0 课程地址
https://coding.imooc.com/lesson/201.html#mid=12807
1 重点关注
1.1 本节内容
curator新增节点时附带权限(递归给所有子节点权限)
curator修改节点的权限
1.2 关键代码
- curator新增节点时附带权限
String nodePath = "/acl/father/child/sub"; List<ACL> acls = new ArrayList<ACL>(); Id imooc1 = new Id("digest", AclUtils.getDigestUserPwd("imooc1:123456")); Id imooc2 = new Id("digest", AclUtils.getDigestUserPwd("imooc2:123456")); acls.add(new ACL(Perms.ALL, imooc1)); acls.add(new ACL(Perms.READ, imooc2)); acls.add(new ACL(Perms.DELETE | Perms.CREATE, imooc2)); //递归创建子节点creatingParentsIfNeeded() //递归给子节点权限 withACL(acls, true) // 创建节点 byte[] data = "spiderman".getBytes(); cto.client.create().creatingParentsIfNeeded() .withMode(CreateMode.PERSISTENT) .withACL(acls, true) .forPath(nodePath, data);
- curator修改节点的权限
cto.client.setACL().withACL(acls).forPath("/acl/father/child/sub");
2 课程内容
3 Coding
3.1 curator新增节点时附带权限(递归给所有子节点权限)
- 启动服务端
进入到
cd /usr/local/zookeeper/bin
重启zookeeper服务端
./zkServer.sh restart
- 主类
package com.imooc.curator; import java.util.ArrayList; import java.util.List; import org.apache.curator.RetryPolicy; import org.apache.curator.framework.CuratorFramework; import org.apache.curator.framework.CuratorFrameworkFactory; import org.apache.curator.retry.RetryNTimes; import org.apache.zookeeper.CreateMode; import org.apache.zookeeper.ZooDefs.Ids; import org.apache.zookeeper.ZooDefs.Perms; import org.apache.zookeeper.data.ACL; import org.apache.zookeeper.data.Id; import com.imooc.utils.AclUtils; public class CuratorAcl { public CuratorFramework client = null; public static final String zkServerPath = "172.26.139.4:2181"; public CuratorAcl() { RetryPolicy retryPolicy = new RetryNTimes(3, 5000); client = CuratorFrameworkFactory.builder().authorization("digest", "imooc1:123456".getBytes()) .connectString(zkServerPath) .sessionTimeoutMs(10000).retryPolicy(retryPolicy) .namespace("workspace").build(); client.start(); } public void closeZKClient() { if (client != null) { this.client.close(); } } public static void main(String[] args) throws Exception { // 实例化 CuratorAcl cto = new CuratorAcl(); boolean isZkCuratorStarted = cto.client.isStarted(); System.out.println("当前客户的状态:" + (isZkCuratorStarted ? "连接中" : "已关闭")); String nodePath = "/acl/father/child/sub"; List<ACL> acls = new ArrayList<ACL>(); Id imooc1 = new Id("digest", AclUtils.getDigestUserPwd("imooc1:123456")); Id imooc2 = new Id("digest", AclUtils.getDigestUserPwd("imooc2:123456")); acls.add(new ACL(Perms.ALL, imooc1)); acls.add(new ACL(Perms.READ, imooc2)); acls.add(new ACL(Perms.DELETE | Perms.CREATE, imooc2)); // 创建节点 byte[] data = "spiderman".getBytes(); cto.client.create().creatingParentsIfNeeded() .withMode(CreateMode.PERSISTENT) .withACL(acls, true) .forPath(nodePath, data); //cto.client.setACL().withACL(acls).forPath("/curatorNode"); // 更新节点数据 // byte[] newData = "batman".getBytes(); // cto.client.setData().withVersion(0).forPath(nodePath, newData); // 删除节点 // cto.client.delete().guaranteed().deletingChildrenIfNeeded().withVersion(0).forPath(nodePath); // 读取节点数据 // Stat stat = new Stat(); // byte[] data = cto.client.getData().storingStatIn(stat).forPath(nodePath); // System.out.println("节点" + nodePath + "的数据为: " + new String(data)); // System.out.println("该节点的版本号为: " + stat.getVersion()); cto.closeZKClient(); boolean isZkCuratorStarted2 = cto.client.isStarted(); System.out.println("当前客户的状态:" + (isZkCuratorStarted2 ? "连接中" : "已关闭")); } }
- linux客户端验证子节点权限
--启动linux客户端 zkCli.sh [zk: localhost:2181(CONNECTED) 5] getAcl /workspace 'world,'anyone : cdrwa --开始验证 [zk: localhost:2181(CONNECTED) 4] getAcl /workspace/acl 'digest,'imooc1:ee8R/pr2P4sGnQYNGyw2M5S5IMU= : cdrwa 'digest,'imooc2:eBdFG0gQw0YArfEFDCRP3LzIp6k= : r 'digest,'imooc2:eBdFG0gQw0YArfEFDCRP3LzIp6k= : cd [zk: localhost:2181(CONNECTED) 6] getAcl /workspace/acl/father 'digest,'imooc1:ee8R/pr2P4sGnQYNGyw2M5S5IMU= : cdrwa 'digest,'imooc2:eBdFG0gQw0YArfEFDCRP3LzIp6k= : r 'digest,'imooc2:eBdFG0gQw0YArfEFDCRP3LzIp6k= : cd [zk: localhost:2181(CONNECTED) 7] getAcl /workspace/acl/father/child 'digest,'imooc1:ee8R/pr2P4sGnQYNGyw2M5S5IMU= : cdrwa 'digest,'imooc2:eBdFG0gQw0YArfEFDCRP3LzIp6k= : r 'digest,'imooc2:eBdFG0gQw0YArfEFDCRP3LzIp6k= : cd [zk: localhost:2181(CONNECTED) 8] getAcl /workspace/acl/father/child/sub 'digest,'imooc1:ee8R/pr2P4sGnQYNGyw2M5S5IMU= : cdrwa 'digest,'imooc2:eBdFG0gQw0YArfEFDCRP3LzIp6k= : r 'digest,'imooc2:eBdFG0gQw0YArfEFDCRP3LzIp6k= : cd [zk: localhost:2181(CONNECTED) 9]
3.2 curator修改节点权限
- 启动服务端
进入到
cd /usr/local/zookeeper/bin
重启zookeeper服务端
./zkServer.sh restart
- 主类
package com.imooc.curator; import java.util.ArrayList; import java.util.List; import org.apache.curator.RetryPolicy; import org.apache.curator.framework.CuratorFramework; import org.apache.curator.framework.CuratorFrameworkFactory; import org.apache.curator.retry.RetryNTimes; import org.apache.zookeeper.CreateMode; import org.apache.zookeeper.ZooDefs.Ids; import org.apache.zookeeper.ZooDefs.Perms; import org.apache.zookeeper.data.ACL; import org.apache.zookeeper.data.Id; import com.imooc.utils.AclUtils; public class CuratorAcl { public CuratorFramework client = null; public static final String zkServerPath = "172.26.139.4:2181"; public CuratorAcl() { RetryPolicy retryPolicy = new RetryNTimes(3, 5000); client = CuratorFrameworkFactory.builder().authorization("digest", "imooc1:123456".getBytes()) .connectString(zkServerPath) .sessionTimeoutMs(10000).retryPolicy(retryPolicy) .namespace("workspace").build(); client.start(); } public void closeZKClient() { if (client != null) { this.client.close(); } } public static void main(String[] args) throws Exception { // 实例化 CuratorAcl cto = new CuratorAcl(); boolean isZkCuratorStarted = cto.client.isStarted(); System.out.println("当前客户的状态:" + (isZkCuratorStarted ? "连接中" : "已关闭")); String nodePath = "/acl/father/child/sub"; List<ACL> acls = new ArrayList<ACL>(); Id imooc1 = new Id("digest", AclUtils.getDigestUserPwd("imooc1:123456")); Id imooc2 = new Id("digest", AclUtils.getDigestUserPwd("imooc2:123456")); acls.add(new ACL(Perms.ALL, imooc1)); //acls.add(new ACL(Perms.READ, imooc2)); //acls.add(new ACL(Perms.DELETE | Perms.CREATE, imooc2)); // 创建节点 // byte[] data = "spiderman".getBytes(); // cto.client.create().creatingParentsIfNeeded() // .withMode(CreateMode.PERSISTENT) // .withACL(acls, true) // .forPath(nodePath, data); cto.client.setACL().withACL(acls).forPath("/acl/father/child/sub"); // 更新节点数据 // byte[] newData = "batman".getBytes(); // cto.client.setData().withVersion(0).forPath(nodePath, newData); // 删除节点 // cto.client.delete().guaranteed().deletingChildrenIfNeeded().withVersion(0).forPath(nodePath); // 读取节点数据 // Stat stat = new Stat(); // byte[] data = cto.client.getData().storingStatIn(stat).forPath(nodePath); // System.out.println("节点" + nodePath + "的数据为: " + new String(data)); // System.out.println("该节点的版本号为: " + stat.getVersion()); cto.closeZKClient(); boolean isZkCuratorStarted2 = cto.client.isStarted(); System.out.println("当前客户的状态:" + (isZkCuratorStarted2 ? "连接中" : "已关闭")); } }
- linux客户端验证子节点权限
--启动linux客户端 zkCli.sh --开始验证 [zk: localhost:2181(CONNECTED) 9] getAcl /workspace/acl/father/child/sub 'digest,'imooc1:ee8R/pr2P4sGnQYNGyw2M5S5IMU= : cdrwa [zk: localhost:2181(CONNECTED) 10]
诸葛
