java – 用于Thrift的Kerberos?
我有一个简单的基于Thrift的
java应用程序.这非常简单,只不过是在java中使用Thrift的“Hello World”消息传输.我被告知我需要为我的消息添加Kerberos支持.我做了一些谷歌搜索,并且惊讶于Thrift还没有某种形式的Kerberos支持(或者如果确实如此,我找不到它).我想过使用GSSAPI编写自己的包装器,但是我无法打开/解包我的Thrift消息,因为它会破坏Thrift消息格式.
有没有人曾经Kerberized Thrift?..或者知道怎么做? 提前致谢. 解决方法
**所以,我想有一种方法可以通过SASL / GSS API来实现.令我困惑的是为什么我在互联网上没有看到任何这方面的好例子.然而,我发布了一个我所创造的例子,希望它能帮助他人……或者有人可以纠正我在这里做一些有用的事情的错觉.
示例服务器代码: TServerSocket serverTransport = new TServerSocket(7911); // new server on port 7911 HelloWorldService.Processor<Iface> processor = new HelloWorldService.Processer<Iface>(new ThriftServerImpl()); // This is my thrift implementation for my server Map<String,String> saslProperties = new HashMap<String,String>(); // need a map for properties saslProperties.put(Sasl.QOP,"true"); saslProperties.put(Sasl.QOP,"auth-conf"); // authorization and confidentiality TSaslServerTransport.Factory saslTransportFactory = new TSaslServerTransport.Factory(); // Creating the server definition saslTransportFactory.addServerDefinition( "GSSAPI",// tell SASL to use GSSAPI,which supports Kerberos "myserviceprincipal",// base kerberos principal name - myprincipal/my.server.com@MY.REALM "my.server.com",// kerberos principal server - myprincipal/my.server.com@MY.REALM saslProps,// Properties set,above new SaslRpcServer.SaslGssCallbackHandler())); // I don't know what this really does... but I stole it from Hadoop and it works.. so there. Tserver server = new TThreadPoolServer(newTThreadPoolSErver.Args(serverTransport).transportFactory(saslTrasnportFactory).processor(processor)); server.serve(); // Thrift server start 客户端代码示例 TTransport transport = new TSocket("my.server.com",7911); // client to connect to server and port saslProperties.put(Sasl.QOP,"auth-conf"); // authorization and confidentiality TTransport saslTransport = new TSaslTransport( "GSSAPI",which supports Kerberos null,// authorizationid - null "myserviceprincipal",// base kerberos principal name - myprincipal/my.client.com@MY.REALM "my.server.com",above null,// callback handler - null transport); // underlying transport TProtocol protocol = new TBinaryProtocol(saslTransport); // set up our new Thrift protocol HelloWorldService.Client client = new HelloWorldService.Client(protocol); // Setup our thrift client saslTransport.open(); String response = client.hello("Hi There"); // send message System.out.println("response = " + response); transport.close(); 其他同意: com.sun.security.jgss.initiate { com.sun.security.auth.module.Krb5LoginModule required useKeyTab=true keyTab="/etc/myapp/conf/myapp.keytab" useTicketCache=true principal="myuserprincipal" debug=true; }; com.sun.security.jgss.accept { com.sun.security.auth.module.Krb5LoginModule required useKeyTab=true keyTab="/etc/myapp/conf/myapp.keytab" useTicketCache=false principal="myserviceprincipal/my.server.com" debug=true; }; (回到考虑因素……) 无论如何,我希望这可以帮助某些人……或者可以激发一些对我有帮助的改进. :)很难相信我花了2-3天这样做,只有少量的代码出来了,但是当我开始时我既不知道Kerberos也不知道Thrift. 谢谢阅读. (编辑:李大同) 【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容! |