spark-webUI添加权限认证

原创

灰色、最淡雅的低调 2022-01-20 11:27:26 ©著作权

文章标签 spark 安全 spark webUI java ui界面 文章分类 代码人生

©著作权归作者所有：来自51CTO博客作者灰色、最淡雅的低调的原创作品，请联系作者获取转载授权，否则将追究法律责任

直接上步骤：

#1、编写Filter代码

package spark;

import org.apache.commons.codec.binary.Base64;
import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import javax.servlet.*;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.util.StringTokenizer;

public class SparkFilter implements Filter {

/** Logger */
private static final Logger LOG = LoggerFactory.getLogger(SparkFilter.class);

private String username = "";

private String password = "";

private String realm = "Protected";

@Override
public void init(FilterConfig filterConfig) throws ServletException {
    username = filterConfig.getInitParameter("username");
    password = filterConfig.getInitParameter("password");
}

@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain)
        throws IOException, ServletException {

    HttpServletRequest request = (HttpServletRequest) servletRequest;
    HttpServletResponse response = (HttpServletResponse) servletResponse;

    String authHeader = request.getHeader("Authorization");
    if (authHeader != null) {

        StringTokenizer st = new StringTokenizer(authHeader);
        if (st.hasMoreTokens()) {

            String basic = st.nextToken();

            if (basic.equalsIgnoreCase("Basic")) {

                try {
                    String credentials = new String(Base64.decodeBase64(st.nextToken()), "UTF-8");
                    LOG.debug("Credentials: " + credentials);

                    int p = credentials.indexOf(":");
                    if (p != -1) {
                        String _username = credentials.substring(0, p).trim();
                        String _password = credentials.substring(p + 1).trim();


                        if (!username.equals(_username) || !password.equals(_password)) {
                            unauthorized(response, "Bad credentials");
                        }

                        filterChain.doFilter(servletRequest, servletResponse);
                    } else {
                        unauthorized(response, "Invalid authentication token");
                    }
                } catch (UnsupportedEncodingException e) {
                    throw new Error("Couldn't retrieve authentication", e);
                }
            }
        }
    } else {
        unauthorized(response);
    }
}

    @Override
    public void destroy() {
    }

    private void unauthorized(HttpServletResponse response, String message) throws IOException {
        response.setHeader("WWW-Authenticate", "Basic realm=\"" + realm + "\"");
        response.sendError(401, message);
    }

    private void unauthorized(HttpServletResponse response) throws IOException {
        unauthorized(response, "Unauthorized");
    }

    public static void main(String[] args) {

     }

}

2、把Filter类打成jar包，上传到spark根目录下的jars目录

3、修改master节点spark-defaults.conf，添加以下内容

spark.ui.filters=spark.SparkFilter    //项目中filter类的路径 
spark.spark.SparkFilter.param.username=foo     //spark-webUI界面登陆的用户    spark.filter路径.param.参数名
spark.spark.SparkFilter.param.password=foo   //spark-webUI界面登陆的密码    spark.filter路径.param.参数名
spark.acls.enable=true