1.zookeeper的ACL(访问控制列表)
znode被创建时带有一个ACL列表(默认为word,表示anyone)
ACL包括:
scheme(验证方式):zookeeper提供了以下几种验证方式:
digest:客户端用户名和密码。
auth:不适用任何id。
ip:IP地址验证。
word:固定为anyone。
super:在这种scheme情况下,对应的id拥有超级权限,可以做任何事情。
id(验证信息)
perms(权限):节点的权限主要有:
create 对子节点的create操作
read 对本节点GetChildren和GetData操作
write 对本节点SetData操作
delete 对子节点Delete操作
admin 对本节点setAcl操作
2.用shell操作ACL
1)首先连接到zookeeper
--1.查看ACL
--2.给节点加上ip的ACL
再次访问时,这样访问才行
--3.给节点加上digest的ACL
使用以下生成密码
test:test->test:V28q/NynI4JI3Rk54h0r8O5kMug=
访问时就是这样
--4.scheme中还有一个super
需要更改zkServer.sh
加入参数-Dzookeeper.DigestAuthenticationProvider.superDigest=super:gG7s8t3oDEtIqF6DM9LlI/R+9Ss=
3.java的操作(ZooKeeper)
public class ZKAclDemo {
private static ZooKeeper zooKeeper;
public static void main(String[] args) throws Exception {
connetionZK("");
// getZnodeData(zooKeeper, "/test2");//注意:如果/test2目录下没有值,会报空指针
// getZnodeAcl(zooKeeper, "/testAcl", "testAcl".getBytes());
// setZnodeAcl(zooKeeper, "/testAcl2", "testAcl2".getBytes());
close();
}
/**
* 获取数据
* @param zooKeeper
* @param path
*/
public static void getZnodeData(ZooKeeper zooKeeper, String path) {
try {
zooKeeper.addAuthInfo("digest", "test:test".getBytes());
byte[] bs = zooKeeper.getData(path, false, new Stat());
System.out.println(new String(bs));
} catch (KeeperException e) {
e.printStackTrace();
} catch (InterruptedException e) {
e.printStackTrace();
}
}
/**
* 获取ACL
* @param zooKeeper
* @param path
* @param bytes
*/
public static void getZnodeAcl(ZooKeeper zooKeeper, String path, byte[] bytes) {
try {
zooKeeper.create(path, bytes, ZooDefs.Ids.OPEN_ACL_UNSAFE, CreateMode.PERSISTENT);
System.out.println("创建节点:"+path);
List<ACL> listAcl = zooKeeper.getACL(path, new Stat());
for (ACL acl : listAcl) {
System.out.println("权限scheme id:" + acl.getId());
System.out.println("权限位:" + acl.getPerms());
}
} catch (KeeperException e) {
e.printStackTrace();
} catch (InterruptedException e) {
e.printStackTrace();
}
}
/**
* 设置ACL
* @param zooKeeper
* @param path
* @param bytes
*/
public static void setZnodeAcl(ZooKeeper zooKeeper, String path, byte[] bytes) {
try {
List<ACL> listAcl = new ArrayList<ACL>();
Id id = new Id("digest", getDigestUserPwd("testacl:testacl"));
listAcl.add(new ACL(ZooDefs.Perms.ALL, id));
// listAcl.add(new ACL(ZooDefs.Perms.CREATE | ZooDefs.Perms.READ, id));//多个权限之间用 | 分隔
String string = zooKeeper.create(path, bytes, listAcl, CreateMode.PERSISTENT);
System.out.println("节点:"+string);
zooKeeper.addAuthInfo("digest", "testacl:testacl".getBytes());
// 获取该节点的acl权限信息
List<ACL> aclList = zooKeeper.getACL(path, new Stat());
for (ACL acl : aclList) {
System.out.println("--------------------------");
System.out.println("权限scheme id:" + acl.getId());
System.out.println("权限位:" + acl.getPerms());
}
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (KeeperException e) {
e.printStackTrace();
} catch (InterruptedException e) {
e.printStackTrace();
}
}
/**
* 使用ip同理
*/
/**
* 获取生成的ID
* @param id
* @return
* @throws NoSuchAlgorithmException
*/
public static String getDigestUserPwd(String id) throws NoSuchAlgorithmException {
return DigestAuthenticationProvider.generateDigest(id);
}
/**
* 连接zk
* @param zk
* @throws IOException
* @throws KeeperException
* @throws InterruptedException
*/
public static void connetionZK(String zk) throws IOException, KeeperException, InterruptedException {
//zookeeper的ip:端口
String path = "192.168.10.150:2181";
zooKeeper = new ZooKeeper(path, 20*1000,null);
}
/**
* 关闭zk
*/
public static void close() {
try {
if (zooKeeper != null) {
zooKeeper.close();
}
} catch (InterruptedException e) {
e.printStackTrace();
}
}
}
4.java的操作(curator)
public class ZKAclDemo2 {
public static void main(String[] args) throws Exception {
// curatorAcl_1();
// curatorAcl_2();
// curatorAcl_3();
// curatorAcl_4();
}
/**
* 使用curator连接zk创建节点
* @throws Exception
*/
public static void curatorAcl_1() throws Exception {
RetryPolicy retryPolicy = new ExponentialBackoffRetry(1000, Integer.MAX_VALUE);
CuratorFramework client = CuratorFrameworkFactory.newClient("192.168.10.150:2181", retryPolicy);
client.start();
//判断是否连接上
if (!client.blockUntilConnected(20, TimeUnit.SECONDS)) {
client.close();
}
@SuppressWarnings("deprecation")
boolean isZkCuratorStarted = client.isStarted();
System.out.println("状态连接中吗:"+isZkCuratorStarted);
/***ACL***/
List<ACL> listAcl = new ArrayList<ACL>();
Id id = new Id("digest", getDigestUserPwd("test:test"));
listAcl.add(new ACL(ZooDefs.Perms.ALL, id));
CreateBuilder createBuilder = client.create();
ProtectACLCreateModeStatPathAndBytesable<String> pathAndBytesable = createBuilder.creatingParentsIfNeeded();
pathAndBytesable.withMode(CreateMode.PERSISTENT).withACL(listAcl).forPath("/curatoracl", "curatoracl".getBytes());
if (client!=null) {
client.close();
}
System.out.println("over...");
}
/**
* 使用curator连接zk获取节点数据
* @throws Exception
*/
public static void curatorAcl_2() throws Exception {
RetryPolicy retryPolicy = new ExponentialBackoffRetry(1000, Integer.MAX_VALUE);
CuratorFramework client = CuratorFrameworkFactory.builder().authorization("digest", "test:test".getBytes())
.connectString("192.168.10.150:2181")
.sessionTimeoutMs(20000).retryPolicy(retryPolicy)
//.namespace("workspace")//这句的意思会在连接的path前加上/workspace
.build();
client.start();
//判断是否连接上
if (client.blockUntilConnected(20, TimeUnit.SECONDS)) {
@SuppressWarnings("deprecation")
boolean isZkCuratorStarted = client.isStarted();
System.out.println("状态连接中吗:"+isZkCuratorStarted);
byte[] bytes = client.getData().forPath("/curatoracl");
System.out.println(new String(bytes));
}
if (client!=null) {
client.close();
}
System.out.println("over...");
}
/**
* 使用curator连接zk修改ACL
* @throws Exception
*/
public static void curatorAcl_3() throws Exception {
RetryPolicy retryPolicy = new ExponentialBackoffRetry(1000, Integer.MAX_VALUE);
CuratorFramework client = CuratorFrameworkFactory.builder().authorization("digest", "test:test".getBytes())
.connectString("192.168.10.150:2181")
.sessionTimeoutMs(20000).retryPolicy(retryPolicy)
.build();
client.start();
//判断是否连接上
if (client.blockUntilConnected(20, TimeUnit.SECONDS)) {
@SuppressWarnings("deprecation")
boolean isZkCuratorStarted = client.isStarted();
System.out.println("状态连接中吗:"+isZkCuratorStarted);
List<ACL> aclList = new ArrayList<ACL>();
Id id = new Id("digest", getDigestUserPwd("test2:test2"));
aclList.add(new ACL(ZooDefs.Perms.ALL, id));
client.setACL().withACL(aclList).forPath("/curatoracl");
}
if (client!=null) {
client.close();
}
System.out.println("over...");
}
/**
* 使用curator连接zk查看ACL
* @throws Exception
*/
public static void curatorAcl_4() throws Exception {
RetryPolicy retryPolicy = new ExponentialBackoffRetry(1000, Integer.MAX_VALUE);
CuratorFramework client = CuratorFrameworkFactory.builder().authorization("digest", "test2:test2".getBytes())
.connectString("192.168.10.150:2181")
.sessionTimeoutMs(20000).retryPolicy(retryPolicy)
.build();
client.start();
//判断是否连接上
if (client.blockUntilConnected(20, TimeUnit.SECONDS)) {
@SuppressWarnings("deprecation")
boolean isZkCuratorStarted = client.isStarted();
System.out.println("状态连接中吗:"+isZkCuratorStarted);
List<ACL> listAcl = client.getACL().forPath("/curatoracl");
for (ACL acl : listAcl) {
System.out.println("权限scheme id:" + acl.getId());
System.out.println("权限位:" + acl.getPerms());
}
}
if (client!=null) {
client.close();
}
System.out.println("over...");
}
/**
* 获取生成的ID
* @param id
* @return
* @throws NoSuchAlgorithmException
*/
public static String getDigestUserPwd(String id) throws NoSuchAlgorithmException {
return DigestAuthenticationProvider.generateDigest(id);
}
}