0 课程地址
https://coding.imooc.com/lesson/201.html#mid=12729
1 重点关注
1.1 本节内容
通过schema为ip的方式设置权限,只有指定ip才能操作
1.2 关键代码
// ip方式的acl
List<ACL> aclsIP = new ArrayList<ACL>();
Id ipId1 = new Id("ip", "172.26.128.1");
aclsIP.add(new ACL(Perms.ALL, ipId1));
zkServer.createZKNode("/aclimooc/iptest9", "iptest".getBytes(), aclsIP);
// 验证ip是否有权限
zkServer.getZookeeper().setData("/aclimooc/iptest9", "now".getBytes(), 0);
Stat stat = new Stat();
byte[] data = zkServer.getZookeeper().getData("/aclimooc/iptest9", false, stat);
System.out.println(new String(data));
System.out.println(stat.getVersion());
2 课程内容
3 Coding
3.1 用一个非本机的ip创建节点,然后访问,会发现没有权限
- 启动服务端
进入到
cd /usr/local/zookeeper/bin
重启zookeeper服务端
./zkServer.sh restart
- 主类
package com.imooc.zk.demo;
import java.io.IOException;
import java.util.ArrayList;
import java.util.List;
import java.util.concurrent.CountDownLatch;
import org.apache.zookeeper.CreateMode;
import org.apache.zookeeper.KeeperException;
import org.apache.zookeeper.WatchedEvent;
import org.apache.zookeeper.Watcher;
import org.apache.zookeeper.ZooDefs.Ids;
import org.apache.zookeeper.ZooDefs.Perms;
import org.apache.zookeeper.ZooKeeper;
import org.apache.zookeeper.data.ACL;
import org.apache.zookeeper.data.Id;
import org.apache.zookeeper.data.Stat;
import com.imooc.utils.AclUtils;
/**
*
* @Description: zookeeper 操作节点acl演示
*/
public class ZKNodeAcl implements Watcher {
private ZooKeeper zookeeper = null;
public static final String zkServerPath = "172.26.139.4:2181";
public static final Integer timeout = 5000;
public ZKNodeAcl() {}
public ZKNodeAcl(String connectString) {
try {
zookeeper = new ZooKeeper(connectString, timeout, new ZKNodeAcl());
} catch (IOException e) {
e.printStackTrace();
if (zookeeper != null) {
try {
zookeeper.close();
} catch (InterruptedException e1) {
e1.printStackTrace();
}
}
}
}
public void createZKNode(String path, byte[] data, List<ACL> acls) {
String result = "";
try {
/**
* 同步或者异步创建节点,都不支持子节点的递归创建,异步有一个callback函数
* 参数:
* path:创建的路径
* data:存储的数据的byte[]
* acl:控制权限策略
* Ids.OPEN_ACL_UNSAFE --> world:anyone:cdrwa
* CREATOR_ALL_ACL --> auth:user:password:cdrwa
* createMode:节点类型, 是一个枚举
* PERSISTENT:持久节点
* PERSISTENT_SEQUENTIAL:持久顺序节点
* EPHEMERAL:临时节点
* EPHEMERAL_SEQUENTIAL:临时顺序节点
*/
result = zookeeper.create(path, data, acls, CreateMode.PERSISTENT);
System.out.println("创建节点:\t" + result + "\t成功...");
} catch (KeeperException e) {
e.printStackTrace();
} catch (InterruptedException e) {
e.printStackTrace();
}
}
public static void main(String[] args) throws Exception {
ZKNodeAcl zkServer = new ZKNodeAcl(zkServerPath);
/**
* ====================== 创建node start ======================
*/
// acl 任何人都可以访问
//zkServer.createZKNode("/aclimooc", "test".getBytes(), Ids.OPEN_ACL_UNSAFE);
// 自定义用户认证访问
List<ACL> acls = new ArrayList<ACL>();
Id imooc1 = new Id("digest", AclUtils.getDigestUserPwd("imooc1:123456"));
Id imooc2 = new Id("digest", AclUtils.getDigestUserPwd("imooc2:123456"));
acls.add(new ACL(Perms.ALL, imooc1));
acls.add(new ACL(Perms.READ, imooc2));
acls.add(new ACL(Perms.DELETE | Perms.CREATE, imooc2));
zkServer.createZKNode("/aclimooc/testdigest", "testdigest".getBytes(), acls);
// 注册过的用户必须通过addAuthInfo才能操作节点,参考命令行 addauth
// zkServer.getZookeeper().addAuthInfo("digest", "imooc1:123456".getBytes());
// zkServer.createZKNode("/aclimooc/testdigest/childtest", "childtest".getBytes(), Ids.CREATOR_ALL_ACL);
// Stat stat = new Stat();
// byte[] data = zkServer.getZookeeper().getData("/aclimooc/testdigest", false, stat);
// System.out.println(new String(data));
// zkServer.getZookeeper().setData("/aclimooc/testdigest", "now".getBytes(), 1);
// ip方式的acl
List<ACL> aclsIP = new ArrayList<ACL>();
Id ipId1 = new Id("ip", "192.168.43.206");
aclsIP.add(new ACL(Perms.ALL, ipId1));
zkServer.createZKNode("/aclimooc/iptest6", "iptest".getBytes(), aclsIP);
// 验证ip是否有权限
zkServer.getZookeeper().setData("/aclimooc/iptest6", "now".getBytes(), 0);
Stat stat = new Stat();
byte[] data = zkServer.getZookeeper().getData("/aclimooc/iptest6", false, stat);
System.out.println(new String(data));
System.out.println(stat.getVersion());
}
public ZooKeeper getZookeeper() {
return zookeeper;
}
public void setZookeeper(ZooKeeper zookeeper) {
this.zookeeper = zookeeper;
}
@Override
public void process(WatchedEvent event) {
}
}
- 加密工具类:
package com.imooc.utils;
import java.io.IOException;
import org.apache.zookeeper.KeeperException;
import org.apache.zookeeper.server.auth.DigestAuthenticationProvider;
public class AclUtils {
public static String getDigestUserPwd(String id) throws Exception {
return DigestAuthenticationProvider.generateDigest(id);
}
public static void main(String[] args) throws IOException, InterruptedException, KeeperException, Exception {
String id = "imooc:imooc";
String idDigested = getDigestUserPwd(id);
System.out.println(idDigested);
}
}
- 打印日志1(报错原因为创建节点没有用设置创建权限的用户操作)
Exception in thread "main" org.apache.zookeeper.KeeperException$NoAuthException: KeeperErrorCode = NoAuth for /aclimooc/iptest6
at org.apache.zookeeper.KeeperException.create(KeeperException.java:116)
at org.apache.zookeeper.KeeperException.create(KeeperException.java:54)
at org.apache.zookeeper.ZooKeeper.setData(ZooKeeper.java:1330)
at com.imooc.zk.demo.ZKNodeAcl.main(ZKNodeAcl.java:110)
3.2 用本机的ip创建节点,然后访问,会发现有权限
- 主类:
package com.imooc.zk.demo;
import java.io.IOException;
import java.util.ArrayList;
import java.util.List;
import java.util.concurrent.CountDownLatch;
import org.apache.zookeeper.CreateMode;
import org.apache.zookeeper.KeeperException;
import org.apache.zookeeper.WatchedEvent;
import org.apache.zookeeper.Watcher;
import org.apache.zookeeper.ZooDefs.Ids;
import org.apache.zookeeper.ZooDefs.Perms;
import org.apache.zookeeper.ZooKeeper;
import org.apache.zookeeper.data.ACL;
import org.apache.zookeeper.data.Id;
import org.apache.zookeeper.data.Stat;
import com.imooc.utils.AclUtils;
/**
*
* @Description: zookeeper 操作节点acl演示
*/
public class ZKNodeAcl implements Watcher {
private ZooKeeper zookeeper = null;
public static final String zkServerPath = "172.26.139.4:2181";
public static final Integer timeout = 5000;
public ZKNodeAcl() {}
public ZKNodeAcl(String connectString) {
try {
zookeeper = new ZooKeeper(connectString, timeout, new ZKNodeAcl());
} catch (IOException e) {
e.printStackTrace();
if (zookeeper != null) {
try {
zookeeper.close();
} catch (InterruptedException e1) {
e1.printStackTrace();
}
}
}
}
public void createZKNode(String path, byte[] data, List<ACL> acls) {
String result = "";
try {
/**
* 同步或者异步创建节点,都不支持子节点的递归创建,异步有一个callback函数
* 参数:
* path:创建的路径
* data:存储的数据的byte[]
* acl:控制权限策略
* Ids.OPEN_ACL_UNSAFE --> world:anyone:cdrwa
* CREATOR_ALL_ACL --> auth:user:password:cdrwa
* createMode:节点类型, 是一个枚举
* PERSISTENT:持久节点
* PERSISTENT_SEQUENTIAL:持久顺序节点
* EPHEMERAL:临时节点
* EPHEMERAL_SEQUENTIAL:临时顺序节点
*/
result = zookeeper.create(path, data, acls, CreateMode.PERSISTENT);
System.out.println("创建节点:\t" + result + "\t成功...");
} catch (KeeperException e) {
e.printStackTrace();
} catch (InterruptedException e) {
e.printStackTrace();
}
}
public static void main(String[] args) throws Exception {
ZKNodeAcl zkServer = new ZKNodeAcl(zkServerPath);
/**
* ====================== 创建node start ======================
*/
// acl 任何人都可以访问
//zkServer.createZKNode("/aclimooc", "test".getBytes(), Ids.OPEN_ACL_UNSAFE);
// 自定义用户认证访问
/*
* List<ACL> acls = new ArrayList<ACL>(); Id imooc1 = new Id("digest",
* AclUtils.getDigestUserPwd("imooc1:123456")); Id imooc2 = new Id("digest",
* AclUtils.getDigestUserPwd("imooc2:123456")); acls.add(new ACL(Perms.ALL,
* imooc1)); acls.add(new ACL(Perms.READ, imooc2)); acls.add(new
* ACL(Perms.DELETE | Perms.CREATE, imooc2));
* zkServer.createZKNode("/aclimooc/testdigest", "testdigest".getBytes(), acls);
*/
// 注册过的用户必须通过addAuthInfo才能操作节点,参考命令行 addauth
// zkServer.getZookeeper().addAuthInfo("digest", "imooc1:123456".getBytes());
// zkServer.createZKNode("/aclimooc/testdigest/childtest", "childtest".getBytes(), Ids.CREATOR_ALL_ACL);
// Stat stat = new Stat();
// byte[] data = zkServer.getZookeeper().getData("/aclimooc/testdigest", false, stat);
// System.out.println(new String(data));
// zkServer.getZookeeper().setData("/aclimooc/testdigest", "now".getBytes(), 1);
// ip方式的acl
List<ACL> aclsIP = new ArrayList<ACL>();
Id ipId1 = new Id("ip", "172.26.128.1");
aclsIP.add(new ACL(Perms.ALL, ipId1));
zkServer.createZKNode("/aclimooc/iptest9", "iptest".getBytes(), aclsIP);
// 验证ip是否有权限
zkServer.getZookeeper().setData("/aclimooc/iptest9", "now".getBytes(), 0);
Stat stat = new Stat();
byte[] data = zkServer.getZookeeper().getData("/aclimooc/iptest9", false, stat);
System.out.println(new String(data));
System.out.println(stat.getVersion());
}
public ZooKeeper getZookeeper() {
return zookeeper;
}
public void setZookeeper(ZooKeeper zookeeper) {
this.zookeeper = zookeeper;
}
@Override
public void process(WatchedEvent event) {
}
}
- 打印日志
创建节点: /aclimooc/iptest9 成功... now 1
标签:Dubbo,13,org,zookeeper,中间件,zkServer,new,apache,import From: https://www.cnblogs.com/1446358788-qq/p/18113915