zookeeper java 客戶端ACL許可權 使用
阿新 • • 發佈:2019-01-05
zookeeper 提供許可權認證作為zookeeper客戶端訪問的限制,主要有兩種方式,1、IP模式 2、 digest許可權模式
可以通過建立節點時定義許可權內容。以下是java的實現
package com.aicong.test.helloZookeeper; import java.io.IOException; import java.security.NoSuchAlgorithmException; import java.util.ArrayList; import org.apache.zookeeper.CreateMode; import org.apache.zookeeper.KeeperException; import org.apache.zookeeper.WatchedEvent; import org.apache.zookeeper.Watcher; import org.apache.zookeeper.Watcher.Event.EventType; import org.apache.zookeeper.Watcher.Event.KeeperState; import org.apache.zookeeper.ZooDefs.Perms; import org.apache.zookeeper.ZooKeeper; import org.apache.zookeeper.data.ACL; import org.apache.zookeeper.data.Id; import org.apache.zookeeper.server.auth.DigestAuthenticationProvider; public class CreateNodeSyncAuth implements Watcher { private static ZooKeeper zookeeper; private static boolean somethingDone = false; public static void main(String[] args) throws IOException, InterruptedException { zookeeper = new ZooKeeper("112.74.219.174:2181",5000,new CreateNodeSyncAuth()); System.out.println(zookeeper.getState()); Thread.sleep(Integer.MAX_VALUE); } /* * 許可權模式(scheme): ip, digest * 授權物件(ID) * ip許可權模式: 具體的ip地址 * digest許可權模式: username:Base64(SHA-1(username:password)) * 許可權(permission): create(C), DELETE(D),READ(R), WRITE(W), ADMIN(A) * 注:單個許可權,完全許可權,複合許可權 * * 許可權組合: scheme + ID + permission * * * * */ private void doSomething(){ try { //建立節點的時候要求許可權驗證 //基於IP ACL aclIp = new ACL(Perms.READ,new Id("ip","112.74.219.174")); //基於使用者名稱密碼 ACL aclDigest = new ACL(Perms.READ|Perms.WRITE,new Id("digest",DigestAuthenticationProvider.generateDigest("jike:123456"))); ArrayList<ACL> acls = new ArrayList<ACL>(); acls.add(aclDigest); acls.add(aclIp); //zookeeper.addAuthInfo("digest", "jike:123456".getBytes()); String path = zookeeper.create("/node_10", "123".getBytes(), acls, CreateMode.PERSISTENT); System.out.println("return path:"+path); somethingDone = true; } catch (KeeperException e) { e.printStackTrace(); } catch (InterruptedException e) { e.printStackTrace(); } catch (NoSuchAlgorithmException e) { // TODO Auto-generated catch block e.printStackTrace(); } } @Override public void process(WatchedEvent event) { // TODO Auto-generated method stub System.out.println("收到事件:"+event); if (event.getState()==KeeperState.SyncConnected){ if (!somethingDone && event.getType()==EventType.None && null==event.getPath()){ doSomething(); } } } }
呼叫方可以使用程式碼:
package com.aicong.test.helloZookeeper; import java.io.IOException; import org.apache.zookeeper.KeeperException; import org.apache.zookeeper.WatchedEvent; import org.apache.zookeeper.Watcher; import org.apache.zookeeper.Watcher.Event.EventType; import org.apache.zookeeper.Watcher.Event.KeeperState; import org.apache.zookeeper.ZooKeeper; import org.apache.zookeeper.data.Stat; public class GetDataSyncAuth implements Watcher{ private static ZooKeeper zooKeeper; private static Stat stat = new Stat(); public static void main(String[] args) throws IOException, InterruptedException, KeeperException { zooKeeper = new ZooKeeper("112.74.219.174:2181",5000,new GetDataSyncAuth()); System.out.println(zooKeeper.getState().toString()); Thread.sleep(Integer.MAX_VALUE); } private void doSomething(ZooKeeper zookeeper){ //許可權驗證 zooKeeper.addAuthInfo("digest", "jike:1234".getBytes()); try { System.out.println(new String(zooKeeper.getData("/node_4", true, stat))); } catch (KeeperException e) { e.printStackTrace(); } catch (InterruptedException e) { e.printStackTrace(); } } @Override public void process(WatchedEvent event) { // TODO Auto-generated method stub if (event.getState()==KeeperState.SyncConnected){ if (event.getType()==EventType.None && null==event.getPath()){ doSomething(zooKeeper); }else{ if (event.getType()==EventType.NodeDataChanged){ try { System.out.println(new String(zooKeeper.getData(event.getPath(), true, stat))); System.out.println("stat:"+stat); } catch (KeeperException e) { e.printStackTrace(); } catch (InterruptedException e) { e.printStackTrace(); } } } } } }