hiveserver2 设置用户登录验证

编写验证程序

package com.aiso.hive.hiveserver2.auth;

import java.io.BufferedReader;
import java.io.File;
import java.io.FileReader;
import java.io.IOException;

import javax.security.sasl.AuthenticationException;

import org.apache.commons.codec.digest.DigestUtils;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.hive.conf.HiveConf;
import org.apache.hive.service.auth.PasswdAuthenticationProvider;


public class CustomHiveServer2Auth implements PasswdAuthenticationProvider {
    @Override
    public void Authenticate(String username, String password)
            throws AuthenticationException {

        boolean ok = false;
        String passMd5 = DigestUtils.md5Hex(password);
        HiveConf hiveConf = new HiveConf();
        Configuration conf = new Configuration(hiveConf);
        String filePath = conf.get("hive.server2.custom.authentication.file");
        System.out.println("hive.server2.custom.authentication.file [" + filePath + "] ..");
        File file = new File(filePath);
        BufferedReader reader = null;
        try {
            reader = new BufferedReader(new FileReader(file));
            String tempString = null;
            while ((tempString = reader.readLine()) != null) {
                String[] datas = tempString.split(",", -1);
                if (datas.length != 2) continue;
                //ok
                if (datas[0].equals(username) && datas[1].equals(passMd5)) {
                    ok = true;
                    break;
                }
            }
            reader.close();
        } catch (Exception e) {
            e.printStackTrace();
            throw new AuthenticationException("read auth config file error, [" + filePath + "] ..", e);
        } finally {
            if (reader != null) {
                try {
                    reader.close();
                } catch (IOException e1) {
                }
            }
        }
        if (ok) {
            System.out.println("user [" + username + "] auth check ok .. ");
        } else {
            System.out.println("user [" + username + "] auth check fail .. ");
            throw new AuthenticationException("user [" + username + "] auth check fail .. ");
        }
    }


    public static void main(String[] args) {
        System.out.println(DigestUtils.md5Hex("password".getBytes()));
    }
}

将验证程序打包

放在$HIVE_HOME/lib目录下

验证的配置文件

密码采用Md5加密，可添加多用户,放在$HIVE_HOME/conf目录下

hive.server2.users.conf：
xiaoyuzhou,29fe3d760e64b4e055ec3cda455833ab
user,5f4dcc3b5aa765d61d8327deb882cf99

测试

开启HiveServer2服务

[xiaoyuzhou@xyz01 hive-0.13.1-cdh5.3.6]$ bin/hiveserver2 & 
[2] 5929
[1]   Exit 255                bin/hiveserver2
[xiaoyuzhou@xyz01 hive-0.13.1-cdh5.3.6]$ Starting HiveServer2
hive.server2.custom.authentication.file [conf/hive.server2.users.conf] ..
user [user] auth check ok .. 
OK

使用beeline 连接

[xiaoyuzhou@xyz01 hive-0.13.1-cdh5.3.6]$ bin/beeline
Beeline version 0.13.1-cdh5.3.6 by Apache Hive
beeline> !connect jdbc:hive2://xyz01.aiso.com:10000/default 
scan complete in 3ms
Connecting to jdbc:hive2://xyz01.aiso.com:10000/default
Enter username for jdbc:hive2://xyz01.aiso.com:10000/default: user
Enter password for jdbc:hive2://xyz01.aiso.com:10000/default: ********
Connected to: Apache Hive (version 0.13.1-cdh5.3.6)
Driver: Hive JDBC (version 0.13.1-cdh5.3.6)
Transaction isolation: TRANSACTION_REPEATABLE_READ
0: jdbc:hive2://xyz01.aiso.com:10000/default> show databases;
+----------------+--+
| database_name  |
+----------------+--+
| default        |
+----------------+--+
1 row selected (0.742 seconds)
0: jdbc:hive2://xyz01.aiso.com:10000/default> 

输入密码 连接成功！