Java 通过JDBC连接到Cloudera Impala时出现Kerberos异常
我尝试使用Java中的JDBC和Kerberos身份验证连接到Impala。我有两个类,第一个类使用Java 通过JDBC连接到Cloudera Impala时出现Kerberos异常,java,hadoop,user-defined-functions,kerberos,impala,Java,Hadoop,User Defined Functions,Kerberos,Impala,我尝试使用Java中的JDBC和Kerberos身份验证连接到Impala。我有两个类,第一个类使用UserGroupInformation和JDBC创建连接。此类具有以下代码 static final String JDBC_IMPALA_URL = "jdbc:impala://cdwork05-zzz.com:21050;" + "AuthMech=1;KrbRealm=XXX.COM;KrbHostFQDN=cdwork05-zzz.com;" + "KrbServiceName=imp
UserGroupInformation
和JDBC创建连接。此类具有以下代码
static final String JDBC_IMPALA_URL = "jdbc:impala://cdwork05-zzz.com:21050;"
+ "AuthMech=1;KrbRealm=XXX.COM;KrbHostFQDN=cdwork05-zzz.com;"
+ "KrbServiceName=impala;"
+ "SSL=1;AllowSelfSignedCerts=1;";
static final String JDBC_DRIVER_IMPALA ="com.cloudera.impala.jdbc41.Driver";
public Connection crearConexion2() throws ClassNotFoundException, SQLException {
Class.forName(JDBC_DRIVER_IMPALA);
con = DriverManager.getConnection(JDBC_IMPALA_URL);
return con;
}
public UserGroupInformation autenticarUsuario() throws IOException {
Configuration conf = new Configuration();
conf.set("hadoop.security.authentication", "Kerberos");
UserGroupInformation.setConfiguration(conf);
UserGroupInformation.loginUserFromKeytab( "User@XXX.COM", "/etc/security/keytabs/User.keytab");
return UserGroupInformation.getLoginUser();
}
第二个类从connection类调用方法,该类具有以下代码:
public class func_traer extends UDF{
connections connectionsutls;
Statement stmt;
public String evaluate(String fecha) {
String tb="";
String regs="";
connectionsutls = new connections();
try {
UserGroupInformation ugi = connectionsutls.autenticarUsuario();
Connection con = (Connection) ugi.doAs(new PrivilegedExceptionAction<Object>() {
public Object run() {
Connection tcon = null;
try {
tcon = connectionsutls.crearConexion2();
}catch (Exception e) {
e.printStackTrace();
}
return tcon;
}
}
);
try {
stmt = con.createStatement();
try {
String query1= "select table_name,historic_registers " +
"from statistics.incremental_statistics " +
"where table_name like 'simon.a2000160' " +
"and date_incremental like '"+fecha+"'" +
";";
ResultSet rs = stmt.executeQuery(query1);
while(rs.next()) {
tb = rs.getString("table_name");
regs = rs.getString("historic_registers");
}
connectionsutls.cerrarConexion(stmt);
return "la tabla "+tb+" tiene "+regs+" registros";
}catch (Exception e) {
return "no se ejecuto debido a :"+e;
}
}catch (Exception e) {
return "no se creo el statement "+e;
}
} catch (Exception e) {
e.printStackTrace();
return "no se pudo autenticar "+e;
}
}
}
公共类函数扩展了UDF{
连接线;
报表stmt;
公共字符串求值(字符串fecha){
字符串tb=“”;
字符串regs=“”;
connectionsutls=新连接();
试一试{
UserGroupInformation ugi=connectionsutls.autenticarUsuario();
Connection con=(Connection)ugi.doAs(新的PrivilegedExceptionAction(){
公共对象运行(){
连接tcon=null;
试一试{
tcon=connectionsutls.crearConexion2();
}捕获(例外e){
e、 printStackTrace();
}
返回tcon;
}
}
);
试一试{
stmt=con.createStatement();
试一试{
String query1=“选择表格名称、历史寄存器”+
“来自统计。增量_统计”+
“其中表名称如‘simon.a2000160’”+
“和日期_增量,如“+fecha+””+
";";
结果集rs=stmt.executeQuery(查询1);
while(rs.next()){
tb=rs.getString(“表名称”);
regs=rs.getString(“历史_寄存器”);
}
连接性孢子虫;
返回“la tabla”+tb+“tiene”+regs+“registros”;
}捕获(例外e){
返回“no se ejecuto debido a:”+e;
}
}捕获(例外e){
返回“无se creo el语句”+e;
}
}捕获(例外e){
e、 printStackTrace();
返回“无se pudo AUTICIAR”+e;
}
}
}
当我运行此命令时,会出现异常:
org.apache.hadoop.security.KerberosAuthException: Login failure for user: XXXX from keytab /etc/security/keytabs/XXXX.keytab javax.security.auth.login.LoginException: Pre-authentication information was invalid (24)
at org.apache.hadoop.security.UserGroupInformation.loginUserFromKeytab(UserGroupInformation.java:1134)
at woombat.connections.autenticarUsuario(connections.java:47)
at woombat.func_traer.evaluate(func_traer.java:30)
at woombat.test.main(test.java:10)
Caused by: javax.security.auth.login.LoginException: Pre-authentication information was invalid (24)
at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:804)
at com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:617)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:755)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:195)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:682)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:680)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
at javax.security.auth.login.LoginContext.login(LoginContext.java:587)
at org.apache.hadoop.security.UserGroupInformation.loginUserFromKeytab(UserGroupInformation.java:1125)
... 3 more
Caused by: KrbException: Pre-authentication information was invalid (24)
at sun.security.krb5.KrbAsRep.<init>(KrbAsRep.java:76)
at sun.security.krb5.KrbAsReqBuilder.send(KrbAsReqBuilder.java:316)
at sun.security.krb5.KrbAsReqBuilder.action(KrbAsReqBuilder.java:361)
at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:776)
... 16 more
Caused by: KrbException: Identifier doesn't match expected value (906)
at sun.security.krb5.internal.KDCRep.init(KDCRep.java:140)
at sun.security.krb5.internal.ASRep.init(ASRep.java:64)
at sun.security.krb5.internal.ASRep.<init>(ASRep.java:59)
at sun.security.krb5.KrbAsRep.<init>(KrbAsRep.java:60)
... 19 more
org.apache.hadoop.security.KerberosAuthException:用户登录失败:XXXX来自keytab/etc/security/keytab/XXXX.keytab javax.security.auth.Login.Login异常:预身份验证信息无效(24)
位于org.apache.hadoop.security.UserGroupInformation.loginUserFromKeytab(UserGroupInformation.java:1134)
在woombat.connections.autenticarUsuario(connections.java:47)
在woombat.func_traer.evaluate(func_traer.java:30)
位于woombat.test.main(test.java:10)
原因:javax.security.auth.login.login异常:预身份验证信息无效(24)
在com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:804)上
位于com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:617)
在sun.reflect.NativeMethodAccessorImpl.invoke0(本机方法)处
位于sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
在sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)中
位于java.lang.reflect.Method.invoke(Method.java:498)
位于javax.security.auth.login.LoginContext.invoke(LoginContext.java:755)
位于javax.security.auth.login.LoginContext.access$000(LoginContext.java:195)
位于javax.security.auth.login.LoginContext$4.run(LoginContext.java:682)
位于javax.security.auth.login.LoginContext$4.run(LoginContext.java:680)
位于java.security.AccessController.doPrivileged(本机方法)
位于javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
位于javax.security.auth.login.LoginContext.login(LoginContext.java:587)
位于org.apache.hadoop.security.UserGroupInformation.loginUserFromKeytab(UserGroupInformation.java:1125)
... 3个以上
原因:KrbeException:预身份验证信息无效(24)
在sun.security.krb5.KrbAsRep.(KrbAsRep.java:76)
位于sun.security.krb5.KrbAsReqBuilder.send(KrbAsReqBuilder.java:316)
位于sun.security.krb5.KrbAsReqBuilder.action(KrbAsReqBuilder.java:361)
在com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication上(Krb5LoginModule.java:776)
... 还有16个
原因:krbeException:标识符与预期值不匹配(906)
位于sun.security.krb5.internal.KDCRep.init(KDCRep.java:140)
位于sun.security.krb5.internal.ASRep.init(ASRep.java:64)
位于sun.security.krb5.internal.ASRep.(ASRep.java:59)
在sun.security.krb5.KrbAsRep.(KrbAsRep.java:60)
... 还有19个
如何解决此问题?我假设您知道用户“XXXX”是谁,并且对其具有一定的管理控制权,因为它与以下消息相关:“用户登录失败:XXXX来自keytab/etc/security/keytab/XXXX.keytab”是的,我知道该用户,当我在控制台中使用keytab时,我可以使用它,但我可以在java代码中使用它,我不能,你可以使用你说的,这表示成功。让我们确认一下-在这里发布kinit输出。确保您的命令行和java应用程序使用相同的
krb5.conf
文件。KDCReply中的错误提示您在错误的域中User@XXX.COM“,“/etc/security/keytab/User.keytab”);”看起来很可疑。您的键选项卡必须包含与“”对应的键User@XXX.COM". 在例外情况下,它会显示“XXXX.keytab”。您是否验证了您没有混淆两个keytab文件?我假设您知道用户“XXXX”是谁,并对其进行了一些管理控制,因为它与以下消息有关:“用户登录失败:来自keytab/etc/security/keytab/XXXX.keytab的XXXX”