Hi Gaurav, Please check my last reply. Please don't send multiple emails for the same issue.
Sent from my iPhone > On May 8, 2014, at 4:52 AM, Gaurav Thakur <[email protected]> wrote: > > Hi I have a secure java client which fails to connect to hbase. > > Using the same keytab and principal I`m able to use hbase from shell. > > Please see below the code. > > public static void main(String [] args) { > try { > System.setProperty(CommonConstants.KRB_REALM, > ConfigUtil.getProperty(CommonConstants.HADOOP_CONF, "krb.realm")); > System.setProperty(CommonConstants.KRB_KDC, > ConfigUtil.getProperty(CommonConstants.HADOOP_CONF,"krb.kdc")); > System.setProperty(CommonConstants.KRB_DEBUG, "true"); > > > > final Configuration config = HBaseConfiguration.create(); > > > config.set(CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHENTICATION, > AUTH_KRB); > > config.set(CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHORIZATION, > AUTHORIZATION); > > config.set(CommonConfigurationKeysPublic.FS_AUTOMATIC_CLOSE_KEY, > AUTO_CLOSE); > config.set(CommonConfigurationKeysPublic.FS_DEFAULT_NAME_KEY, > defaultFS); > config.set("hbase.zookeeper.quorum", > ConfigUtil.getProperty(CommonConstants.HBASE_CONF, "hbase.host")); > config.set("hbase.zookeeper.property.clientPort", > ConfigUtil.getProperty(CommonConstants.HBASE_CONF, "hbase.port")); > config.set("hbase.client.retries.number", Integer.toString(0)); > config.set("zookeeper.session.timeout", Integer.toString(6000)); > config.set("zookeeper.recovery.retry", Integer.toString(0)); > config.set("hbase.master", > "gauravt-namenode.pbi.global.pvt:60000"); > config.set("zookeeper.znode.parent", "/hbase-secure"); > config.set("hbase.rpc.engine", > "org.apache.hadoop.hbase.ipc.SecureRpcEngine"); > config.set("hbase.security.authentication", AUTH_KRB); > config.set("hbase.security.authorization", AUTHORIZATION); > config.set("hbase.master.kerberos.principal", > "hbase/[email protected]"); > config.set("hbase.master.keytab.file", > "D:/var/lib/bda/secure/keytabs/hbase.service.keytab"); > config.set("hbase.regionserver.kerberos.principal", > "hbase/[email protected]"); > config.set("hbase.regionserver.keytab.file", > "D:/var/lib/bda/secure/keytabs/hbase.service.keytab"); > > UserGroupInformation.setConfiguration(config); > UserGroupInformation userGroupInformation = > UserGroupInformation.loginUserFromKeytabAndReturnUGI("hbase/[email protected]", > "D:/var/lib/bda/secure/keytabs/hbase.service.keytab"); > UserGroupInformation.setLoginUser(userGroupInformation); > > User user = User.create(userGroupInformation); > > user.runAs(new PrivilegedExceptionAction<Object>() { > > @Override > public Object run() throws Exception { > HBaseAdmin admins = new HBaseAdmin(config); > > if(admins.isTableAvailable("ambarismoketest")) { > System.out.println("Table is available"); > }; > > HConnection connection = > HConnectionManager.createConnection(config); > > HTableInterface table = > connection.getTable("ambarismoketest"); > > byte [] family = Bytes.toBytes("fammily"); > > byte [] col01 = Bytes.toBytes("col01"); > > Scan scan = new Scan(); > scan.addColumn(family, col01); > > ResultScanner rs = table.getScanner(scan); > > for (Result r = rs.next(); r != null; r = rs.next()) { > byte[] valueObj = r.getValue(family, col01); > String value = new String(valueObj); > System.out.println(value); > } > > admins.close(); > System.out.println(table.get(new Get(null))); > return table.get(new Get(null)); > } > }); > > System.out.println(UserGroupInformation.getLoginUser().getUserName()); > > > > /*HbaseTemplate template = client.getHbaseTemplate(); > > template.find("ambarismoketest", new Scan(), new > ResultsExtractor() { > > @Override > public Object extractData(ResultScanner results) > throws Exception { > // TODO Auto-generated method stub > return results; > } > > });*/ > > } catch (Exception e) { > // TODO Auto-generated catch block > e.printStackTrace(); > } > > I get an exception : > > Caused by: > org.apache.hadoop.ipc.RemoteException(javax.security.sasl.SaslException): > GSS initiate failed > at > org.apache.hadoop.hbase.security.HBaseSaslRpcClient.readStatus(HBaseSaslRpcClient.java:110) > at > org.apache.hadoop.hbase.security.HBaseSaslRpcClient.saslConnect(HBaseSaslRpcClient.java:146) > at > org.apache.hadoop.hbase.ipc.RpcClient$Connection.setupSaslConnection(RpcClient.java:762) > at > org.apache.hadoop.hbase.ipc.RpcClient$Connection.access$600(RpcClient.java:354) > at > org.apache.hadoop.hbase.ipc.RpcClient$Connection$2.run(RpcClient.java:883) > at > org.apache.hadoop.hbase.ipc.RpcClient$Connection$2.run(RpcClient.java:880) > at java.security.AccessController.doPrivileged(Native Method) > at javax.security.auth.Subject.doAs(Subject.java:396) > at > org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1491) > at > org.apache.hadoop.hbase.ipc.RpcClient$Connection.setupIOstreams(RpcClient.java:880)
