【kerberos】使用keytab文件,kerberos认证工具类 scala版本

lisacumt2025-01-24 14:44
scala 复制代码 
import org.apache.commons.lang3.StringUtils
import org.apache.hadoop.conf.Configuration
import org.apache.hadoop.security.{SecurityUtil, UserGroupInformation}
import org.apache.kerby.kerberos.kerb.keytab.Keytab
import org.slf4j.Logger
import sun.security.provider.ConfigFile

import java.io.File
import java.net.{URI, URL}
import java.nio.file.{Files, Paths}
import scala.collection.JavaConversions._
import scala.collection.JavaConverters._
import scala.io.Source

case class KerberosConf(var principal: String,var keytab: String,var krb5conf: String="/etc/krb5.conf")


object KerberosUtils {
  val LOG: Logger = org.slf4j.LoggerFactory.getLogger(KerberosUtils.getClass)

  val JAVA_SECURITY_KRB5_CONF = "java.security.krb5.conf"
  val JAVA_SECURITY_AUTH_LOGIN_CONFIG = "java.security.auth.login.config"

  def loginKerberos(krb5Principal: String, krb5KeytabPath: String, krb5ConfPath: String, hadoopConf: Configuration): Boolean = {
    val authType = hadoopConf.get("hadoop.security.authentication")
    if (!"kerberos".equalsIgnoreCase(authType)) {
      LOG.error(s"kerberos utils get hadoop authentication type [${authType}] ,not kerberos!")
    } else {
      LOG.info(s"kerberos utils get hadoop authentication type [${authType}]!")
    }

    UserGroupInformation.setConfiguration(hadoopConf)
    System.setProperty(JAVA_SECURITY_KRB5_CONF, krb5ConfPath)
    System.setProperty("javax.security.auth.useSubjectCredsOnly", "false")

    // 1. using SecurityUtil
    //    hadoopConf.set(SPARK_KERBEROS_PRINCIPAL,krb5Principal)
    //    hadoopConf.set(SPARK_KERBEROS_KEYTAB,krb5KeytabPath)
    //    SecurityUtil.login(hadoopConf,SPARK_KERBEROS_KEYTAB,SPARK_KERBEROS_PRINCIPAL);

    // 2. using UserGroupInformation
    UserGroupInformation.loginUserFromKeytab(krb5Principal, krb5KeytabPath)
    val user = UserGroupInformation.getLoginUser
    if (user.getAuthenticationMethod == UserGroupInformation.AuthenticationMethod.KERBEROS) {
      val usnm: String = user.getShortUserName
      LOG.info(s"kerberos utils login success, curr user: ${usnm}")
      true
    } else {
      LOG.info("kerberos utils login failed")
      false
    }

  }

  def loginKerberos(krb5Principal: String, krb5KeytabPath: String, krb5ConfPath: String): Boolean = {
    val hadoopConf = ConfigUtils.getHadoopConfig
    hadoopConf.get("hadoop.security.authentication")
    loginKerberos(krb5Principal, krb5KeytabPath, krb5ConfPath, hadoopConf)
  }

  def loginKerberos(kerberosConf: KerberosConf): Boolean = {
    loginKerberos(kerberosConf.principal, kerberosConf.keytab, kerberosConf.krb5conf)
  }

  def loginKerberos(krb5Principal: String, krb5KeytabPath: String, krb5ConfPath: String, hadoopConfDir: String): Boolean = {
    ConfigUtils.setHadoopConfDir(hadoopConfDir)
    loginKerberos(krb5Principal, krb5KeytabPath, krb5ConfPath)
  }

  def loginKerberos(): Boolean = {
    var principal: String = null
    var keytabPath: String = null
    var krb5ConfPath: String = null
    val classPath: URL = this.getClass.getResource("/")
    val classPathObj = Paths.get(classPath.toURI)
    var keytabPathList = Files.list(classPathObj).iterator().asScala.toList
    keytabPathList = keytabPathList.filter(p => p.toString.toLowerCase().endsWith(".keytab")).toList
    val krb5ConfPathList = keytabPathList.filter(p => p.toString.toLowerCase().endsWith("krb5.conf")).toList
    if (keytabPathList.nonEmpty) {
      val ktPath = keytabPathList.get(0)
      val absPath = ktPath.toAbsolutePath
      val keytab = Keytab.loadKeytab(new File(absPath.toString))
      val pri = keytab.getPrincipals.get(0).getName
      if (StringUtils.isNotEmpty(pri)) {
        principal = pri
        keytabPath = ktPath.toString
      }
    }
    if (krb5ConfPathList.nonEmpty) {
      val confPath = krb5ConfPathList.get(0)
      krb5ConfPath = confPath.toAbsolutePath.toString
    }
    if (StringUtils.isNotEmpty(principal) && StringUtils.isNotEmpty(keytabPath) && StringUtils.isNotEmpty(krb5ConfPath)) {
      ConfigUtils.configHadoop()
      // ConfigUtils.configHive()
      val hadoopConf = ConfigUtils.hadoopConfiguration
      loginKerberos(principal, keytabPath, krb5ConfPath, hadoopConf)
    } else {
      false
    }
  }


  def getCurrLoginUser(): String = {
    var usnm: String = null
    val user = UserGroupInformation.getLoginUser
    if (user.getAuthenticationMethod == UserGroupInformation.AuthenticationMethod.KERBEROS) {
      usnm = user.getShortUserName
      LOG.debug(s"Kerberos curr login user: ${usnm}")
    }
    usnm
  }


  def parseKafkaJaasFile(path: String): KerberosConf = {
    val spi = new ConfigFile.Spi(new URI(path))
    val opts = spi.engineGetAppConfigurationEntry("KafkaClient").head.getOptions
    val principal: String = opts.get("principal").toString
    val keytab: String = opts.get("keyTab").toString
    KerberosConf(principal,keytab)
  }

}
相关推荐
一个天蝎座 白勺 程序猿2 小时前
大数据(4.5)Hive聚合函数深度解析:从基础统计到多维聚合的12个生产级技巧
大数据·hive·hadoop
浩浩kids5 小时前
Hadoop•踩过的SHIT
大数据·hadoop·分布式
一个天蝎座 白勺 程序猿21 小时前
大数据(4.2)Hive核心操作实战指南:表创建、数据加载与分区/分桶设计深度解析
大数据·hive·hadoop
一个天蝎座 白勺 程序猿1 天前
大数据(4.3)Hive基础查询完全指南:从SELECT到复杂查询的10大核心技巧
数据仓库·hive·hadoop
凉白开3381 天前
Scala基础知识
开发语言·后端·scala
不要不开心了1 天前
Scala内容
开发语言·pytorch·flask·scala·dash
2401_824256861 天前
Scala的函数式编程
开发语言·后端·scala
sho_re1 天前
第 3 章 运算符Scala 运算符的使用
scala
宅小海2 天前
14 配置Hadoop集群-配置历史和日志服务
linux·服务器·hadoop
珹洺2 天前
Java-servlet(十)使用过滤器,请求调度程序和Servlet线程(附带图谱表格更好对比理解)
java·开发语言·前端·hive·hadoop·servlet·html
热门推荐
01我决定放弃搞 Java 了02DeepSeek各版本说明与优缺点分析03如何在WPS和Word/Excel中直接使用DeepSeek功能04RAG 实践- Ollama+RagFlow 部署本地知识库05苍穹外卖面试总结06从零安装 LLaMA-Factory 微调 Qwen 大模型成功及所有的坑07本地化部署AI知识库:基于Ollama+DeepSeek+AnythingLLM保姆级教程08DeepSeek R1本地化部署 Ollama + Chatbox 打造最强 AI 工具09如何本地部署AI智能体平台,带你手搓一个AI Agent10循环神经网络RNN(含LSTM,GRU)小综述