下面列出了怎么用org.apache.zookeeper.server.ZooKeeperSaslServer的API类实例代码及写法,或者点击链接到github查看源代码。
protected static TestingServer getZKServer() throws Exception {
if (!kerberos) {
LOGGER.info("Creating a non-security ZooKeeper Server.");
return new TestingServer();
} else {
LOGGER.info("Creating a security ZooKeeper Server.");
// Not entirely sure exactly what "javax.security.auth.useSubjectCredsOnly=false" does, but it has something to do with
// re-authenticating in cases where it otherwise wouldn't. One of the sections on this page briefly mentions it:
// http://docs.oracle.com/javase/7/docs/technotes/guides/security/jgss/tutorials/Troubleshooting.html
System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");
// Setup KDC and principal
kdc = getKdc();
ZKKeytabFile = new File(kdcWorkDir, "test.keytab");
kdc.createPrincipal(ZKKeytabFile, ZK_SERVER_PRINCIPAL);
System.setProperty("zookeeper.authProvider.1", "org.apache.zookeeper.server.auth.SASLAuthenticationProvider");
System.setProperty("zookeeper.kerberos.removeHostFromPrincipal", "true");
System.setProperty("zookeeper.kerberos.removeRealmFromPrincipal", "true");
JaasConfiguration.addEntryForKeytab("Server", ZK_SERVER_PRINCIPAL, ZKKeytabFile.getAbsolutePath());
// Here's where we add the "Client" to the jaas configuration, even though we'd like not to
JaasConfiguration.addEntryForKeytab(HAContext.SENTRY_ZK_JAAS_NAME,
SERVER_KERBEROS_NAME, serverKeytab.getAbsolutePath());
javax.security.auth.login.Configuration.setConfiguration(JaasConfiguration.getInstance());
System.setProperty(ZooKeeperSaslServer.LOGIN_CONTEXT_NAME_KEY, "Server");
return new TestingServer();
}
}
/**
* Log in the current zookeeper server process using the given configuration
* keys for the credential file and login principal.
*
* <p><strong>This is only applicable when running on secure hbase</strong>
* On regular HBase (without security features), this will safely be ignored.
* </p>
*
* @param conf The configuration data to use
* @param keytabFileKey Property key used to configure the path to the credential file
* @param userNameKey Property key used to configure the login principal
* @param hostname Current hostname to use in any credentials
* @throws IOException underlying exception from SecurityUtil.login() call
*/
public static void loginServer(Configuration conf, String keytabFileKey,
String userNameKey, String hostname) throws IOException {
login(conf, keytabFileKey, userNameKey, hostname,
ZooKeeperSaslServer.LOGIN_CONTEXT_NAME_KEY,
JaasConfiguration.SERVER_KEYTAB_KERBEROS_CONFIG_NAME);
}