Source code

001/**
002 *
003 * Licensed to the Apache Software Foundation (ASF) under one
004 * or more contributor license agreements.  See the NOTICE file
005 * distributed with this work for additional information
006 * regarding copyright ownership.  The ASF licenses this file
007 * to you under the Apache License, Version 2.0 (the
008 * "License"); you may not use this file except in compliance
009 * with the License.  You may obtain a copy of the License at
010 *
011 *     http://www.apache.org/licenses/LICENSE-2.0
012 *
013 * Unless required by applicable law or agreed to in writing, software
014 * distributed under the License is distributed on an "AS IS" BASIS,
015 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
016 * See the License for the specific language governing permissions and
017 * limitations under the License.
018 */
019package org.apache.hadoop.hbase.thrift2;
020
021import java.nio.ByteBuffer;
022import java.security.PrivilegedExceptionAction;
023import java.util.ArrayList;
024import java.util.HashMap;
025import java.util.List;
026import java.util.Map;
027import javax.security.auth.Subject;
028import javax.security.auth.login.AppConfigurationEntry;
029import javax.security.auth.login.Configuration;
030import javax.security.auth.login.LoginContext;
031import javax.security.sasl.Sasl;
032import org.apache.hadoop.hbase.HBaseConfiguration;
033import org.apache.hadoop.hbase.thrift2.generated.TColumnValue;
034import org.apache.hadoop.hbase.thrift2.generated.TGet;
035import org.apache.hadoop.hbase.thrift2.generated.THBaseService;
036import org.apache.hadoop.hbase.thrift2.generated.TPut;
037import org.apache.hadoop.hbase.thrift2.generated.TResult;
038import org.apache.thrift.protocol.TBinaryProtocol;
039import org.apache.thrift.protocol.TProtocol;
040import org.apache.thrift.transport.TFramedTransport;
041import org.apache.thrift.transport.TSaslClientTransport;
042import org.apache.thrift.transport.TSocket;
043import org.apache.thrift.transport.TTransport;
044import org.apache.yetus.audience.InterfaceAudience;
045
046@InterfaceAudience.Private
047public class DemoClient {
048
049  private static String host = "localhost";
050  private static int port = 9090;
051  private static boolean secure = false;
052  private static String user = null;
053
054  public static void main(String[] args) throws Exception {
055    System.out.println("Thrift2 Demo");
056    System.out.println("Usage: DemoClient [host=localhost] [port=9090] [secure=false]");
057    System.out.println("This demo assumes you have a table called \"example\" with a column family called \"family1\"");
058
059    // use passed in arguments instead of defaults
060    if (args.length >= 1) {
061      host = args[0];
062    }
063    if (args.length >= 2) {
064      port = Integer.parseInt(args[1]);
065    }
066    org.apache.hadoop.conf.Configuration conf = HBaseConfiguration.create();
067    String principal = conf.get("hbase.thrift.kerberos.principal");
068    if (principal != null) {
069      secure = true;
070      int slashIdx = principal.indexOf("/");
071      int atIdx = principal.indexOf("@");
072      int idx = slashIdx != -1 ? slashIdx : atIdx != -1 ? atIdx : principal.length();
073      user = principal.substring(0, idx);
074    }
075    if (args.length >= 3) {
076      secure = Boolean.parseBoolean(args[2]);
077    }
078
079    final DemoClient client = new DemoClient();
080    Subject.doAs(getSubject(),
081      new PrivilegedExceptionAction<Void>() {
082        @Override
083        public Void run() throws Exception {
084          client.run();
085          return null;
086        }
087      });
088  }
089
090  public void run() throws Exception {
091    int timeout = 10000;
092    boolean framed = false;
093
094    TTransport transport = new TSocket(host, port, timeout);
095    if (framed) {
096      transport = new TFramedTransport(transport);
097    } else if (secure) {
098      /**
099       * The Thrift server the DemoClient is trying to connect to
100       * must have a matching principal, and support authentication.
101       *
102       * The HBase cluster must be secure, allow proxy user.
103       */
104      Map<String, String> saslProperties = new HashMap<>();
105      saslProperties.put(Sasl.QOP, "auth-conf,auth-int,auth");
106      transport = new TSaslClientTransport("GSSAPI", null,
107        user != null ? user : "hbase",// Thrift server user name, should be an authorized proxy user
108        host, // Thrift server domain
109        saslProperties, null, transport);
110    }
111
112    TProtocol protocol = new TBinaryProtocol(transport);
113    // This is our thrift client.
114    THBaseService.Iface client = new THBaseService.Client(protocol);
115
116    // open the transport
117    transport.open();
118
119    ByteBuffer table = ByteBuffer.wrap("example".getBytes());
120
121    TPut put = new TPut();
122    put.setRow("row1".getBytes());
123
124    TColumnValue columnValue = new TColumnValue();
125    columnValue.setFamily("family1".getBytes());
126    columnValue.setQualifier("qualifier1".getBytes());
127    columnValue.setValue("value1".getBytes());
128    List<TColumnValue> columnValues = new ArrayList<>(1);
129    columnValues.add(columnValue);
130    put.setColumnValues(columnValues);
131
132    client.put(table, put);
133
134    TGet get = new TGet();
135    get.setRow("row1".getBytes());
136
137    TResult result = client.get(table, get);
138
139    System.out.print("row = " + new String(result.getRow()));
140    for (TColumnValue resultColumnValue : result.getColumnValues()) {
141      System.out.print("family = " + new String(resultColumnValue.getFamily()));
142      System.out.print("qualifier = " + new String(resultColumnValue.getFamily()));
143      System.out.print("value = " + new String(resultColumnValue.getValue()));
144      System.out.print("timestamp = " + resultColumnValue.getTimestamp());
145    }
146
147    transport.close();
148  }
149
150  static Subject getSubject() throws Exception {
151    if (!secure) return new Subject();
152
153    /*
154     * To authenticate the DemoClient, kinit should be invoked ahead.
155     * Here we try to get the Kerberos credential from the ticket cache.
156     */
157    LoginContext context = new LoginContext("", new Subject(), null,
158      new Configuration() {
159        @Override
160        public AppConfigurationEntry[] getAppConfigurationEntry(String name) {
161          Map<String, String> options = new HashMap<>();
162          options.put("useKeyTab", "false");
163          options.put("storeKey", "false");
164          options.put("doNotPrompt", "true");
165          options.put("useTicketCache", "true");
166          options.put("renewTGT", "true");
167          options.put("refreshKrb5Config", "true");
168          options.put("isInitiator", "true");
169          String ticketCache = System.getenv("KRB5CCNAME");
170          if (ticketCache != null) {
171            options.put("ticketCache", ticketCache);
172          }
173          options.put("debug", "true");
174
175          return new AppConfigurationEntry[]{
176              new AppConfigurationEntry("com.sun.security.auth.module.Krb5LoginModule",
177                  AppConfigurationEntry.LoginModuleControlFlag.REQUIRED,
178                  options)};
179        }
180      });
181    context.login();
182    return context.getSubject();
183  }
184}