In this tutorial I will show you how to connect to an Secure HBASE using Java. It’s rather straight forward.
Import SSL Cert to Java:
Follow this tutorial to “Installing unlimited strength encryption Java libraries”
If on Windows do the following
#Import it "C:\Program Files\Java\jdk1.8.0_171\bin\keytool" -import -file hadoop.csr -keystore "C:\Program Files\Java\jdk1.8.0_171\jre\lib\security\cacerts" -alias "hadoop" #Check it "C:\Program Files\Java\jdk1.8.0_171\bin\keytool" -list -v -keystore "C:\Program Files\Java\jdk1.8.0_171\jre\lib\security\cacerts" #If you want to delete it "C:\Program Files\Java\jdk1.8.0_171\bin\keytool" -delete -alias hadoop -keystore "C:\Program Files\Java\jdk1.8.0_171\jre\lib\security\cacerts"
POM.xml
<dependency> <groupId>org.apache.hbase</groupId> <artifactId>hbase-client</artifactId> <version>2.1.0</version> </dependency> <dependency> <groupId>org.apache.hbase</groupId> <artifactId>hbase</artifactId> <version>2.1.0</version> <type>pom</type> </dependency>
Imports:
import org.apache.hadoop.conf.Configuration; import org.apache.hadoop.hbase.HBaseConfiguration; import org.apache.hadoop.hbase.client.Admin; import org.apache.hadoop.hbase.client.Connection; import org.apache.hadoop.hbase.client.ConnectionFactory; import org.apache.hadoop.security.UserGroupInformation;
Initiate Kerberos Authentication
System.setProperty("java.security.auth.login.config", "C:\\data\\kafkaconnect\\kafka\\src\\main\\resources\\client_jaas.conf"); System.setProperty("https.protocols", "TLSv1,TLSv1.1,TLSv1.2"); System.setProperty("java.security.krb5.conf", "C:\\Program Files\\Java\\jdk1.8.0_171\\jre\\lib\\security\\krb5.conf"); System.setProperty("java.security.krb5.realm", "REALM.CA"); System.setProperty("java.security.krb5.kdc", "REALM.CA"); System.setProperty("sun.security.krb5.debug", "false"); System.setProperty("javax.net.debug", "false"); System.setProperty("javax.net.ssl.keyStorePassword", "changeit"); System.setProperty("javax.net.ssl.keyStore", "C:\\Program Files\\Java\\jdk1.8.0_171\\jre\\lib\\security\\cacerts"); System.setProperty("javax.net.ssl.trustStore", "C:\\Program Files\\Java\\jdk1.8.0_171\\jre\\lib\\security\\cacerts"); System.setProperty("javax.net.ssl.trustStorePassword", "changeit"); System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");
Config:
We will use the basic configuration here. You should secure the cluster and use appropriate settings for that.
// Setup the configuration object. final Configuration config = HBaseConfiguration.create(); config.set("hbase.zookeeper.quorum", "hadoop"); config.set("hbase.zookeeper.property.clientPort", "2181"); config.set("hadoop.security.authentication", "kerberos"); config.set("hbase.security.authentication", "kerberos"); config.set("hbase.cluster.distributed", "true"); config.set("hbase.rpc.protection", "integrity"); config.set("zookeeper.znode.parent", "/hbase-secure"); config.set("hbase.master.kerberos.principal", "hbase/hadoop@REALM.CA"); config.set("hbase.regionserver.kerberos.principal", "hbase/hadoop@REALM.CA");
Connect:
Now we create the connection.
UserGroupInformation.setConfiguration(config); UserGroupInformation.setLoginUser(UserGroupInformation.loginUserFromKeytabAndReturnUGI("hbase/hadoop@REALM.CA", "c:\\data\\hbase.service.keytab")); System.out.println(UserGroupInformation.getLoginUser()); System.out.println(UserGroupInformation.getCurrentUser()); Connection conn = ConnectionFactory.createConnection(config); //Later when we are done we will want to close the connection. conn.close();
Hbase Admin:
Retrieve an Admin implementation to administer an HBase cluster. If you need it.
Admin admin = conn.getAdmin(); //Later when we are done we will want to close the connection. admin.close();