具体从网上看
http://doc.mapr.com/display/MapR/Using+HiveServer2#UsingHiveServer2-ConfiguringCustomAuthentication
一共提供了三种安全认证方式,我们通常采用的为第三种自定义的方式。
To implement custom authentication for HiveServer2, create a custom Authenticator class derived from the following interface:
从这段话看出来我们要实现一个接口:PasswdAuthenticationProvider (org.apache.hive.service.auth.PasswdAuthenticationProvider)我们来看看这个接口
public interface PasswdAuthenticationProvider {
/**
* The Authenticate method is called by the HiveServer2 authentication layer
* to authenticate users for their requests.
* If a user is to be granted, return nothing/throw nothing.
* When a user is to be disallowed, throw an appropriate {@link AuthenticationException}.
*
* For an example implementation, see {@link LdapAuthenticationProviderImpl}.
*
* @param user - The username received over the connection request
* @param password - The password received over the connection request
* @throws AuthenticationException - When a user is found to be
* invalid by the implementation
*/
void Authenticate(String user, String password) throws AuthenticationException;
}
有一个方法要实现,实现了这个接口就可以自定义验证用户名密码了。代码不是太多
package org.apache.hadoop.hive.contrib.auth;
import javax.security.sasl.AuthenticationException;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.hadoop.conf.Configurable;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.hive.contrib.utils.MD5Util;
import org.apache.hive.service.auth.PasswdAuthenticationProvider;
public class XXXXPasswdAuthenticator implements PasswdAuthenticationProvider,Configurable {
private static final Log LOG=LogFactory.getLog(XXXXPasswdAuthenticator.class);
private Configuration conf=null;
private static final String HIVE_JDBC_PASSWD_AUTH_PREFIX="hive.jdbc_passwd.auth.%s";
public XXXXPasswdAuthenticator() {
init();
}
/**
*
*/
public void init(){
}
@Override
public void Authenticate(String userName, String passwd)
throws AuthenticationException {
LOG.info("user: "+userName+" try login.");
String passwdMD5 = getConf().get(String.format(HIVE_JDBC_PASSWD_AUTH_PREFIX, userName));
if(passwdMD5==null){
String message = "user's ACL configration is not found. user:"+userName;
LOG.info(message);
throw new AuthenticationException(message);
}
String md5 = MD5Util.md5Hex(passwd);
if(!md5.equals(passwdMD5)){
String message = "user name and password is mismatch. user:"+userName;
throw new AuthenticationException(message);
}
LOG.info("user "+userName+" login system successfully.");
}
@Override
public Configuration getConf() {
if(conf==null){
this.conf=new Configuration();
}
return conf;
}
@Override
public void setConf(Configuration arg0) {
this.conf=arg0;
}
}
Add the following properties to the hive-site.xml file, then restart Hiveserver2:
开启自定义验证配置
hive.server2.authentication
CUSTOM
hive.server2.custom.authentication.class
org.apache.hadoop.hive.contrib.auth.XXXXPasswdAuthenticator
相信看懂代码的人应该明白怎么做了,我们要把用户名密码配置到hive-site.xml配置文件中。
hive.jdbc_passwd.auth.hive_r
b531c271de4552ca2dec510d318c87f9
多个用户可以添加多个property,里面配置的即用户名密码了。
以上代码打包jar包,上传到hive/lib下即可实现HiveServer2的安全策略之自定义用户名密码验证了。