Hive 通过HiveServer2对外提供服务,HiveServer2 是一种能使客户端执行 Hive 查询的服务。HiveServer2 是 HiveServer1 的改进版,HiveServer1 已经被废弃。HiveServer2 对 HiveServer 进行了重写来解决上述问题。
HiveServer2 作为复合服在单个进程中运行,其中包括基于 Thrift 的 Hive 服务(TCP或HTTP)以及用于 Web UI的 Jetty Web 服务。HiveServer2 可以支持多客户端并发和身份认证。旨在为开放API客户端(如JDBC和ODBC)提供更好的支持。
HiveServer2 实现了一个新的基于 Thrift 的 RPC 接口,该接口可以处理客户端并发请求。当前版本支持 Kerberos,LDAP 以及自定义可插拔身份验证。新的 RPC 接口也是 JDBC 和 ODBC 客户端更好的选择,尤其是对于元数据访问。
NONE:即不做身份校验;
LDAP: 使用基于 LDAP/AD 的用户身份校验;
KERBEROS: 使用 Kerberos/GSSAPI 做身份校验;
CUSTOM:自定义认证
针对当前简单应用场景,采用CUSTOM就可满足
1.首先需要编写用户权限验证的类
-
- import org.apache.hadoop.conf.Configurable;
- import org.apache.hadoop.hive.conf.HiveConf;
- import org.apache.hive.service.auth.PasswdAuthenticationProvider;
- import org.slf4j.Logger;
- import org.slf4j.LoggerFactory;
- import org.apache.hadoop.conf.Configuration;
-
- import javax.security.sasl.AuthenticationException;
-
- /**
- * @author liguiping
- * @version 1.0.0
- * @since 2022-09-28 10:00
- **/
-
-
- public class AuthLogin implements PasswdAuthenticationProvider, Configurable {
- private static Logger LOG = LoggerFactory.getLogger(AuthLogin.class);
- private String user;
- private String pwd;
- private Configuration conf = null;
-
- public AuthLogin() {
- user = getConf().get("hive.auth.user");
- pwd = getConf().get("hive.auth.pwd");
- }
-
- @Override
- public void setConf(Configuration configuration) {
-
- }
-
- @Override
- public Configuration getConf() {
- if (this.conf == null) {
- HiveConf conf = new HiveConf();
- this.conf = new Configuration(conf);
- }
- return this.conf;
- }
-
- @Override
- public void Authenticate(String username, String password) throws AuthenticationException {
- if (username == null || password == null) {
- throw new AuthenticationException("error.");
- }
- LOG.info("user: " + username + " try login.");
- if (!user.equals(username)) {
- String message = "user name not exist:";
- throw new AuthenticationException(message);
- } else {
- if (!password.equals(pwd)) {
- String message = "user name and password is mismaPasswdAuthenticationProvidertch. user:" + username;
- throw new AuthenticationException(message);
- }
- }
- LOG.info("user " + username + " login system successfully.");
- }
- }
pom依赖
- <?xml version="1.0" encoding="UTF-8"?>
- <project xmlns="http://maven.apache.org/POM/4.0.0"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
- <modelVersion>4.0.0</modelVersion>
-
- <groupId>cn.li</groupId>
- <artifactId>hive-auth</artifactId>
- <version>1.0</version>
-
- <dependencies>
- <dependency>
- <groupId>org.apache.hadoop</groupId>
- <artifactId>hadoop-common</artifactId>
- <version>3.3.1</version>
- </dependency>
- <!-- https://mvnrepository.com/artifact/org.apache.hive/hive-common -->
- <dependency>
- <groupId>org.apache.hive</groupId>
- <artifactId>hive-common</artifactId>
- <version>3.1.2</version>
- </dependency>
- <dependency>
- <groupId>commons-logging</groupId>
- <artifactId>commons-logging</artifactId>
- <version>1.2</version>
- </dependency>
- <dependency>
- <groupId>org.apache.hive</groupId>
- <artifactId>hive-service</artifactId>
- <version>3.1.2</version>
- </dependency>
- </dependencies>
-
- </project>
将以上文件打包
mvn install2.配置及复制jar包
将上面的程序打包的hive-auth-1.0.jar,放到$HIVE_HOME/lib下
配置hive-site.xml,追加以下文件
- <property>
- <name>hive.server2.authentication</name>
- <value>CUSTOM</value>
- </property>
- <property>
- <name>hive.server2.custom.authentication.class</name>
- <value>AuthLogin</value>
- </property>
- <property>
- <name>hive.auth.user</name>
- <value>admin</value>
- </property>
- <property>
- <name>hive.auth.pwd</name>
- <value>Aa123456</value>
- </property>
hive.auth.user为用户名
hive.auth.pwd为密码