異常信息
2018-05-21 18:38:05.851 ERROR 18796 --- [nio-8082-exec-4] i.r.common.exception.RRExceptionHandler : org.apache.zookeeper.KeeperException$NoAuthException: KeeperErrorCode = NoAuth for /nb-conf/ent5/datasource
org.I0Itec.zkclient.exception.ZkException: org.apache.zookeeper.KeeperException$NoAuthException: KeeperErrorCode = NoAuth for /nb-conf/ent5/datasource
at org.I0Itec.zkclient.exception.ZkException.create(ZkException.java:68)
at org.I0Itec.zkclient.ZkClient.retryUntilConnected(ZkClient.java:1001)
at org.I0Itec.zkclient.ZkClient.writeDataReturnStat(ZkClient.java:1148)
at org.I0Itec.zkclient.ZkClient.writeData(ZkClient.java:1143)
at org.I0Itec.zkclient.ZkClient.writeData(ZkClient.java:1111)
at io.newbanker.xxlconf.XxlConfManager.set(XxlConfManager.java:81)
at io.newbanker.xxlconf.SyncConfiguartionToZkAspect.around(SyncConfiguartionToZkAspect.java:77)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethodWithGivenArgs(AbstractAspectJAdvice.java:629)
at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethod(AbstractAspectJAdvice.java:618)
at org.springframework.aop.aspectj.AspectJAroundAdvice.invoke(AspectJAroundAdvice.java:70)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:168)
at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:92)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)
at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:673)
at io.newbanker.modules.sys.service.impl.WbsJdbcServiceImpl$$EnhancerBySpringCGLIB$$4240382a.syncConfiguartionToZk(<generated>)
at io.newbanker.modules.sys.service.impl.WbsJdbcServiceImpl$$FastClassBySpringCGLIB$$391fa112.invoke(<generated>)
at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204)
at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:669)
at io.newbanker.modules.sys.service.impl.WbsJdbcServiceImpl$$EnhancerBySpringCGLIB$$51cbc5d1.syncConfiguartionToZk(<generated>)
at io.newbanker.modules.sys.controller.WbsJdbcController.update(WbsJdbcController.java:120)
at io.newbanker.modules.sys.controller.WbsJdbcController$$FastClassBySpringCGLIB$$80fb59c2.invoke(<generated>)
at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204)
at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:738)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:157)
at org.springframework.transaction.interceptor.TransactionInterceptor$1.proceedWithInvocation(TransactionInterceptor.java:99)
at org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:282)
at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:96)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)
at org.apache.shiro.spring.security.interceptor.AopAllianceAnnotationsAuthorizingMethodInterceptor$1.proceed(AopAllianceAnnotationsAuthorizingMethodInterceptor.java:82)
at org.apache.shiro.authz.aop.AuthorizingMethodInterceptor.invoke(AuthorizingMethodInterceptor.java:39)
at org.apache.shiro.spring.security.interceptor.AopAllianceAnnotationsAuthorizingMethodInterceptor.invoke(AopAllianceAnnotationsAuthorizingMethodInterceptor.java:115)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)
at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:673)
at io.newbanker.modules.sys.controller.WbsJdbcController$$EnhancerBySpringCGLIB$$ff1d5a94.update(<generated>)
at io.newbanker.modules.sys.controller.WbsJdbcController$$FastClassBySpringCGLIB$$80fb59c2.invoke(<generated>)
at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204)
at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:738)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:157)
at org.springframework.transaction.interceptor.TransactionInterceptor$1.proceedWithInvocation(TransactionInterceptor.java:99)
at org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:282)
at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:96)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)
at org.apache.shiro.spring.security.interceptor.AopAllianceAnnotationsAuthorizingMethodInterceptor$1.proceed(AopAllianceAnnotationsAuthorizingMethodInterceptor.java:82)
at org.apache.shiro.authz.aop.AuthorizingMethodInterceptor.invoke(AuthorizingMethodInterceptor.java:39)
at org.apache.shiro.spring.security.interceptor.AopAllianceAnnotationsAuthorizingMethodInterceptor.invoke(AopAllianceAnnotationsAuthorizingMethodInterceptor.java:115)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)
at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:673)
at io.newbanker.modules.sys.controller.WbsJdbcController$$EnhancerBySpringCGLIB$$e8d9c69e.update(<generated>)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.springframework.web.method.support.InvocableHandlerMethod.doInvoke(InvocableHandlerMethod.java:205)
at org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:133)
at org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:97)
at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandlerMethod(RequestMappingHandlerAdapter.java:827)
at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:738)
at org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:85)
at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:967)
at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:901)
at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:970)
at org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:872)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:661)
at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:846)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:742)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:112)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at com.alibaba.druid.support.http.WebStatFilter.doFilter(WebStatFilter.java:123)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at io.renren.common.xss.XssFilter.doFilter(XssFilter.java:23)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:61)
at org.apache.shiro.web.servlet.AdviceFilter.executeChain(AdviceFilter.java:108)
at org.apache.shiro.web.servlet.AdviceFilter.doFilterInternal(AdviceFilter.java:137)
at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:66)
at org.apache.shiro.web.servlet.AbstractShiroFilter.executeChain(AbstractShiroFilter.java:449)
at org.apache.shiro.web.servlet.AbstractShiroFilter$1.call(AbstractShiroFilter.java:365)
at org.apache.shiro.subject.support.SubjectCallable.doCall(SubjectCallable.java:90)
at org.apache.shiro.subject.support.SubjectCallable.call(SubjectCallable.java:83)
at org.apache.shiro.subject.support.DelegatingSubject.execute(DelegatingSubject.java:383)
at org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:362)
at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:347)
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:263)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:99)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.springframework.web.filter.HttpPutFormContentFilter.doFilterInternal(HttpPutFormContentFilter.java:108)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:81)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:197)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:478)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342)
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:803)
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:868)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1459)
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:745)
Caused by: org.apache.zookeeper.KeeperException$NoAuthException: KeeperErrorCode = NoAuth for /nb-conf/ent5/datasource
at org.apache.zookeeper.KeeperException.create(KeeperException.java:113)
at org.apache.zookeeper.KeeperException.create(KeeperException.java:51)
at org.apache.zookeeper.ZooKeeper.setData(ZooKeeper.java:1327)
at org.I0Itec.zkclient.ZkConnection.writeDataReturnStat(ZkConnection.java:139)
at org.I0Itec.zkclient.ZkClient$13.call(ZkClient.java:1152)
at org.I0Itec.zkclient.ZkClient.retryUntilConnected(ZkClient.java:991)
... 129 common frames omitted
場景說明
接着前一篇《zk Acl權限:只有一個賬號有所有權限,其他匿名用戶只有讀權限》,實現了這個之後,存在一個bug:
當zkClient與zk服務斷了鏈接並且重試時間超過(org.I0Itec.zkclient.ZkClient#_operationRetryTimeoutInMillis)之後,就會重新reconnect,重新reconnect操作,會重新new一個`_zk`,導致之前addAuthInfo的acl權限信息,被覆蓋掉。從而導致了reconnect之後,對節點進行cdwa操作,都會報錯:org.apache.zookeeper.KeeperException$NoAuthException: KeeperErrorCode = NoAuth for /nb-conf/ent5/datasource
1、首先,是自己定義的工具類:
@Component
public class XxlConfManager implements InitializingBean, DisposableBean {
@Value("${xxl.conf.admin.zkaddress}")
private String zkaddress;
@Value("${xxl.conf.admin.zkpath}")
private String zkpath;
@Value("${xxl.conf.admin.zkUserName}")
private String zkUserName;
@Value("${xxl.conf.admin.zkPassword}")
private String zkPassword;
private String idPassword;
private static final String digest = "digest";
private static ZkClient zkClient = null;
@Override
public void afterPropertiesSet() throws Exception {
// 創建zkClient,並設置權限信息
zkClient = new ZkClient(zkaddress);
idPassword = zkUserName + ":" + zkPassword;
zkClient.setZkSerializer(new JsonZkSerializer());
zkClient.addAuthInfo(digest, idPassword.getBytes());
}
}
2、org.I0Itec.zkclient.ZkClient#addAuthInfo
/**
* Add authentication information to the connection. This will be used to identify the user and check access to
* nodes protected by ACLs
*
* @param scheme
* @param auth
*/
public void addAuthInfo(final String scheme, final byte[] auth) {
retryUntilConnected(new Callable<Object>() {
@Override
public Object call() throws Exception {
_connection.addAuthInfo(scheme, auth);
return null;
}
});
}
3、org.I0Itec.zkclient.ZkConnection#addAuthInfo——這個方法相當於是登錄zk的賬號、密碼
private ZooKeeper _zk = null;
@Override
public void addAuthInfo(String scheme, byte[] auth) {
_zk.addAuthInfo(scheme, auth);
}
再來看看zkClient斷開連接後reconnect的方法:
1、org.I0Itec.zkclient.ZkClient#reconnect
private void reconnect() {
getEventLock().lock();
try {
_connection.close();
_connection.connect(this); // 注1
} catch (InterruptedException e) {
throw new ZkInterruptedException(e);
} finally {
getEventLock().unlock();
}
}
2、點進去看‘注1’方法:org.I0Itec.zkclient.ZkConnection#connect
@Override
public void connect(Watcher watcher) {
_zookeeperLock.lock();
try {
if (_zk != null) {
throw new IllegalStateException("zk client has already been started");
}
try {
LOG.debug("Creating new ZookKeeper instance to connect to " + _servers + ".");
_zk = new ZooKeeper(_servers, _sessionTimeOut, watcher); // 注2
} catch (IOException e) {
throw new ZkException("Unable to connect to " + _servers, e);
}
} finally {
_zookeeperLock.unlock();
}
}
可以發現,注2的位置,新new了一個ZooKeeper。
簡述一下上面源碼的意思:
addAuthInfo是給org.I0Itec.zkclient.ZkConnection#_zk對象設置權限信息,然後重新連接時,先廢除了之前的org.I0Itec.zkclient.ZkConnection#_zk對象:
// org.I0Itec.zkclient.ZkConnection#close方法,代碼片段
if (_zk != null) {
_zk.close();
_zk = null;
}
然後再new一個新的zk對象
_zk = new ZooKeeper(_servers, _sessionTimeOut, watcher);
所以_zk的權限信息,就被覆蓋掉了。重新對znode進行cdea操作,就會報錯:org.apache.zookeeper.KeeperException$NoAuthException: KeeperErrorCode = NoAuth for /nb-conf/ent5/datasource
異常重現
先正常連接上zk(在另外一臺機器上的zk),然後斷掉網(拔網線,關wifi等),然後重試時間超過org.I0Itec.zkclient.ZkClient#_operationRetryTimeoutInMillis(其實就是connectionTimeout),就會reconnect。此時再觸發一次對znode的寫操作,就報錯了。
解決方案
思路:既然報錯,那就try-catch,然後判斷異常是否是org.apache.zookeeper.KeeperException$NoAuthException,如果是的話,說明就是reconnect之後,權限信息被清空導致的,那就在catch中,給在addAuthInfo一下,不就完了。
代碼如下:
private static ZkClient zkClient = null;
// 在afterPropertiesSet()方法中,創建zkClient的代碼上面有,這裏略。
public void set(String path, String data) {
try {
_set(path, data);
} catch (Exception e) {
// 主要這裏不是e instanceof KeeperException.NoAuthException。原因看:org.I0Itec.zkclient.exception.ZkException#create
if (e.getCause() instanceof KeeperException.NoAuthException) {
zkClient.addAuthInfo(digest, idPassword.getBytes());
}
_set(path, data);
}
}
private void _set(String path, String data) {
createPathIfNotExists(path);
zkClient.writeData(path, data);
}
思路就是這個思路。另外在delete方法也要加,因爲zkClient重連接後,調用了delete方法,也可能會出現NoAuthException。
(實現功能即可、沒有代碼潔癖的同學,下面就不用看了。)
使用aop對解決方案優化
直接按照上面方式加上也行。但是這裏模板方法抽取使用aop,還是比較好的於是:(先要實現功能的同學,下面就不用看了。)
使用aop方式去掉重複代碼方式實現思路:
1、先定義個註解,我們給加了此註解的方法使用aop
import java.lang.annotation.*;
@Target(ElementType.METHOD)
@Retention(RetentionPolicy.RUNTIME)
@Documented
public @interface ResetAclIfNoauth {
}
2、aop
package io.newbanker.xxlconf;
import org.apache.zookeeper.KeeperException;
import org.aspectj.lang.ProceedingJoinPoint;
import org.aspectj.lang.annotation.Around;
import org.aspectj.lang.annotation.Aspect;
import org.aspectj.lang.annotation.Pointcut;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
@Component
@Aspect
public class ZkNoAuthExceptionAspect {
@Autowired
private XxlConfManager xxlConfManager;
@Pointcut("@annotation(io.newbanker.xxlconf.ResetAclIfNoauth)")
public void pointcut() {
}
@Around("pointcut()")
public Object around(ProceedingJoinPoint point) throws Throwable {
try {
return point.proceed();
} catch (Throwable e) {
if (e.getCause() instanceof KeeperException.NoAuthException) {
xxlConfManager.addAuthInfo();
}
return point.proceed();
}
}
}
3、對原有自己封裝的zk工具類進行修改: