spark-webui为监控spark程序运行以及查看程序运行信息提供了很大的方便性,在默认配置下,查看信息不需要任何的认证信息,这在开发环境没有问题,但是在测试环境和生产环境就不合适了。
添加认证的方法是通过filter方式增加认证:
1. 创建认证filter对应的jar包在idea中通过maven编译源码方式。
1.1 添加maven依赖创建maven项目后,添加如下依赖:
1.2 filter代码commons-codec commons-codec1.10 org.slf4j slf4j-api1.7.35 ch.qos.logback logback-classic1.2.3 javax.servlet javax.servlet-api4.0.1 provided
package com.demo;
import org.apache.commons.codec.binary.base64;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.util.StringTokenizer;
public class SparkAuthFilter implements Filter {
private static final Logger LOG = LoggerFactory.getLogger(SparkAuthFilter.class);
private String username = "";
private String password = "";
private String realm = "Protected";
@Override
public void init(FilterConfig filterConfig) throws ServletException {
username = filterConfig.getInitParameter("username");
password = filterConfig.getInitParameter("password");
}
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain)
throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) servletRequest;
HttpServletResponse response = (HttpServletResponse) servletResponse;
String authHeader = request.getHeader("Authorization");
if (authHeader != null) {
StringTokenizer st = new StringTokenizer(authHeader);
if (st.hasMoreTokens()) {
String basic = st.nextToken();
if (basic.equalsIgnoreCase("Basic")) {
try {
String credentials = new String(base64.decodebase64(st.nextToken()), "UTF-8");
LOG.debug("Credentials: " + credentials);
int p = credentials.indexOf(":");
if (p != -1) {
String _username = credentials.substring(0, p).trim();
String _password = credentials.substring(p + 1).trim();
if (!username.equals(_username) || !password.equals(_password)) {
unauthorized(response, "Bad credentials");
}
filterChain.doFilter(servletRequest, servletResponse);
} else {
unauthorized(response, "Invalid authentication token");
}
} catch (UnsupportedEncodingException e) {
throw new Error("Couldn't retrieve authentication", e);
}
}
}
} else {
unauthorized(response);
}
}
@Override
public void destroy() {
}
private void unauthorized(HttpServletResponse response, String message) throws IOException {
response.setHeader("WWW-Authenticate", "Basic realm="" + realm + """);
response.sendError(401, message);
}
private void unauthorized(HttpServletResponse response) throws IOException {
unauthorized(response, "Unauthorized");
}
public static void main(String[] args) {
}
}
将代码打包成jar包
2. 执行配置1. 将jar包上传到spark的jars目录。
2. spark-defaults.conf配置文件中,增加如下配置:
spark.ui.filters=com.demo.SparkAuthFilter spark.com.demo.SparkAuthFilter.param.username=test spark.com.demo.SparkAuthFilter.param.password=password spark.acls.enable=true
配置规则为:
spark.filter路径.param.参数名
3. 测试验证重启spark集群;
./stop-all ./start-all
通过浏览器访问时,出现如下的提示。
