I got this to work as follows (but there's a twist when dealing with Eclipse from Windows):
System.setProperty("javax.net.ssl.trustStorePassword","xxxxxx");
System.setProperty("java.security.auth.login.config", "C:\\my_jaas.conf");
String zkHosts = "zookeeper1.com:2181,zookeeper2.ghp.com:2181,zookeeper3.ghp.com:2181/solr";
Krb5HttpClientBuilder krbBuild = new Krb5HttpClientBuilder();
SolrHttpClientBuilder kb = krbBuild.getBuilder();
HttpClientUtil.setHttpClientBuilder(kb);
CloudSolrClient solrServer = new CloudSolrClient.Builder().withZkHost(zkHosts).build();
String collectionName = "test_col";
solrServer.setDefaultCollection(collectionName);
solrServer.connect();
SolrQuery parameters = new SolrQuery();
parameters.set("q", "*:*");
try {
solrServer.commit();
QueryResponse response = solrServer.query(parameters);
for (SolrDocument solrDocument : response.getResults()) {
System.out.println(" " + solrDocument.toString());
}
krbBuild.close();
solrServer.close();
} catch (SolrServerException | IOException e) {
e.printStackTrace();
}
If you are working from a Windows Environment and Windows is generating your TGT Kerberos keys and Kerberos is hooked into AD (that is, not using MIT Kerberos), then you need to update the registry as follows (thanks to Cloudera Systems Engineer Tom Roach):
On windows, to use your kerberos tickets from AD in your Java program, you need to setup this Windows registry.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\Kerberos\Parameters
Value Name: AllowTgtSessionKey
Value Type: REG_DWORD
Value: 0x01
jaas.conf:
Client {
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=false
useTicketCache=true
principal="myuser@MYDOMAIN.COM";
};
