问题描述:java连接hbase通过kerberos认证过程中,出现异常java.lang.IllegalArgumentException: Can't get Kerberos realm,具体异常的原因为Caused by: KrbException: Cannot locate default realm
解决过程:
- 项目环境:使用的是jdk1.8,hadoop-common版本为2.3.0,在Windows10操作系统下
-
问题分析:
Cannot locate default realm,顾名思义是没有设置default realm,kerberos设置default realm有两种方式
(1)通过设置系统属性,代码如下
System.setProperty("java.security.krb5.realm","");
System.setProperty("java.security.krb5.kdc","");
(2)读取kerberos配置文件配置,设置default realm。指定kerberos配置文件逻辑大概如下
- getJavaFileName()方法:获取kerberos的配置文件地址:
该方式是通过读系统属性java.security.krb5.conf,如果为空的话则以%java_home%/lib/security/krb5.conf为配置文件
2.getNativeFileName()方法,在不同操作系统去读逻辑有区别
在Windows下是通过读取c:\Windows\krb5.ini路径,如果该路径为空的话,则以c:\winnt\krb5.ini为主
在linux下读取etc/krb5.conf
设置kerberos配置文件代码如下:
package sun.security.krb5;
public class Config {
private final String defaultRealm;
private Config() throws KrbException {
//....省略其他代码
this.defaultRealm = getProperty("java.security.krb5.realm");
if ((this.defaultKDC != null || this.defaultRealm == null) && (this.defaultRealm != null || this.defaultKDC == null)) {
try {
String var3 = this.getJavaFileName();
List var2;
if (var3 != null) {
var2 = this.loadConfigFile(var3);
this.stanzaTable = this.parseStanzaTable(var2);
if (DEBUG) {
System.out.println("Loaded from Java config");
}
} else {
boolean var4 = false;
if (isMacosLionOrBetter()) {
try {
this.stanzaTable = SCDynamicStoreConfig.getConfig();
if (DEBUG) {
System.out.println("Loaded from SCDynamicStoreConfig");
}
var4 = true;
} catch (IOException var6) {
}
}
if (!var4) {
var3 = this.getNativeFileName();
var2 = this.loadConfigFile(var3);
this.stanzaTable = this.parseStanzaTable(var2);
if (DEBUG) {
System.out.println("Loaded from native config");
}
}
}
} catch (IOException var7) {
}
} else {
throw new KrbException("System property java.security.krb5.kdc and java.security.krb5.realm both must be set or neither must be set.");
}
}
private String getJavaFileName() {
String var1 = getProperty("java.security.krb5.conf");
if (var1 == null) {
var1 = getProperty("java.home") + File.separator + "lib" + File.separator + "security" + File.separator + "krb5.conf";
if (!this.fileExists(var1)) {
var1 = null;
}
}
if (DEBUG) {
System.out.println("Java config name: " + var1);
}
return var1;
}
//其他代码省略
}