HttpClient请求开启Kerberos的HTTP服务

小灰灰 2022-11-17 05:24 348阅读 0赞

内容来自 社会我帅神

方案一.

  1. import org.apache.http.HttpResponse;
  2. import org.apache.http.auth.AuthSchemeProvider;
  3. import org.apache.http.auth.AuthScope;
  4. import org.apache.http.auth.Credentials;
  5. import org.apache.http.client.HttpClient;
  6. import org.apache.http.client.config.AuthSchemes;
  7. import org.apache.http.client.methods.HttpGet;
  8. import org.apache.http.client.methods.HttpUriRequest;
  9. import org.apache.http.config.Lookup;
  10. import org.apache.http.config.RegistryBuilder;
  11. import org.apache.http.impl.auth.SPNegoSchemeFactory;
  12. import org.apache.http.impl.client.BasicCredentialsProvider;
  13. import org.apache.http.impl.client.CloseableHttpClient;
  14. import org.apache.http.impl.client.HttpClientBuilder;
  15. import org.slf4j.Logger;
  16. import org.slf4j.LoggerFactory;
  18. import javax.security.auth.Subject;
  19. import javax.security.auth.kerberos.KerberosPrincipal;
  20. import javax.security.auth.login.AppConfigurationEntry;
  21. import javax.security.auth.login.Configuration;
  22. import javax.security.auth.login.LoginContext;
  23. import java.io.IOException;
  24. import java.security.Principal;
  25. import java.security.PrivilegedAction;
  26. import java.util.HashMap;
  27. import java.util.HashSet;
  28. import java.util.Set;
  30. public class RequestKerberosUrlUtils { 
  31.     public static Logger logger = LoggerFactory.getLogger(RequestKerberosUrlUtils.class);
  32.     private String principal;
  33.     private String keyTabLocation;
  35.     public RequestKerberosUrlUtils() { 
  36.     }
  38.     public RequestKerberosUrlUtils(String principal, String keyTabLocation) { 
  39.         super();
  40.         this.principal = principal;
  41.         this.keyTabLocation = keyTabLocation;
  42.     }
  44.     public RequestKerberosUrlUtils(String principal, String keyTabLocation, boolean isDebug) { 
  45.         this(principal, keyTabLocation);
  46.         if (isDebug) { 
  47.             System.setProperty("sun.security.spnego.debug", "true");
  48.             System.setProperty("sun.security.krb5.debug", "true");
  49.         }
  50.     }
  52.     public RequestKerberosUrlUtils(String principal, String keyTabLocation, String krb5Location, boolean isDebug) { 
  53.         this(principal, keyTabLocation, isDebug);
  54.         System.setProperty("java.security.krb5.conf", krb5Location);
  55.     }
  57.     //模拟curl使用kerberos认证
  58.     private static HttpClient buildSpengoHttpClient() { 
  59.         HttpClientBuilder builder = HttpClientBuilder.create();
  60.         Lookup<AuthSchemeProvider> authSchemeRegistry = RegistryBuilder.<AuthSchemeProvider>create().
  61.                 register(AuthSchemes.SPNEGO, new SPNegoSchemeFactory(true)).build();
  62.         builder.setDefaultAuthSchemeRegistry(authSchemeRegistry);
  63.         BasicCredentialsProvider credentialsProvider = new BasicCredentialsProvider();
  64.         credentialsProvider.setCredentials(new AuthScope(null, -1, null), new Credentials() { 
  65.             @Override
  66.             public Principal getUserPrincipal() { 
  67.                 return null;
  68.             }
  70.             @Override
  71.             public String getPassword() { 
  72.                 return null;
  73.             }
  74.         });
  75.         builder.setDefaultCredentialsProvider(credentialsProvider);
  76.         CloseableHttpClient httpClient = builder.build();
  77.         return httpClient;
  78.     }
  80.     public HttpResponse callRestUrl(final String url, final String userId) { 
  81.         logger.warn(String.format("Calling KerberosHttpClient %s %s %s", this.principal, this.keyTabLocation, url));
  82.         Configuration config = new Configuration() { 
  83.             @SuppressWarnings("serial")
  84.             @Override
  85.             public AppConfigurationEntry[] getAppConfigurationEntry(String name) { 
  86.                 return new AppConfigurationEntry[]{ new AppConfigurationEntry("com.sun.security.auth.module.Krb5LoginModule",
  87.                         AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, new HashMap<String, Object>() { 
  88.                     { 
  89.                         put("useTicketCache", "false");
  90.                         put("useKeyTab", "true");
  91.                         put("keyTab", keyTabLocation);
  92.                         //Krb5 in GSS API needs to be refreshed so it does not throw the error
  93.                         //Specified version of key is not available
  94.                         put("refreshKrb5Config", "true");
  95.                         put("principal", principal);
  96.                         put("storeKey", "true");
  97.                         put("doNotPrompt", "true");
  98.                         put("isInitiator", "true");
  99.                         put("debug", "true");
  100.                     }
  101.                 })};
  102.             }
  103.         };
  104.         Set<Principal> princ = new HashSet<Principal>(1);
  105.         princ.add(new KerberosPrincipal(userId));
  106.         Subject sub = new Subject(false, princ, new HashSet<Object>(), new HashSet<Object>());
  107.         try { 
  108.             //认证模块:Krb5Login
  109.             LoginContext lc = new LoginContext("Krb5Login", sub, null, config);
  110.             lc.login();
  111.             Subject serviceSubject = lc.getSubject();
  112.             return Subject.doAs(serviceSubject, new PrivilegedAction<HttpResponse>() { 
  113.                 HttpResponse httpResponse = null;
  115.                 @Override
  116.                 public HttpResponse run() { 
  117.                     try { 
  118.                         HttpUriRequest request = new HttpGet(url);
  119.                         HttpClient spnegoHttpClient = buildSpengoHttpClient();
  120.                         httpResponse = spnegoHttpClient.execute(request);
  121.                         return httpResponse;
  122.                     } catch (IOException ioe) { 
  123.                         ioe.printStackTrace();
  124.                     }
  125.                     return httpResponse;
  126.                 }
  127.             });
  128.         } catch (Exception le) { 
  129.             le.printStackTrace();
  130.         }
  131.         return null;
  132.     }
  133. }

方案二

  1. package com.post;
  3. import org.apache.http.HttpResponse;
  4. import org.apache.http.auth.AuthSchemeProvider;
  5. import org.apache.http.auth.AuthScope;
  6. import org.apache.http.auth.Credentials;
  7. import org.apache.http.client.HttpClient;
  8. import org.apache.http.client.config.AuthSchemes;
  9. import org.apache.http.client.methods.HttpGet;
  10. import org.apache.http.client.methods.HttpPost;
  11. import org.apache.http.client.methods.HttpUriRequest;
  12. import org.apache.http.config.Lookup;
  13. import org.apache.http.config.RegistryBuilder;
  14. import org.apache.http.entity.ContentType;
  15. import org.apache.http.entity.StringEntity;
  16. import org.apache.http.impl.auth.SPNegoSchemeFactory;
  17. import org.apache.http.impl.client.BasicCredentialsProvider;
  18. import org.apache.http.impl.client.CloseableHttpClient;
  19. import org.apache.http.impl.client.HttpClientBuilder;
  20. import org.slf4j.Logger;
  21. import org.slf4j.LoggerFactory;
  23. import javax.security.auth.Subject;
  24. import javax.security.auth.login.Configuration;
  25. import javax.security.auth.login.LoginContext;
  26. import javax.security.auth.login.LoginException;
  27. import java.io.IOException;
  28. import java.security.Principal;
  29. import java.security.PrivilegedAction;
  31. public class RequestKerberosUrlUtilsClassPath { 
  32.     public static Logger logger = LoggerFactory.getLogger(RequestKerberosUrlUtilsClassPath.class);
  34.     public RequestKerberosUrlUtilsClassPath() { 
  35.     }
  37.     public RequestKerberosUrlUtilsClassPath(boolean isDebug) { 
  38.         if (isDebug) { 
  39.             System.setProperty("sun.security.spnego.debug", "true");
  40.             System.setProperty("sun.security.krb5.debug", "true");
  41.         }
  42.     }
  44.     public RequestKerberosUrlUtilsClassPath(String krb5Location, boolean isDebug) { 
  45.         System.setProperty("java.security.krb5.conf", krb5Location);
  46.     }
  48.     //模拟curl使用kerberos认证
  49.     private static HttpClient buildSpengoHttpClient() { 
  50.         HttpClientBuilder builder = HttpClientBuilder.create();
  51.         Lookup<AuthSchemeProvider> authSchemeRegistry = RegistryBuilder.<AuthSchemeProvider>create().
  52.                 register(AuthSchemes.SPNEGO, new SPNegoSchemeFactory(true)).build();
  53.         builder.setDefaultAuthSchemeRegistry(authSchemeRegistry);
  54.         BasicCredentialsProvider credentialsProvider = new BasicCredentialsProvider();
  55.         credentialsProvider.setCredentials(new AuthScope(null, -1, null), new Credentials() { 
  56.             @Override
  57.             public Principal getUserPrincipal() { 
  58.                 return null;
  59.             }
  61.             @Override
  62.             public String getPassword() { 
  63.                 return null;
  64.             }
  65.         });
  66.         builder.setDefaultCredentialsProvider(credentialsProvider);
  67.         CloseableHttpClient httpClient = builder.build();
  68.         return httpClient;
  69.     }
  71.     public HttpResponse get(final String url) { 
  72.         try { 
  74.             Subject serviceSubject = getSubject();
  75.             return Subject.doAs(serviceSubject, new PrivilegedAction<HttpResponse>() { 
  76.                 HttpResponse httpResponse = null;
  78.                 @Override
  79.                 public HttpResponse run() { 
  80.                     try { 
  81.                         HttpUriRequest request = new HttpGet(url);
  82.                         HttpClient spnegoHttpClient = buildSpengoHttpClient();
  83.                         httpResponse = spnegoHttpClient.execute(request);
  84.                         return httpResponse;
  85.                     } catch (IOException ioe) { 
  86.                         ioe.printStackTrace();
  87.                     }
  88.                     return httpResponse;
  89.                 }
  90.             });
  91.         } catch (Exception le) { 
  92.             le.printStackTrace();
  93.         }
  94.         return null;
  95.     }
  97.     public HttpResponse post(final String url, final String params) { 
  98.         try { 
  100.             Subject serviceSubject = getSubject();
  101.             return Subject.doAs(serviceSubject, new PrivilegedAction<HttpResponse>() { 
  102.                 HttpResponse httpResponse = null;
  104.                 @Override
  105.                 public HttpResponse run() { 
  106.                     try { 
  107.                         HttpPost httpPost = new HttpPost();
  108.                         httpPost.setEntity(new StringEntity(params, ContentType.APPLICATION_JSON));
  109.                         HttpClient spnegoHttpClient = buildSpengoHttpClient();
  110.                         httpResponse = spnegoHttpClient.execute(httpPost);
  111.                         return httpResponse;
  112.                     } catch (IOException ioe) { 
  113.                         ioe.printStackTrace();
  114.                     }
  115.                     return httpResponse;
  116.                 }
  117.             });
  118.         } catch (Exception le) { 
  119.             le.printStackTrace();
  120.         }
  121.         return null;
  122.     }
  124.     private Subject getSubject() throws LoginException { 
  125.         String property = System.getProperty("java.security.auth.login.config");
  126.         if (null != property) { 
  127.             Configuration configuration = Configuration.getConfiguration();
  128.             //认证模块:Krb5Login
  129.             LoginContext lc = new LoginContext("Krb5Login", null, null, configuration);
  130.             lc.login();
  131.             return lc.getSubject();
  132.         }
  133.         return new Subject();
  134.     }
  135. }

验证

  1. package com.post;
  4. import org.apache.commons.io.IOUtils;
  5. import org.apache.http.HttpResponse;
  7. import java.io.InputStream;
  8. import java.nio.charset.StandardCharsets;
  9. import java.util.Arrays;
  11. public class RequestKerberosUrlUtilsTest { 
  14.     public static void main(String[] args) { 
  15.         params();
  16.         classPath();
  17.     }
  19.     public static void params() { 
  20.         String user = "ws@HENGHE.COM";
  21.         String keytab = "D:\\ysstest\\post\\src\\main\\resources\\ws.keytab";
  22.         String krb5Location = "D:\\ysstest\\post\\src\\main\\resources\\krb5.conf";
  23.         try { 
  24.             RequestKerberosUrlUtils restTest = new RequestKerberosUrlUtils(user, keytab, krb5Location, false);
  25.             // refer to https://hadoop.apache.org/docs/stable/hadoop-project-dist/hadoop-hdfs/WebHDFS.html#Open_and_Read_a_File
  26.             String url_liststatus = "http://localhost:8083/offset/test";
  27.             // location
  28.             HttpResponse response = restTest.callRestUrl(url_liststatus, user);
  29.             InputStream is = response.getEntity().getContent();
  30.             System.out.println("Status code " + response.getStatusLine().getStatusCode());
  31.             System.out.println("message is :" + Arrays.deepToString(response.getAllHeaders()));
  32.             System.out.println("string:\n" + new String(IOUtils.toByteArray(is), StandardCharsets.UTF_8));
  34.         } catch (Exception exp) { 
  35.             exp.printStackTrace();
  36.         }
  38.     }
  40.     public static void classPath() { 
  41.         String krb5Location = "D:\\ysstest\\post\\src\\main\\resources\\krb5.conf";
  42.         System.setProperty("java.security.auth.login.config", "D:\\ysstest\\post\\src\\main\\resources\\http.conf");
  43.         System.setProperty("java.security.krb5.conf", "D:\\ysstest\\post\\src\\main\\resources\\krb5.conf");
  44.         try { 
  45.             RequestKerberosUrlUtilsClassPath restTest = new RequestKerberosUrlUtilsClassPath();
  46.             // refer to https://hadoop.apache.org/docs/stable/hadoop-project-dist/hadoop-hdfs/WebHDFS.html#Open_and_Read_a_File
  47.             String url_liststatus = "http://localhost:8083/offset/test";
  48.             // location
  49.             HttpResponse response = restTest.get(url_liststatus);
  50.             InputStream is = response.getEntity().getContent();
  51.             System.out.println("Status code " + response.getStatusLine().getStatusCode());
  52.             System.out.println("message is :" + Arrays.deepToString(response.getAllHeaders()));
  53.             System.out.println("string:\n" + new String(IOUtils.toByteArray(is), StandardCharsets.UTF_8));
  55.         } catch (Exception exp) { 
  56.             exp.printStackTrace();
  57.         }
  59.     }
  60. }

发表评论

表情:
评论列表 (有 0 条评论,348人围观)

还没有评论,来说两句吧...

相关阅读

    相关 ambari开启kerberos

    网上一些跟[Ambari启用Kerberos][Ambari_Kerberos],看似很简单,但实际按照这个配置,遇到的问题连解决方案都不好找。启用了kerberos,想要也没

    亦凉亦凉/ 0/ 262 阅读