zookeeper学习三

1.zookeeper的ACL(访问控制列表)

znode被创建时带有一个ACL列表(默认为word,表示anyone)

ACL包括:

scheme(验证方式):zookeeper提供了以下几种验证方式:

            digest:客户端用户名和密码。

            auth:不适用任何id。

            ip:IP地址验证。

            word:固定为anyone。

            super:在这种scheme情况下,对应的id拥有超级权限,可以做任何事情。

id(验证信息)

perms(权限):节点的权限主要有:

create  对子节点的create操作

read     对本节点GetChildren和GetData操作

write     对本节点SetData操作

delete  对子节点Delete操作

admin  对本节点setAcl操作

2.用shell操作ACL

1)首先连接到zookeeper

--1.查看ACL

--2.给节点加上ip的ACL

再次访问时,这样访问才行

--3.给节点加上digest的ACL

使用以下生成密码

test:test->test:V28q/NynI4JI3Rk54h0r8O5kMug=

访问时就是这样

--4.scheme中还有一个super

需要更改zkServer.sh

加入参数-Dzookeeper.DigestAuthenticationProvider.superDigest=super:gG7s8t3oDEtIqF6DM9LlI/R+9Ss=

3.java的操作(ZooKeeper)

 

public class ZKAclDemo {
  private static ZooKeeper zooKeeper;
  public static void main(String[] args) throws Exception {
    connetionZK("");
    // getZnodeData(zooKeeper, "/test2");//注意:如果/test2目录下没有值,会报空指针
    // getZnodeAcl(zooKeeper, "/testAcl", "testAcl".getBytes());
    // setZnodeAcl(zooKeeper, "/testAcl2", "testAcl2".getBytes());
    close();
  }

  /**
  * 获取数据
  * @param zooKeeper
  * @param path
  */
  public static void getZnodeData(ZooKeeper zooKeeper, String path) {
    try {
      zooKeeper.addAuthInfo("digest", "test:test".getBytes());
      byte[] bs = zooKeeper.getData(path, false, new Stat());
      System.out.println(new String(bs));
    } catch (KeeperException e) {
      e.printStackTrace();
    } catch (InterruptedException e) {
      e.printStackTrace();
    }
  }

  /**
  * 获取ACL
  * @param zooKeeper
  * @param path
  * @param bytes
  */
  public static void getZnodeAcl(ZooKeeper zooKeeper, String path, byte[] bytes) {
    try {
      zooKeeper.create(path, bytes, ZooDefs.Ids.OPEN_ACL_UNSAFE, CreateMode.PERSISTENT);
      System.out.println("创建节点:"+path);
      List<ACL> listAcl = zooKeeper.getACL(path, new Stat());
      for (ACL acl : listAcl) {
        System.out.println("权限scheme id:" + acl.getId());
        System.out.println("权限位:" + acl.getPerms());
      }
    } catch (KeeperException e) {
      e.printStackTrace();
    } catch (InterruptedException e) {
      e.printStackTrace();
    }
  }

  /**
  * 设置ACL
  * @param zooKeeper
  * @param path
  * @param bytes
  */
  public static void setZnodeAcl(ZooKeeper zooKeeper, String path, byte[] bytes) {
    try {
      List<ACL> listAcl = new ArrayList<ACL>();
      Id id = new Id("digest", getDigestUserPwd("testacl:testacl"));
      listAcl.add(new ACL(ZooDefs.Perms.ALL, id));
      // listAcl.add(new ACL(ZooDefs.Perms.CREATE | ZooDefs.Perms.READ, id));//多个权限之间用 | 分隔
      String string = zooKeeper.create(path, bytes, listAcl, CreateMode.PERSISTENT);
      System.out.println("节点:"+string);

      zooKeeper.addAuthInfo("digest", "testacl:testacl".getBytes());
      // 获取该节点的acl权限信息
      List<ACL> aclList = zooKeeper.getACL(path, new Stat());
      for (ACL acl : aclList) {
        System.out.println("--------------------------");
        System.out.println("权限scheme id:" + acl.getId());
        System.out.println("权限位:" + acl.getPerms());
      }
    } catch (NoSuchAlgorithmException e) {
      e.printStackTrace();
    } catch (KeeperException e) {
      e.printStackTrace();
    } catch (InterruptedException e) {
      e.printStackTrace();
    }
  }

  /**
  * 使用ip同理
  */

  /**
  * 获取生成的ID
  * @param id
  * @return
  * @throws NoSuchAlgorithmException
  */
  public static String getDigestUserPwd(String id) throws NoSuchAlgorithmException {
    return DigestAuthenticationProvider.generateDigest(id);
  }

  /**
  * 连接zk
  * @param zk
  * @throws IOException
  * @throws KeeperException
  * @throws InterruptedException
  */
  public static void connetionZK(String zk) throws IOException, KeeperException, InterruptedException {
    //zookeeper的ip:端口
    String path = "192.168.10.150:2181";
    zooKeeper = new ZooKeeper(path, 20*1000,null);
  }

  /**
  * 关闭zk
  */
  public static void close() {
    try {
      if (zooKeeper != null) {
        zooKeeper.close();
      }
    } catch (InterruptedException e) {
      e.printStackTrace();
    }
  }
}

4.java的操作(curator)

public class ZKAclDemo2 {
  public static void main(String[] args) throws Exception {
    // curatorAcl_1();
    // curatorAcl_2();
    // curatorAcl_3();
    // curatorAcl_4();
  }

  /**
  * 使用curator连接zk创建节点
  * @throws Exception
  */
  public static void curatorAcl_1() throws Exception {
    RetryPolicy retryPolicy = new ExponentialBackoffRetry(1000, Integer.MAX_VALUE);
    CuratorFramework client = CuratorFrameworkFactory.newClient("192.168.10.150:2181", retryPolicy);
    client.start();
    //判断是否连接上
    if (!client.blockUntilConnected(20, TimeUnit.SECONDS)) {
      client.close();
    }
    @SuppressWarnings("deprecation")
    boolean isZkCuratorStarted = client.isStarted();
    System.out.println("状态连接中吗:"+isZkCuratorStarted);
    /***ACL***/
    List<ACL> listAcl = new ArrayList<ACL>();
    Id id = new Id("digest", getDigestUserPwd("test:test"));
    listAcl.add(new ACL(ZooDefs.Perms.ALL, id));
    CreateBuilder createBuilder = client.create();
    ProtectACLCreateModeStatPathAndBytesable<String> pathAndBytesable =     createBuilder.creatingParentsIfNeeded();
    pathAndBytesable.withMode(CreateMode.PERSISTENT).withACL(listAcl).forPath("/curatoracl", "curatoracl".getBytes());
    if (client!=null) {
      client.close();
    }
    System.out.println("over...");
  }

  /**
  * 使用curator连接zk获取节点数据
  * @throws Exception
  */
  public static void curatorAcl_2() throws Exception {
    RetryPolicy retryPolicy = new ExponentialBackoffRetry(1000, Integer.MAX_VALUE);
    CuratorFramework client = CuratorFrameworkFactory.builder().authorization("digest", "test:test".getBytes())
      .connectString("192.168.10.150:2181")
      .sessionTimeoutMs(20000).retryPolicy(retryPolicy)
      //.namespace("workspace")//这句的意思会在连接的path前加上/workspace
      .build();
    client.start();
    //判断是否连接上
    if (client.blockUntilConnected(20, TimeUnit.SECONDS)) {
      @SuppressWarnings("deprecation")
      boolean isZkCuratorStarted = client.isStarted();
      System.out.println("状态连接中吗:"+isZkCuratorStarted);
      byte[] bytes = client.getData().forPath("/curatoracl");
      System.out.println(new String(bytes));
    }
    if (client!=null) {
      client.close();
    }
    System.out.println("over...");
  }

  /**
  * 使用curator连接zk修改ACL
  * @throws Exception
  */
  public static void curatorAcl_3() throws Exception {
    RetryPolicy retryPolicy = new ExponentialBackoffRetry(1000, Integer.MAX_VALUE);
    CuratorFramework client = CuratorFrameworkFactory.builder().authorization("digest", "test:test".getBytes())
      .connectString("192.168.10.150:2181")
      .sessionTimeoutMs(20000).retryPolicy(retryPolicy)
      .build();
    client.start();
    //判断是否连接上
    if (client.blockUntilConnected(20, TimeUnit.SECONDS)) {
      @SuppressWarnings("deprecation")
      boolean isZkCuratorStarted = client.isStarted();
      System.out.println("状态连接中吗:"+isZkCuratorStarted);
      List<ACL> aclList = new ArrayList<ACL>();
      Id id = new Id("digest", getDigestUserPwd("test2:test2"));
      aclList.add(new ACL(ZooDefs.Perms.ALL, id));
      client.setACL().withACL(aclList).forPath("/curatoracl");
    }
    if (client!=null) {
      client.close();
    }
    System.out.println("over...");
  }

  /**
  * 使用curator连接zk查看ACL
  * @throws Exception
  */
  public static void curatorAcl_4() throws Exception {
    RetryPolicy retryPolicy = new ExponentialBackoffRetry(1000, Integer.MAX_VALUE);
    CuratorFramework client = CuratorFrameworkFactory.builder().authorization("digest", "test2:test2".getBytes())
      .connectString("192.168.10.150:2181")
      .sessionTimeoutMs(20000).retryPolicy(retryPolicy)
      .build();
    client.start();
    //判断是否连接上
    if (client.blockUntilConnected(20, TimeUnit.SECONDS)) {
      @SuppressWarnings("deprecation")
      boolean isZkCuratorStarted = client.isStarted();
      System.out.println("状态连接中吗:"+isZkCuratorStarted);
      List<ACL> listAcl = client.getACL().forPath("/curatoracl");
      for (ACL acl : listAcl) {
        System.out.println("权限scheme id:" + acl.getId());
        System.out.println("权限位:" + acl.getPerms());
      }
    }
    if (client!=null) {
      client.close();
    }
    System.out.println("over...");
  }

  /**
  * 获取生成的ID
  * @param id
  * @return
  * @throws NoSuchAlgorithmException
  */
  public static String getDigestUserPwd(String id) throws NoSuchAlgorithmException {
    return DigestAuthenticationProvider.generateDigest(id);
  }
}

 

posted on 2019-06-06 17:49  酷丶  阅读(212)  评论(0编辑  收藏  举报