Using JDBC or Beeline to Connect to HiveServer2
The HiveServer2 authentication method and client type determine how the HiveServer2 clients connect to HiveServer2.
Using JDBC or Beeline to Connect to HiveServer2
The default port for HiveServer2 is 10000.
The following table lists HiveServer2 authentication mechanisms with the connection parameters required in the JDBC connection string. For a complete list of the JDBC connection string parameters, refer to the next section, Hive JDBC Connection String Parameters.
HiveServer2 Authentication | Connection Requirements |
---|---|
No Authentication |
Connection String:
For encryption, JDBC requires a truststore and an optional truststore password.
|
MapR-SASL (included as part of the secure by default configuration) |
Connection String:
MapR-SASL encryption is enabled by default. For more information, see Configuring JDBC
Connection String with SSL Encryption Enabled or Disabled.
NOTE MapR-SASL is
not supported for Hive in HTTP mode.
Connection for Java Application: Use the |
PAM |
Connection String:
|
PAM + SSL (included as part of the secure by default configuration) |
Connection String:
|
Kerberos |
Connection String:
Connection for Java Application: Use the NOTE The client nodes must also have a Kerberos ticket and be configured to
connect to HiveServer2 to use Kerberos. |
LDAP |
Connection String:
jdbc:hive2://<hs2_hostname>:10000/<database>;user=<ldap_user>;password=<ldap
_password> |
ZooKeeper |
Connection String:
Example:
|
Hive JDBC Connection String Parameters
jdbc:hive2://zookeeper_quorum|hs2_host:port/[db][;principal=<hs2_principal>/<hs2_host>|_HOST@<KDC_REALM>][;transportMode=binary|http][;httpPath=<http_path>][;serviceDiscoveryMode=zookeeper;zooKeeperNamespace=<zk_namespace>][;auth=maprsasl][;ssl=true|false][;sslKeyStore=<key_store_path>][;keyStorePassword=<key_store_password][;sslTrustStore=<trust_store_path>][;trustStorePassword=<trust_store_password>][;twoWay=true|false]
JDBC Parameter | Default | Comment |
zookeeper_quorum | Zookeeper quorum. Used only if HA mode for HiveServer2 is enabled. | |
hs2_host | The hostname of the node with an active HS2 server running. | |
port | 10000/10001 | HiveServer2 port. Defaults to 10000 in binary mode. Defaults to 10001 in HTTP transport mode. |
[db] | default | The database name to which you want to connect. |
[;principal=<hs2_principal>/<hs2_host>|_HOST@<KDC_REALM>] | Kerberos principal. Used with Kerberos security only. | |
[;transportMode=binary|http] | binary |
HS2 uses a TThreadPoolServer (from Thrift) for TCP (binary) mode, or a Jetty server for the HTTP mode. HTTP mode is required when a proxy is needed between the client and server, for example, for load balancing or security reasons. |
[;httpPath=<http_path>] | cliservice or / | The corresponding HTTP endpoint. The default value is cliservice or /. See conf hive.server2.thrift.http.path |
[;serviceDiscoveryMode=zookeeper;zooKeeperNamespace=<zk_namespace>] | <zk_namespace> is the parent node in ZooKeeper used by HiveServer2 when supporting dynamic service discovery. | |
[;auth=maprsasl] | Used with MapR SASL security. | |
[;ssl=true|false] | false | Used to enable SSL encryption. |
[;sslKeyStore=<key_store_path>] | Default value is read from $MAPR_HOME/conf/ssl-client.xml | This parameter only takes effect when ssl=true. Path is the path to the keystore. |
[;keyStorePassword=<key_store_password] | Default value is read from $MAPR_HOME/conf/ssl-client.xml | This param will take effect only when ssl=true. Keystore password. |
[;sslTrustStore=<trust_store_path>] | Default value is read from $MAPR_HOME/conf/ssl-client.xml | This param will take effect only when ssl=true. Path is the path to the truststore. |
[;trustStorePassword=<trust_store_password>] | Default value is read from $MAPR_HOME/conf/ssl-client.xml | This parameter only takes effect when ssl=true. Password is the truststore password. |
[;twoWay=true|false] | HIVE-10447 enabled the JDBC driver to support 2-way SSL in HTTP mode. Currently, HiveServer2 does not support 2-way SSL. This features is useful when there is an intermediate server, such as Knox, which requires the client to support 2-way SSL. |