httpclient访问httpfs服务(有Kerberos认证)
来源:互联网 发布:零云cms 编辑:程序博客网 时间:2024/06/10 05:06
场景:cdh集群已经添加kerberos认证,但是需要访问httpfs服务,怎么办?
如下实现:
1、引入maven
4.3.3 4.3.3 !--httpclient-->org.apache.httpcomponents httpclient${httpclient.version} org.apache.httpcomponents httpcore${httpcore.version}
2、代码:
package hadoop.other;import java.io.IOException;import java.io.InputStream;import java.security.Principal;import java.security.PrivilegedAction;import java.util.Arrays;import java.util.HashMap;import java.util.HashSet;import java.util.Set;import javax.security.auth.Subject;import javax.security.auth.kerberos.KerberosPrincipal;import javax.security.auth.login.AppConfigurationEntry;import javax.security.auth.login.Configuration;import javax.security.auth.login.LoginContext;import org.apache.commons.io.IOUtils;import org.apache.http.HttpResponse;import org.apache.http.auth.AuthSchemeProvider;import org.apache.http.auth.AuthScope;import org.apache.http.auth.Credentials;import org.apache.http.client.HttpClient;import org.apache.http.client.config.AuthSchemes;import org.apache.http.client.methods.HttpGet;import org.apache.http.client.methods.HttpUriRequest;import org.apache.http.config.Lookup;import org.apache.http.config.RegistryBuilder;import org.apache.http.impl.auth.SPNegoSchemeFactory;import org.apache.http.impl.client.BasicCredentialsProvider;import org.apache.http.impl.client.CloseableHttpClient;import org.apache.http.impl.client.HttpClientBuilder;import org.slf4j.Logger;import org.slf4j.LoggerFactory;/** * Created by yangjf on 2017/5/13 * Update date: * Time: 18:33 * Describle : * Result of Test:测试通过 * Command: * Email: jifei.yang@ngaa.com.cn */public class HttpClientGetEx { public static Logger logger= LoggerFactory.getLogger(HttpClientGetEx.class); private String principal ; private String keyTabLocation ; public HttpClientGetEx() {} public HttpClientGetEx(String principal, String keyTabLocation) { super(); this.principal = principal; this.keyTabLocation = keyTabLocation; } public HttpClientGetEx(String principal, String keyTabLocation, boolean isDebug) { this(principal, keyTabLocation); if (isDebug) { System.setProperty("sun.security.spnego.debug", "true"); System.setProperty("sun.security.krb5.debug", "true"); } } public HttpClientGetEx(String principal, String keyTabLocation, String krb5Location, boolean isDebug) { this(principal, keyTabLocation, isDebug); System.setProperty("java.security.krb5.conf", krb5Location); } //模拟curl使用kerberos认证 private static HttpClient buildSpengoHttpClient() { HttpClientBuilder builder = HttpClientBuilder.create(); LookupauthSchemeRegistry = RegistryBuilder. create(). register(AuthSchemes.SPNEGO, new SPNegoSchemeFactory(true)).build(); builder.setDefaultAuthSchemeRegistry(authSchemeRegistry); BasicCredentialsProvider credentialsProvider = new BasicCredentialsProvider(); credentialsProvider.setCredentials(new AuthScope(null, -1, null), new Credentials() { @Override public Principal getUserPrincipal() { return null; } @Override public String getPassword() { return null; } }); builder.setDefaultCredentialsProvider(credentialsProvider); CloseableHttpClient httpClient = builder.build(); return httpClient; } public HttpResponse callRestUrl(final String url,final String userId) { logger.warn(String.format("Calling KerberosHttpClient %s %s %s",this.principal, this.keyTabLocation, url)); Configuration config = new Configuration() { @SuppressWarnings("serial") @Override public AppConfigurationEntry[] getAppConfigurationEntry(String name) { return new AppConfigurationEntry[] { new AppConfigurationEntry("com.sun.security.auth.module.Krb5LoginModule", AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, new HashMap () { { put("useTicketCache", "false"); put("useKeyTab", "true"); put("keyTab", keyTabLocation); //Krb5 in GSS API needs to be refreshed so it does not throw the error //Specified version of key is not available put("refreshKrb5Config", "true"); put("principal", principal); put("storeKey", "true"); put("doNotPrompt", "true"); put("isInitiator", "true"); put("debug", "true"); } }) }; } }; Set princ = new HashSet (1); princ.add(new KerberosPrincipal(userId)); Subject sub = new Subject(false, princ, new HashSet
阅读全文
1 0
- httpclient访问httpfs服务(有Kerberos认证)
- httpFS访问
- Kerberos:面向开放式网络的认证服务
- Linux 安装Kerberos认证KDC服务
- 使用httpFS访问hdfs
- Kerberos认证
- Kerberos认证
- Kerberos认证
- 用Java访问带有Kerberos认证的HBase
- 用Java访问带有Kerberos认证的HBase
- 用Java访问带有Kerberos认证的HBase
- httpclient 面https认证,带cookie访问
- kerberos 认证方式-主机认证
- 企业认证机制(kerberos)
- kerberos认证过程概述
- kerberos认证过程
- kerberos认证过程
- hadoop 添加kerberos认证
- codevs 1004 四子连棋
- C++11 decltype 和auto
- (坑)网络流浅谈
- 欢迎使用CSDN-markdown编辑器
- Python(一)关于Python字符串的简单操作
- httpclient访问httpfs服务(有Kerberos认证)
- 51nod 1113 矩阵快速幂
- JAVA开发Web Service几种框架介绍
- bzoj 2324: [ZJOI2011]营救皮卡丘 费用流,最小路径覆盖DAG
- 单片机实验八
- 二分查找
- 达布中值定理(导数中间值定理)
- Python XML-RPC入门
- AQS源码分析