zookeeper 提供權限認證作爲zookeeper客戶端訪問的限制,主要有兩種方式,1、IP模式 2、 digest權限模式
可以通過創建節點時定義權限內容。以下是java的實現
package com.aicong.test.helloZookeeper;
import java.io.IOException;
import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;
import org.apache.zookeeper.CreateMode;
import org.apache.zookeeper.KeeperException;
import org.apache.zookeeper.WatchedEvent;
import org.apache.zookeeper.Watcher;
import org.apache.zookeeper.Watcher.Event.EventType;
import org.apache.zookeeper.Watcher.Event.KeeperState;
import org.apache.zookeeper.ZooDefs.Perms;
import org.apache.zookeeper.ZooKeeper;
import org.apache.zookeeper.data.ACL;
import org.apache.zookeeper.data.Id;
import org.apache.zookeeper.server.auth.DigestAuthenticationProvider;
public class CreateNodeSyncAuth implements Watcher {
private static ZooKeeper zookeeper;
private static boolean somethingDone = false;
public static void main(String[] args) throws IOException, InterruptedException {
zookeeper = new ZooKeeper("112.74.219.174:2181",5000,new CreateNodeSyncAuth());
System.out.println(zookeeper.getState());
Thread.sleep(Integer.MAX_VALUE);
}
/*
* 權限模式(scheme): ip, digest
* 授權對象(ID)
* ip權限模式: 具體的ip地址
* digest權限模式: username:Base64(SHA-1(username:password))
* 權限(permission): create(C), DELETE(D),READ(R), WRITE(W), ADMIN(A)
* 注:單個權限,完全權限,複合權限
*
* 權限組合: scheme + ID + permission
*
*
*
* */
private void doSomething(){
try {
//創建節點的時候要求權限驗證
//基於IP
ACL aclIp = new ACL(Perms.READ,new Id("ip","112.74.219.174"));
//基於用戶名密碼
ACL aclDigest = new ACL(Perms.READ|Perms.WRITE,new Id("digest",DigestAuthenticationProvider.generateDigest("jike:123456")));
ArrayList<ACL> acls = new ArrayList<ACL>();
acls.add(aclDigest);
acls.add(aclIp);
//zookeeper.addAuthInfo("digest", "jike:123456".getBytes());
String path = zookeeper.create("/node_10", "123".getBytes(), acls, CreateMode.PERSISTENT);
System.out.println("return path:"+path);
somethingDone = true;
} catch (KeeperException e) {
e.printStackTrace();
} catch (InterruptedException e) {
e.printStackTrace();
} catch (NoSuchAlgorithmException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
@Override
public void process(WatchedEvent event) {
// TODO Auto-generated method stub
System.out.println("收到事件:"+event);
if (event.getState()==KeeperState.SyncConnected){
if (!somethingDone && event.getType()==EventType.None && null==event.getPath()){
doSomething();
}
}
}
}
調用方可以使用代碼:
package com.aicong.test.helloZookeeper;
import java.io.IOException;
import org.apache.zookeeper.KeeperException;
import org.apache.zookeeper.WatchedEvent;
import org.apache.zookeeper.Watcher;
import org.apache.zookeeper.Watcher.Event.EventType;
import org.apache.zookeeper.Watcher.Event.KeeperState;
import org.apache.zookeeper.ZooKeeper;
import org.apache.zookeeper.data.Stat;
public class GetDataSyncAuth implements Watcher{
private static ZooKeeper zooKeeper;
private static Stat stat = new Stat();
public static void main(String[] args) throws IOException, InterruptedException, KeeperException {
zooKeeper = new ZooKeeper("112.74.219.174:2181",5000,new GetDataSyncAuth());
System.out.println(zooKeeper.getState().toString());
Thread.sleep(Integer.MAX_VALUE);
}
private void doSomething(ZooKeeper zookeeper){
//權限驗證
zooKeeper.addAuthInfo("digest", "jike:1234".getBytes());
try {
System.out.println(new String(zooKeeper.getData("/node_4", true, stat)));
} catch (KeeperException e) {
e.printStackTrace();
} catch (InterruptedException e) {
e.printStackTrace();
}
}
@Override
public void process(WatchedEvent event) {
// TODO Auto-generated method stub
if (event.getState()==KeeperState.SyncConnected){
if (event.getType()==EventType.None && null==event.getPath()){
doSomething(zooKeeper);
}else{
if (event.getType()==EventType.NodeDataChanged){
try {
System.out.println(new String(zooKeeper.getData(event.getPath(), true, stat)));
System.out.println("stat:"+stat);
} catch (KeeperException e) {
e.printStackTrace();
} catch (InterruptedException e) {
e.printStackTrace();
}
}
}
}
}
}