Java Hbase Rest Client с аутентификацией Kerberos

Question

Я пытаюсь подключиться, используя Java HBase Rest Client для подключения к моему серверу Hbase, и он показывает ошибку аутентификации. Если я использую объект connection и использую scanner API, я могу получить данные, однако не уверен, как это сделать с Rest Client

Следующая команда curl работает отлично.

curl --negotiate -u: http://example.com:17000/bda:employee_hbase/schema?user.name=gaurang.shah

Однако следующий код Java показывает ошибку.

public class Weather {

    private Client client;
    protected  Connection connection = null;
    public Weather() {

        Configuration conf = HBaseConfiguration.create();
        conf.addResource("src/main/resources/hbase-site.xml");
        conf.addResource("src/main/resources/core-site.xml");
        conf.addResource("src/main/resources/hdfs-site.xml");
        conf.addResource("src/main/resources/yarn-site.xml");

        System.setProperty("java.security.krb5.conf", "src/main/resources/krb5.conf");
        System.setProperty("sun.security.krb5.debug", "true");


        UserGroupInformation.setConfiguration(conf);


        try {
            UserGroupInformation.loginUserFromKeytab("gaurang.shah", "src/main/resources/gaurang.shah.keytab");
            connection = ConnectionFactory.createConnection(HBaseConfiguration.create(conf));
        } catch (IOException e) {
            e.printStackTrace();
        }

        Cluster cluster = new Cluster();
        cluster.add("example.com", 17000);
        client = new Client(cluster);

    }


    public String getSchema(){

        client.addExtraHeader("Accept", "text/xml");
        try {
            return client.get("/bda:weather_history/schema").toString();
        } catch (IOException e) {
            e.printStackTrace();

        }

        return null;
    }
}

StackTrace

java.io.IOException: org.apache.hadoop.security.authentication.client.AuthenticationException: Authentication failed, URL: http://example.com:17000/users/schema?user.name=gaurang.shah, status: 403, message: Forbidden
    at org.apache.hadoop.hbase.rest.client.Client.negotiate(Client.java:285)
    at org.apache.hadoop.hbase.rest.client.Client.executeURI(Client.java:239)
    at org.apache.hadoop.hbase.rest.client.Client.executePathOnly(Client.java:204)
    at org.apache.hadoop.hbase.rest.client.Client.execute(Client.java:265)
    at org.apache.hadoop.hbase.rest.client.Client.get(Client.java:459)
    at org.apache.hadoop.hbase.rest.client.Client.get(Client.java:365)
    at org.apache.hadoop.hbase.rest.client.Client.get(Client.java:354)
    at ca.cantire.hbase.Weather.getSchema(Weather.java:52)
    at ca.cantire.WeatherRestClient.TestWeatherRest.testData(TestWeatherRest.java:10)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:498)
    at org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:50)
    at org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12)
    at org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:47)
    at org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:17)
    at org.junit.runners.ParentRunner.runLeaf(ParentRunner.java:325)
    at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:78)
    at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:57)
    at org.junit.runners.ParentRunner$3.run(ParentRunner.java:290)
    at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:71)
    at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:288)
    at org.junit.runners.ParentRunner.access$000(ParentRunner.java:58)
    at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:268)
    at org.junit.runners.ParentRunner.run(ParentRunner.java:363)
    at org.apache.maven.surefire.junit4.JUnit4Provider.execute(JUnit4Provider.java:365)
    at org.apache.maven.surefire.junit4.JUnit4Provider.executeWithRerun(JUnit4Provider.java:273)
    at org.apache.maven.surefire.junit4.JUnit4Provider.executeTestSet(JUnit4Provider.java:238)
    at org.apache.maven.surefire.junit4.JUnit4Provider.invoke(JUnit4Provider.java:159)
    at org.apache.maven.surefire.booter.ForkedBooter.invokeProviderInSameClassLoader(ForkedBooter.java:379)
    at org.apache.maven.surefire.booter.ForkedBooter.runSuitesInProcess(ForkedBooter.java:340)
    at org.apache.maven.surefire.booter.ForkedBooter.execute(ForkedBooter.java:125)
    at org.apache.maven.surefire.booter.ForkedBooter.main(ForkedBooter.java:413)
Caused by: org.apache.hadoop.security.authentication.client.AuthenticationException: Authentication failed, URL: http://example.com:17000/users/schema?user.name=gaurang.shah, status: 403, message: Forbidden
    at org.apache.hadoop.security.authentication.client.AuthenticatedURL.extractToken(AuthenticatedURL.java:281)
    at org.apache.hadoop.security.authentication.client.PseudoAuthenticator.authenticate(PseudoAuthenticator.java:77)
    at org.apache.hadoop.security.authentication.client.KerberosAuthenticator.authenticate(KerberosAuthenticator.java:212)
    at org.apache.hadoop.hbase.rest.client.Client.negotiate(Client.java:280)
    ... 33 more

Answer 1

В вашем проекте API вы можете создать один работающий планировщик Java, который должен заботиться о продлении kinit и kerberos.

void executeKinit() {
        try {
            CurlUtil cmdUtil = new CurlUtil();
            if ("prod".equals(env)) {
                cmdUtil.execute("kinit -k -t /resources/myKeyTab.keytab admin@TEST.NET");
                cmdUtil.execute("kinit -R");
            }
            logger.info("kinit executed");
        } catch (Exception ex) {
            logger.error("Error while renewing the kerberose tocken", ex);
        }
    }