欢迎您访问程序员文章站本站旨在为大家提供分享程序员计算机编程知识!
您现在的位置是: 首页

Zookeeper设置访问权限 博客分类: 软件使用 zookeepersetAcl 

程序员文章站 2024-03-05 22:38:43
...
zookeeper的身份认证有4种方式

(1)world: 它下面只有一个id, 叫anyone, world:anyone代表任何人,zookeeper中对所有人有权限的结点就是属于world:anyone的
(2)auth: 它不需要id, 只要是通过authentication的user都有权限(zookeeper支持通过kerberos来进行authencation, 也支持username/password形式的authentication)
(3)digest: 它对应的id为username:BASE64(SHA1(password)),它需要先通过username:password形式的authentication
(4)ip: 它对应的id为客户机的IP地址,设置的时候可以设置一个ip段,比如ip:192.168.1.0/16, 表示匹配前16个bit的IP段
super: 在这种scheme情况下,对应的id拥有超级权限,可以做任何事情(cdrwa)

通过zkCli设置权限,查看权限,认证权限

设置权限

->./zkCli.sh -server ip:port
(1)创建节点并设置权限
->create path data digest:username:BASE64(SHA1(password)):rwdca
(2)先创建节点,后设置权限
->create path data
->setAcl path digest:username:base64(sha1(password)):rwdca

查看权限

-> getAcl path

认证权限

->addauth scheme auth
demo: ->addauth digest admin:admin(明文)

通过Curator设置权限,认证权限
  <dependency>
			<groupId>org.apache.curator</groupId>
			<artifactId>curator-framework</artifactId>
			<version>2.10.0</version>
		</dependency>
		<dependency>
			<groupId>org.apache.curator</groupId>
			<artifactId>curator-recipes</artifactId>
			<version>2.10.0</version>
		</dependency>


import java.nio.charset.Charset;
import java.util.Collections;

import org.apache.curator.framework.CuratorFramework;
import org.apache.curator.framework.CuratorFrameworkFactory;
import org.apache.curator.retry.ExponentialBackoffRetry;
import org.apache.zookeeper.ZooDefs.Perms;
import org.apache.zookeeper.data.ACL;
import org.apache.zookeeper.data.Id;
import org.apache.zookeeper.server.auth.DigestAuthenticationProvider;
import org.junit.AfterClass;
import org.junit.BeforeClass;
import org.junit.FixMethodOrder;
import org.junit.Test;
import org.junit.runners.MethodSorters;

/**
 * 
 * junit version 4.12
 * zk version: 3.4.6
 *
 */
@FixMethodOrder(MethodSorters.NAME_ASCENDING)
public class ZkTest {

	private static String scheme = "digest";
	private static String ulr = "localhost:2181";

	private static final String COLON = ":";
	private static String username = "admin";
	private static String password = "admin";

	private static CuratorFramework client;

	@BeforeClass
	public static void setup() throws Exception {
		client = CuratorFrameworkFactory.builder() //
				.authorization(scheme, signature().getBytes()) //
				.connectString(ulr).sessionTimeoutMs(5000).connectionTimeoutMs(5000) //
				.retryPolicy(new ExponentialBackoffRetry(1000, 3)) //
				.build();
		client.start();
	}

	@Test
	public void createNode() throws Exception {
		if (client.checkExists().forPath("/test/nnnn") == null) {
			client.create().creatingParentsIfNeeded().forPath("/test/nnnn");
			System.out.println("已创建/test/nnnn");
			client.setACL().withACL(Collections.singletonList(
					new ACL(Perms.ALL, new Id(scheme, DigestAuthenticationProvider.generateDigest(signature())))))
					.forPath("/test");
			System.out.println("已授权");
		} else {
			System.out.println("该节点已经存在");
		}
	}

	@Test
	public void getNodeInfo() throws Exception {
		if (client.checkExists().forPath("/test/nnnn") != null) {
			byte[] forPath = client.getData().forPath("/test/nnnn");
			System.out.println("节点data=" + new String(forPath, Charset.forName("UTF-8")));
		} else {
			System.out.println("获取节点信息失败,原因:该节点不存在");
		}
	}

	@AfterClass
	public static void destroy() {
		client.close();
	}

	private static String signature() {
		return username + COLON + password;
	}

}
相关标签: zookeeper setAcl