Docker Kerberos WebHDFS AuthenticationException: Unauthorized
Okey. I did it. There were a few problems, but this is how the final variant looks.
My docker. krb5.conf and keytab are in the same folder as my docker file. When I build the project they are added to the container and in the entrypoint I use
-Djava.security.krb5.conf
to provide krb5 location. There are also a few options for debugging + I connect mongo.
FROM java:8ADD report.jar report.jarADD krb5.conf /etc/krb5.confADD evkuzmin.keytab /etc/evkuzmin.keytabRUN sh -c 'touch report.jar'ENTRYPOINT ["java","-Dspring.data.mongodb.uri=mongodb://audpro_mongo/report","-Djavax.net.debug=all","-Dsun.security.spnego.debug=true","-Dsun.security.krb5.debug=true","-Djava.security.krb5.conf=/etc/krb5.conf","-jar","/report.jar"]
Then I use KerberosRestTemplate
to connect to webhdfs
public String getReportJSON() throws URISyntaxException { KerberosRestTemplate restTemplate = new KerberosRestTemplate("/etc/evkuzmin.keytab", "EvKuzmin@DOMAIN"); URI uri = new URI("http" + "://" + host + ":" + port + "/webhdfs/v1" + path + "?op=OPEN"); String json = restTemplate.getForObject(uri, String.class); return json; }
If you want to run the app without docker, just build it and add the keytab to the same direction as the jar. Then change /etc/evkuzmin.keytab
so it points to the new location.