConfiguration;
    import org.apache.hadoop.hbase.TableName;
    import org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos;
    import org.apache.hadoop.hbase.security.access.AccessControlClient;
    import org.apache.hadoop.hbase.security.access.UserPermission;
    import org.apache.hadoop.security.UserGroupInformation;
    import java.security.PrivilegedAction;
    import java.util.List;
    public class HyperbaseAuthorization {
    public static void main(String[] args) throws Exception {
    String zkquorum = “baogang1”;
    String znode = “/hyperbase1”;
    final String targetTableName = “zhaoliu:zhaoliu_table”;
    Configuration config = new Configuration();
    config.set(“hbase.zookeeper.quorum”, zkquorum);
    config.set(“zookeeper.znode.parent”, znode);
    config.set(“hbase.master.kerberos.principal”, “hbase/_HOST@TDH”);
    config.set(“hbase.regionserver.kerberos.principal”, “hbase/_HOST@TDH”);
    config.set(“hbase.security.authentication”, “kerberos”);
    config.set(“hadoop.security.authentication”, “kerberos”);
    final Configuration conf = HBaseConfiguration.create(config);
    UserGroupInformation.setConfiguration(conf);
    // hbase user has global permissions
    UserGroupInformation ugi =
    UserGroupInformation.loginUserFromKeytabAndReturnUGI(“hbase”,
    “/home/zhaoliu/data/baogan*ase-baogang.keytab”);
    ugi.doAs(new PrivilegedAction() {
    @Override
    public Void run() {
    try {
    if (AccessControlClient.isAccessControllerRunning(conf)) {
    List permissions =
    AccessControlClient.getUserPermissions(conf, targetTableName);
    AccessControlProtos.GrantResponse grantResponse =
    AccessControlClient.grant(conf, TableName.valueOf(targetTableName), “zhu”,
    “f”.getBytes(), null,
    AccessControlProtos.Permission.Action.READ,
    AccessControlProtos.Permission.Action.WRITE);
    permissions = AccessControlClient.getUserPermissions(conf,
    targetTableName);
    AccessControlProtos.RevokeResponse revokeResponse =
    AccessControlClient.revoke(conf, “zhu”,
    TableName.valueOf(targetTableName), “f”.getBytes(), null,
    AccessControlProtos.Permission.Action.READ,
    AccessControlProtos.Permission.Action.WRITE);
    permissions = AccessControlClient.getUserPermissions(conf,
    targetTableName);
    // Global permissions
    String global = “hbase:acl”;
    grantResponse = AccessControlClient.grant(conf,
    TableName.valueOf(global), “zhu”, null, null,
    AccessControlProtos.Permission.Action.READ,
    AccessControlProtos.Permission.Action.WRITE);
    permissions = AccessControlClient.getUserPermissions(conf, global);
    revokeResponse = AccessControlClient.revoke(conf, “zhu”,
    TableName.valueOf(global), null, null,
    AccessControlProtos.Permission.Action.READ,
    AccessControlProtos.Permission.Action.WRITE);
    permissions = AccessControlClient.getUserPermissions(conf, global);
    } else {
    System.out.println(“Hbase access controller is not running.”);
    }
    } catch (Throwable e) {
    e.printStackTrace();
    }
    return null;
    }
    });
    }
    }

具体参考文档下载:链接:http://pan.baidu.com/s/1i5K* 56 密码:mbdy

收藏 0 0

登录 后评论。没有帐号? 注册 一个。

admin

官方人员
  • 0 回答
  • 0 粉丝
  • 0 关注