0 课程地址
https://coding.imooc.com/lesson/201.html#mid=12729
1 重点关注
1.1 本节内容
通过schema为ip的方式设置权限,只有指定ip才能操作
1.2 关键代码
// ip方式的acl List<ACL> aclsIP = new ArrayList<ACL>(); Id ipId1 = new Id("ip", "172.26.128.1"); aclsIP.add(new ACL(Perms.ALL, ipId1)); zkServer.createZKNode("/aclimooc/iptest9", "iptest".getBytes(), aclsIP); // 验证ip是否有权限 zkServer.getZookeeper().setData("/aclimooc/iptest9", "now".getBytes(), 0); Stat stat = new Stat(); byte[] data = zkServer.getZookeeper().getData("/aclimooc/iptest9", false, stat); System.out.println(new String(data)); System.out.println(stat.getVersion());
2 课程内容
3 Coding
3.1 用一个非本机的ip创建节点,然后访问,会发现没有权限
- 启动服务端
进入到
cd /usr/local/zookeeper/bin
重启zookeeper服务端
./zkServer.sh restart
- 主类
package com.imooc.zk.demo; import java.io.IOException; import java.util.ArrayList; import java.util.List; import java.util.concurrent.CountDownLatch; import org.apache.zookeeper.CreateMode; import org.apache.zookeeper.KeeperException; import org.apache.zookeeper.WatchedEvent; import org.apache.zookeeper.Watcher; import org.apache.zookeeper.ZooDefs.Ids; import org.apache.zookeeper.ZooDefs.Perms; import org.apache.zookeeper.ZooKeeper; import org.apache.zookeeper.data.ACL; import org.apache.zookeeper.data.Id; import org.apache.zookeeper.data.Stat; import com.imooc.utils.AclUtils; /** * * @Description: zookeeper 操作节点acl演示 */ public class ZKNodeAcl implements Watcher { private ZooKeeper zookeeper = null; public static final String zkServerPath = "172.26.139.4:2181"; public static final Integer timeout = 5000; public ZKNodeAcl() {} public ZKNodeAcl(String connectString) { try { zookeeper = new ZooKeeper(connectString, timeout, new ZKNodeAcl()); } catch (IOException e) { e.printStackTrace(); if (zookeeper != null) { try { zookeeper.close(); } catch (InterruptedException e1) { e1.printStackTrace(); } } } } public void createZKNode(String path, byte[] data, List<ACL> acls) { String result = ""; try { /** * 同步或者异步创建节点,都不支持子节点的递归创建,异步有一个callback函数 * 参数: * path:创建的路径 * data:存储的数据的byte[] * acl:控制权限策略 * Ids.OPEN_ACL_UNSAFE --> world:anyone:cdrwa * CREATOR_ALL_ACL --> auth:user:password:cdrwa * createMode:节点类型, 是一个枚举 * PERSISTENT:持久节点 * PERSISTENT_SEQUENTIAL:持久顺序节点 * EPHEMERAL:临时节点 * EPHEMERAL_SEQUENTIAL:临时顺序节点 */ result = zookeeper.create(path, data, acls, CreateMode.PERSISTENT); System.out.println("创建节点:\t" + result + "\t成功..."); } catch (KeeperException e) { e.printStackTrace(); } catch (InterruptedException e) { e.printStackTrace(); } } public static void main(String[] args) throws Exception { ZKNodeAcl zkServer = new ZKNodeAcl(zkServerPath); /** * ====================== 创建node start ====================== */ // acl 任何人都可以访问 //zkServer.createZKNode("/aclimooc", "test".getBytes(), Ids.OPEN_ACL_UNSAFE); // 自定义用户认证访问 List<ACL> acls = new ArrayList<ACL>(); Id imooc1 = new Id("digest", AclUtils.getDigestUserPwd("imooc1:123456")); Id imooc2 = new Id("digest", AclUtils.getDigestUserPwd("imooc2:123456")); acls.add(new ACL(Perms.ALL, imooc1)); acls.add(new ACL(Perms.READ, imooc2)); acls.add(new ACL(Perms.DELETE | Perms.CREATE, imooc2)); zkServer.createZKNode("/aclimooc/testdigest", "testdigest".getBytes(), acls); // 注册过的用户必须通过addAuthInfo才能操作节点,参考命令行 addauth // zkServer.getZookeeper().addAuthInfo("digest", "imooc1:123456".getBytes()); // zkServer.createZKNode("/aclimooc/testdigest/childtest", "childtest".getBytes(), Ids.CREATOR_ALL_ACL); // Stat stat = new Stat(); // byte[] data = zkServer.getZookeeper().getData("/aclimooc/testdigest", false, stat); // System.out.println(new String(data)); // zkServer.getZookeeper().setData("/aclimooc/testdigest", "now".getBytes(), 1); // ip方式的acl List<ACL> aclsIP = new ArrayList<ACL>(); Id ipId1 = new Id("ip", "192.168.43.206"); aclsIP.add(new ACL(Perms.ALL, ipId1)); zkServer.createZKNode("/aclimooc/iptest6", "iptest".getBytes(), aclsIP); // 验证ip是否有权限 zkServer.getZookeeper().setData("/aclimooc/iptest6", "now".getBytes(), 0); Stat stat = new Stat(); byte[] data = zkServer.getZookeeper().getData("/aclimooc/iptest6", false, stat); System.out.println(new String(data)); System.out.println(stat.getVersion()); } public ZooKeeper getZookeeper() { return zookeeper; } public void setZookeeper(ZooKeeper zookeeper) { this.zookeeper = zookeeper; } @Override public void process(WatchedEvent event) { } }
- 加密工具类:
package com.imooc.utils;
import java.io.IOException;
import org.apache.zookeeper.KeeperException;
import org.apache.zookeeper.server.auth.DigestAuthenticationProvider;
public class AclUtils {
public static String getDigestUserPwd(String id) throws Exception {
return DigestAuthenticationProvider.generateDigest(id);
}
public static void main(String[] args) throws IOException, InterruptedException, KeeperException, Exception {
String id = "imooc:imooc";
String idDigested = getDigestUserPwd(id);
System.out.println(idDigested);
}
}
- 打印日志1(报错原因为创建节点没有用设置创建权限的用户操作)
创建节点: /aclimooc/iptest6 成功...
Exception in thread "main" org.apache.zookeeper.KeeperException$NoAuthException: KeeperErrorCode = NoAuth for /aclimooc/iptest6
at org.apache.zookeeper.KeeperException.create(KeeperException.java:116)
at org.apache.zookeeper.KeeperException.create(KeeperException.java:54)
at org.apache.zookeeper.ZooKeeper.setData(ZooKeeper.java:1330)
at com.imooc.zk.demo.ZKNodeAcl.main(ZKNodeAcl.java:110)
3.2 用本机的ip创建节点,然后访问,会发现有权限
- 主类:
package com.imooc.zk.demo; import java.io.IOException; import java.util.ArrayList; import java.util.List; import java.util.concurrent.CountDownLatch; import org.apache.zookeeper.CreateMode; import org.apache.zookeeper.KeeperException; import org.apache.zookeeper.WatchedEvent; import org.apache.zookeeper.Watcher; import org.apache.zookeeper.ZooDefs.Ids; import org.apache.zookeeper.ZooDefs.Perms; import org.apache.zookeeper.ZooKeeper; import org.apache.zookeeper.data.ACL; import org.apache.zookeeper.data.Id; import org.apache.zookeeper.data.Stat; import com.imooc.utils.AclUtils; /** * * @Description: zookeeper 操作节点acl演示 */ public class ZKNodeAcl implements Watcher { private ZooKeeper zookeeper = null; public static final String zkServerPath = "172.26.139.4:2181"; public static final Integer timeout = 5000; public ZKNodeAcl() {} public ZKNodeAcl(String connectString) { try { zookeeper = new ZooKeeper(connectString, timeout, new ZKNodeAcl()); } catch (IOException e) { e.printStackTrace(); if (zookeeper != null) { try { zookeeper.close(); } catch (InterruptedException e1) { e1.printStackTrace(); } } } } public void createZKNode(String path, byte[] data, List<ACL> acls) { String result = ""; try { /** * 同步或者异步创建节点,都不支持子节点的递归创建,异步有一个callback函数 * 参数: * path:创建的路径 * data:存储的数据的byte[] * acl:控制权限策略 * Ids.OPEN_ACL_UNSAFE --> world:anyone:cdrwa * CREATOR_ALL_ACL --> auth:user:password:cdrwa * createMode:节点类型, 是一个枚举 * PERSISTENT:持久节点 * PERSISTENT_SEQUENTIAL:持久顺序节点 * EPHEMERAL:临时节点 * EPHEMERAL_SEQUENTIAL:临时顺序节点 */ result = zookeeper.create(path, data, acls, CreateMode.PERSISTENT); System.out.println("创建节点:\t" + result + "\t成功..."); } catch (KeeperException e) { e.printStackTrace(); } catch (InterruptedException e) { e.printStackTrace(); } } public static void main(String[] args) throws Exception { ZKNodeAcl zkServer = new ZKNodeAcl(zkServerPath); /** * ====================== 创建node start ====================== */ // acl 任何人都可以访问 //zkServer.createZKNode("/aclimooc", "test".getBytes(), Ids.OPEN_ACL_UNSAFE); // 自定义用户认证访问 /* * List<ACL> acls = new ArrayList<ACL>(); Id imooc1 = new Id("digest", * AclUtils.getDigestUserPwd("imooc1:123456")); Id imooc2 = new Id("digest", * AclUtils.getDigestUserPwd("imooc2:123456")); acls.add(new ACL(Perms.ALL, * imooc1)); acls.add(new ACL(Perms.READ, imooc2)); acls.add(new * ACL(Perms.DELETE | Perms.CREATE, imooc2)); * zkServer.createZKNode("/aclimooc/testdigest", "testdigest".getBytes(), acls); */ // 注册过的用户必须通过addAuthInfo才能操作节点,参考命令行 addauth // zkServer.getZookeeper().addAuthInfo("digest", "imooc1:123456".getBytes()); // zkServer.createZKNode("/aclimooc/testdigest/childtest", "childtest".getBytes(), Ids.CREATOR_ALL_ACL); // Stat stat = new Stat(); // byte[] data = zkServer.getZookeeper().getData("/aclimooc/testdigest", false, stat); // System.out.println(new String(data)); // zkServer.getZookeeper().setData("/aclimooc/testdigest", "now".getBytes(), 1); // ip方式的acl List<ACL> aclsIP = new ArrayList<ACL>(); Id ipId1 = new Id("ip", "172.26.128.1"); aclsIP.add(new ACL(Perms.ALL, ipId1)); zkServer.createZKNode("/aclimooc/iptest9", "iptest".getBytes(), aclsIP); // 验证ip是否有权限 zkServer.getZookeeper().setData("/aclimooc/iptest9", "now".getBytes(), 0); Stat stat = new Stat(); byte[] data = zkServer.getZookeeper().getData("/aclimooc/iptest9", false, stat); System.out.println(new String(data)); System.out.println(stat.getVersion()); } public ZooKeeper getZookeeper() { return zookeeper; } public void setZookeeper(ZooKeeper zookeeper) { this.zookeeper = zookeeper; } @Override public void process(WatchedEvent event) { } }
- 打印日志
创建节点: /aclimooc/iptest9 成功...
now
1
诸葛
