From c920438f8434d1770784d76cd2a1dcc6d7965ba2 Mon Sep 17 00:00:00 2001
From: rinoux <rinoux@foxmail.com>
Date: Fri, 14 Dec 2018 17:52:06 +0800
Subject: [PATCH] =?UTF-8?q?DEC-5831=20BI=E7=9A=84third=E5=86=85=E7=BD=AEha?=
 =?UTF-8?q?doop=E5=8C=85=E5=86=B2=E7=AA=81=E5=AF=BC=E8=87=B4=E7=9A=84kerbe?=
 =?UTF-8?q?ros=E6=97=A0=E6=B3=95=E8=BF=9E=E6=8E=A5=E6=88=90=E5=8A=9F?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../core/HDFSRepositoryFactory.java           | 26 +++++++++++++++++--
 1 file changed, 24 insertions(+), 2 deletions(-)

diff --git a/src/com/fr/plugin/hdfs/repository/core/HDFSRepositoryFactory.java b/src/com/fr/plugin/hdfs/repository/core/HDFSRepositoryFactory.java
index e350a49..9acfe21 100644
--- a/src/com/fr/plugin/hdfs/repository/core/HDFSRepositoryFactory.java
+++ b/src/com/fr/plugin/hdfs/repository/core/HDFSRepositoryFactory.java
@@ -89,18 +89,19 @@ public class HDFSRepositoryFactory extends ConfigRepositoryFactory<HDFSConfig> {
                 System.setProperty("java.security.krb5.conf", krb5Conf);
                 conf.set("hadoop.security.authentication", "kerberos");
 
+                processConfForPrincipal(conf, principal);
                 //类似OSGI下，类加载需要设置SecurityUtil.setSecurityInfoProviders(new AnnotatedSecurityInfo());
                 //refer to https://stackoverflow.com/questions/37608049/how-to-connect-with-hdfs-via-kerberos-from-osgi-bundles
                 SecurityUtil.setSecurityInfoProviders(new AnnotatedSecurityInfo());
                 //UserGroupInformation初始化
                 UserGroupInformation.setConfiguration(conf);
-                UserGroupInformation.loginUserFromKeytab(config.getPrincipal(), config.getKeyTab());
+                UserGroupInformation.loginUserFromKeytab(principal, config.getKeyTab());
             } catch (Exception e) {
                 FineLoggerFactory.getLogger().error(e.getMessage(), e);
             } finally {
                 kerberosAuthModeSet = true;
             }
-        } else if (kerberosAuthModeSet){
+        } else if (kerberosAuthModeSet) {
             conf.set("hadoop.security.authorization", "false");
             conf.set("hadoop.security.authentication", "simple");
         }
@@ -144,4 +145,25 @@ public class HDFSRepositoryFactory extends ConfigRepositoryFactory<HDFSConfig> {
                 && StringUtils.isNotEmpty(config.getPrincipal())
                 && StringUtils.isNotEmpty(config.getKrbConf());
     }
+
+
+    /**
+     * BI-third内置了hadoop2.6的包，插件优先从lib下加载类，
+     * 此时kerberos认证会报错"Failed to specify server's Kerberos principal name"
+     * 需要设置一下principal的格式
+     * @param conf
+     * @param principal
+     */
+    private void processConfForPrincipal(Configuration conf, String principal) {
+        //2.6.2以前的版本hdfs-site.xml没有默认的pricipal格式设置，需要手动加上
+        //根据Kerberos V5 principal的格式primary/instance@REALM，确定实际的格式
+        String principalPattern;
+        int primaryIdx = principal.indexOf("hdfs/");
+        int atIdx = principal.indexOf("@");
+        if (primaryIdx > -1 && atIdx > primaryIdx) {
+            String name = principal.substring(primaryIdx + "hdfs/".length(), atIdx - 1);
+            principalPattern = principal.replace(name, "*");
+            conf.set("dfs.namenode.kerberos.principal.pattern", principalPattern);
+        }
+    }
 }