java连接接kerberos认证下的hive
1.pop.xml配置
hive与hadoop的配置版本要匹配,一般hive 2.X版本要选择hadoop2.x版本,否则会不兼容
<dependency>
<groupId>org.apache.hadoop</groupId>
<artifactId>hadoop-client</artifactId>
<version>${hadoop.version}</version>
<exclusions>
<exclusion>
<artifactId>slf4j-reload4j</artifactId>
<groupId>org.slf4j</groupId>
</exclusion>
<exclusion>
<artifactId>javax.servlet-api</artifactId>
<groupId>javax.servlet</groupId>
</exclusion>
<exclusion>
<artifactId>jersey-servlet</artifactId>
<groupId>com.sun.jersey</groupId>
</exclusion>
<exclusion>
<artifactId>jetty-servlet</artifactId>
<groupId>org.eclipse.jetty</groupId>
</exclusion>
<exclusion>
<artifactId>servlet-api</artifactId>
<groupId>javax.servlet</groupId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.apache.hive</groupId>
<artifactId>hive-jdbc</artifactId>
<version>2.1.1</version>
<exclusions>
<exclusion>
<artifactId>slf4j-reload4j</artifactId>
<groupId>org.slf4j</groupId>
</exclusion>
<exclusion>
<artifactId>log4j-slf4j-impl</artifactId>
<groupId>org.apache.logging.log4j</groupId>
</exclusion>
<exclusion>
<groupId>javax.servlet</groupId>
<artifactId>servlet-api</artifactId>
</exclusion>
<exclusion>
<artifactId>javax.servlet</artifactId>
<groupId>org.eclipse.jetty.orbit</groupId>
</exclusion>
<exclusion>
<groupId>org.eclipse.jetty.aggregate</groupId>
<artifactId>*</artifactId>
</exclusion>
<exclusion>
<artifactId>guice-servlet</artifactId>
<groupId>com.google.inject.extensions</groupId>
</exclusion>
<exclusion>
<artifactId>servlet-api-2.5</artifactId>
<groupId>org.mortbay.jetty</groupId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.apache.hadoop</groupId>
<artifactId>hadoop-common</artifactId>
<version>2.8.5</version>
<exclusions>
<exclusion>
<artifactId>slf4j-reload4j</artifactId>
<groupId>org.slf4j</groupId>
</exclusion>
<exclusion>
<artifactId>javax.servlet-api</artifactId>
<groupId>javax.servlet</groupId>
</exclusion>
<exclusion>
<artifactId>jersey-servlet</artifactId>
<groupId>com.sun.jersey</groupId>
</exclusion>
<exclusion>
<artifactId>jetty-servlet</artifactId>
<groupId>org.eclipse.jetty</groupId>
</exclusion>
<exclusion>
<artifactId>servlet-api</artifactId>
<groupId>javax.servlet</groupId>
</exclusion>
</exclusions>
</dependency>
2、示例代码
import org.apache.hadoop.conf.Configuration; import org.apache.hadoop.security.UserGroupInformation; import java.sql.Connection; import java.sql.DriverManager; import java.sql.PreparedStatement; import java.sql.ResultSet; public class App { private static String JDBC_DRIVER = "org.apache.hive.jdbc.HiveDriver"; private static String CONNECTION_URL ="jdbc:hive2://10.23.13.196:10000/ods;principal=hive/master@HADOOP.COM"; static { try { Class.forName(JDBC_DRIVER); } catch (ClassNotFoundException e) { e.printStackTrace(); } } public static void main(String[] args) throws Exception { Class.forName(JDBC_DRIVER); //登录Kerberos账号 System.setProperty("java.security.krb5.conf", "/root/sample-cdh/ticket/krb5.conf"); Configuration configuration = new Configuration(); configuration.set("hadoop.security.authentication" , "Kerberos" ); configuration.setBoolean("hadoop.security.authorization", true); UserGroupInformation. setConfiguration(configuration); UserGroupInformation.loginUserFromKeytab("hive/master@HADOOP.COM" , "/root/sample-cdh/ticket/hive.keytab"); Connection connection = null; ResultSet rs = null; PreparedStatement ps = null; try { connection = DriverManager.getConnection(CONNECTION_URL); ps = connection.prepareStatement("show databases"); rs = ps.executeQuery(); while (rs.next()) { System.out.println(rs.getString(1)); } } catch (Exception e) { e.printStackTrace(); } } }
3、注意事项:
(1)krb5.conf、test_user.keytab 2个文件,路径要改对
(2)jar依赖包版本和服务器hadoop、hive版本要匹配,否则会报错:
Caused by: org.apache.thrift.TApplicationException: Required field 'client_protocol' is unset! Struct:TOpenSessionReq
原因:This indicates a version mismatch between client and server, namely that the client is newer than the server, which is your case.
客户端和服务端包的版本不一致;
(3)错误:Error: Could not open client transport with JDBC Uri: jdbc:hive2://master:10000/default: Peer indicated failure:
Unsupported mechanism type PLAIN (state=08S01,code=0)
解决: jdbc连接url时,缺少principal,整个url连接如下:jdbc:hive2://master:10000/default;principal=hive/master@HADOOP.COM
(4)错误: Could not open client transport with JDBC Uri: jdbc:hive2://master:10000/default;principal=hdfs/master@HADOOP.COM: Peer indicated failure:
GSS initiate failed (state=08S01,code=0)
解决: jdbc连接url时,principal的用户有问题,整个url连接如下:
principal=hdfs/master@HADOOP.COM 替换为:hive/master@HADOOP.COM
jdbc:hive2://master:10000/default;principal=hive/master@HADOOP.COM
