我需要通过Java API来使用HDFS集群的远程桌面。直到它写访问一切正常确定。如果我试图创建的任何文件,我收到访问权限例外。路径看起来不错,但异常指示这当然是我的远程桌面的用户名是不是我需要访问所需的HDFS目录。
I need to use HDFS cluster from remote desktop through Java API. Everything works OK until it comes to write access. If I'm trying to create any file I receive access permission exception. Path looks good but exception indicates my remote desktop user name which is of course is not what I need to access needed HDFS directory.
现在的问题是: - 有没有办法使用的Java API简单认证重新present不同的用户名? - ?可否请你指出在Hadoop中的身份验证/授权方案的一些很好的解释/ HDFS preferable与Java API的例子
The question is: - Is there any way to represent different user name using 'simple' authentication in Java API? - Could you please point some good explanation of authentication / authorization schemes in hadoop / HDFS preferable with Java API examples?
是的,我已经知道'WHOAMI可以在这种情况下使用shell别名超载,但我preFER避免这样的解决方案。另外细节这里是我不喜欢像通过SSH和脚本管一些技巧的使用。我想只使用Java API来完成一切。谢谢你在前进。
Yes, I already know 'whoami' could be overloaded in this case using shell alias but I prefer to avoid solutions like this. Also specifics here is I dislike usage of some tricks like pipes through SSH and scripts. I'd like to perform everything using just Java API. Thank you in advance.
推荐答案在一些Studying我来到了以下解决方案:
After some studying I came to the following solution:
- 我实际上并不需要完整的解决方案的Kerberos,这是不够目前,客户端可以运行任何用户HDFS请求。环境本身被认为是安全的。
- 这给我的解决方案基于Hadoop的UserGroupInformation类。在将来,我可以扩展它以支持Kerberos。
样code可能是有用的人都为假认证和远程访问HDFS:
Sample code probably useful for people both for 'fake authentication' and remote HDFS access:
package org.myorg; import java.security.PrivilegedExceptionAction; import org.apache.hadoop.conf.*; import org.apache.hadoop.security.UserGroupInformation; import org.apache.hadoop.fs.Path; import org.apache.hadoop.fs.FileSystem; import org.apache.hadoop.fs.FileStatus; public class HdfsTest { public static void main(String args[]) { try { UserGroupInformation ugi = UserGroupInformation.createRemoteUser("hbase"); ugi.doAs(new PrivilegedExceptionAction<Void>() { public Void run() throws Exception { Configuration conf = new Configuration(); conf.set("fs.defaultFS", "hdfs://1.2.3.4:8020/user/hbase"); conf.set("hadoop.job.ugi", "hbase"); FileSystem fs = FileSystem.get(conf); fs.createNewFile(new Path("/user/hbase/test")); FileStatus[] status = fs.listStatus(new Path("/user/hbase")); for(int i=0;i<status.length;i++){ System.out.println(status[i].getPath()); } return null; } }); } catch (Exception e) { e.printStackTrace(); } } }对于那些谁也有类似的问题有用的参考:
Useful reference for those who have a similar problem:
- Cloudera的博客文章Authorization和验证Hadoop中。总之,专注于Hadoop的安全方法简单的解释。没有特定于Java API解决方案,但有利于问题的基本理解的信息。
- Cloudera blog post "Authorization and Authentication In Hadoop". Short, focused on simple explanation of hadoop security approaches. No information specific to Java API solution but good for basic understanding of the problem.
更新:结果替代那些谁使用命令行 HDFS 或的hadoop 而不需要本地用户的实用工具:
UPDATE: Alternative for those who uses command line hdfs or hadoop utility without local user needed:
HADOOP_USER_NAME=hdfs hdfs fs -put /root/MyHadoop/file1.txt /你真正要做的就是你读本地文件,根据您的本地权限,但将文件放在HDFS当你进行身份验证,如用户 HDFS 。
这有pretty相似性质的API code所示:
This has pretty similar properties to API code illustrated:
更多推荐
从远程主机访问HDFS通过Java API,用户认证
发布评论