phoenix kerberos 连接配置

近日产品要支持kerberos，除了集群组件要支持外，产品依赖的phoenix也要支持。
接下来进行测试。
集群内主机用sqlline连接，没有问题。
代码连接，添加principal出现问题

jdbc:phoenix:172.16.31.165,172.16.31.166,172.16.31.167:2181:hadoop/hadoop165@BONC:C:\Users\worgen\Downloads\etc\hadoop\hadoop.keytab

log如下

10:51:15.554 [main] DEBUG org.apache.hadoop.hbase.ipc.RpcClientImpl - Use SIMPLE authentication for service MasterService, sasl=false
10:51:15.554 [main] DEBUG org.apache.hadoop.hbase.ipc.RpcClientImpl - Connecting to hadoop165/172.16.31.165:60000
10:51:15.864 [main-SendThread(hadoop165:2181)] DEBUG org.apache.zookeeper.ClientCnxn - Reading reply sessionid:0x15e78f99451001d, packet:: clientPath:null serverPath:null finished:false header:: 7,3  replyHeader:: 7,68719486173,0  request:: '/hbase,F  response:: s{64424510430,64424510430,1505123885214,1505123885214,0,18,0,0,0,18,64424510600} 
10:51:15.867 [main-SendThread(hadoop165:2181)] DEBUG org.apache.zookeeper.ClientCnxn - Reading reply sessionid:0x15e78f99451001d, packet:: clientPath:null serverPath:null finished:false header:: 8,4  replyHeader:: 8,68719486173,0  request:: '/hbase/master,F  response:: #ffffffff000146d61737465723a3630303030324127048ffffff81ffffffc87450425546a16a96861646f6f7031363510ffffffe0ffffffd4318ffffff80ffffffb1ffffffffffffff82ffffffe72b10018ffffffeaffffffd43,s{64424510448,64424510448,1505123889838,1505123889838,0,0,0,242754597052088345,59,0,64424510448} 

master log

2017-09-14 10:51:16,329 DEBUG [RpcServer.listener,port=60000] ipc.RpcServer: RpcServer.listener,port=60000: connection from 172.16.82.73:58939; # active connections: 4
2017-09-14 10:51:16,330 DEBUG [RpcServer.reader=4,bindAddress=0.0.0.0,port=60000] ipc.RpcServer: RpcServer.listener,port=60000: Caught exception while reading:Authentication is required
2017-09-14 10:51:16,330 DEBUG [RpcServer.reader=4,bindAddress=0.0.0.0,port=60000] ipc.RpcServer: RpcServer.listener,port=60000: DISCONNECTING client 172.16.82.73:58939 because read count=-1. Number of active connections: 4

明显没有采用kerberos认证，经过查看phoenix源代码，发现
getConnection还有一个带properties的接口，应该是连接属性，

        properties.setProperty("hbase.zookeeper.quorum", "172.16.31.165,172.16.31.166,172.16.31.167");
        properties.setProperty("hbase.master.kerberos.principal", "hadoop/_HOST@BONC");
        properties.setProperty("hbase.regionserver.kerberos.principal", "hadoop/_HOST@BONC");
        properties.setProperty("phoenix.queryserver.kerberos.principal", "hadoop/_HOST@BONC");
        properties.setProperty("hbase.security.authentication", "kerberos");
        properties.setProperty("hadoop.security.authentication", "kerberos");
        properties.setProperty("zookeeper.znode.parent", "/hbase");
        con = DriverManager.getConnection("jdbc:phoenix:172.16.31.165,172.16.31.166,172.16.31.167:2181:/hbase:"+principal+":"+keytab, properties);

添加属性，按新的方式连接后，认证方式终于没问题，但又报了新的错

java.sql.SQLException: ERROR 103 (08004): Unable to establish connection.
    at org.apache.phoenix.exception.SQLExceptionCode$Factory$1.newException(SQLExceptionCode.java:422)
Exception in thread "main" java.lang.NullPointerException
    at org.apache.phoenix.exception.SQLExceptionInfo.buildException(SQLExceptionInfo.java:145)
    at com.bonc.manager.timeline.test.TestPhoenix.testEasyPhoenix(TestPhoenix.java:106)
    at org.apache.phoenix.query.ConnectionQueryServicesImpl.openConnection(ConnectionQueryServicesImpl.java:393)
    at com.bonc.manager.timeline.test.TestPhoenix.main(TestPhoenix.java:70)
    at org.apache.phoenix.query.ConnectionQueryServicesImpl.access$300(ConnectionQueryServicesImpl.java:211)
    at org.apache.phoenix.query.ConnectionQueryServicesImpl$13.call(ConnectionQueryServicesImpl.java:2272)
    at org.apache.phoenix.query.ConnectionQueryServicesImpl$13.call(ConnectionQueryServicesImpl.java:2251)
    at org.apache.phoenix.util.PhoenixContextExecutor.call(PhoenixContextExecutor.java:78)
    at org.apache.phoenix.query.ConnectionQueryServicesImpl.init(ConnectionQueryServicesImpl.java:2251)
    at org.apache.phoenix.jdbc.PhoenixDriver.getConnectionQueryServices(PhoenixDriver.java:233)
    at org.apache.phoenix.jdbc.PhoenixEmbeddedDriver.createConnection(PhoenixEmbeddedDriver.java:135)
    at org.apache.phoenix.jdbc.PhoenixDriver.connect(PhoenixDriver.java:202)
    at java.sql.DriverManager.getConnection(DriverManager.java:664)
    at java.sql.DriverManager.getConnection(DriverManager.java:208)
    at com.bonc.manager.timeline.test.TestPhoenix.testEasyPhoenix(TestPhoenix.java:99)
    at com.bonc.manager.timeline.test.TestPhoenix.main(TestPhoenix.java:70)
Caused by: java.io.IOException: Login failure for hadoop/hadoop165@BONC from keytab /Users/worgen/Downloads/etc/hadoop/hadoop.keytab: javax.security.auth.login.LoginException: Unable to obtain password from user

    at org.apache.hadoop.security.UserGroupInformation.loginUserFromKeytab(UserGroupInformation.java:962)
    at org.apache.hadoop.security.SecurityUtil.login(SecurityUtil.java:243)
    at org.apache.hadoop.hbase.security.User$SecureHadoopUser.login(User.java:420)
    at org.apache.hadoop.hbase.security.User.login(User.java:258)
    at org.apache.phoenix.query.ConnectionQueryServicesImpl.openConnection(ConnectionQueryServicesImpl.java:380)
    ... 12 common frames omitted
Caused by: javax.security.auth.login.LoginException: Unable to obtain password from user

    at com.sun.security.auth.module.Krb5LoginModule.promptForPass(Krb5LoginModule.java:897)
    at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:760)
    at com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:617)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:498)
    at javax.security.auth.login.LoginContext.invoke(LoginContext.java:755)
    at javax.security.auth.login.LoginContext.access$000(LoginContext.java:195)
    at javax.security.auth.login.LoginContext$4.run(LoginContext.java:682)
    at javax.security.auth.login.LoginContext$4.run(LoginContext.java:680)
    at java.security.AccessController.doPrivileged(Native Method)
    at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
    at javax.security.auth.login.LoginContext.login(LoginContext.java:587)
    at org.apache.hadoop.security.UserGroupInformation.loginUserFromKeytab(UserGroupInformation.java:953)
    ... 16 common frames omitted
Disconnected from the target VM, address: '127.0.0.1:63952', transport: 'socket'

Process finished with exit code 1

觉得可能是windows路径问题，最后发现果然是，带冒号会干扰phoenix识别，不带的话则无法读出文件，最后没办法，经过仔细阅读源代码发现可以通过properties参数来传递。
修改代码后测试通过。

           properties.setProperty("hbase.zookeeper.quorum", "172.16.31.165,172.16.31.166,172.16.31.167");
            properties.setProperty("hbase.master.kerberos.principal", "hadoop/_HOST@BONC");
            properties.setProperty("hbase.regionserver.kerberos.principal", "hadoop/_HOST@BONC");
            properties.setProperty("phoenix.queryserver.kerberos.principal", "hadoop/_HOST@BONC");
            properties.setProperty("hbase.security.authentication", "kerberos");
            properties.setProperty("hadoop.security.authentication", "kerberos");
            properties.setProperty("zookeeper.znode.parent", "/hbase");
            properties.setProperty("hbase.myclient.keytab", keytab);
            properties.setProperty("hbase.myclient.principal", principal);

            con = DriverManager.getConnection("jdbc:phoenix:172.16.31.165,172.16.31.166,172.16.31.167:2181:/hbase:" + principal, properties);

为了和linux能够通用，改为相对路径方式也可以。