Zk学习笔记——权限控制

参考:从Paxos到Zookeeper分布式一致性原理和实践

使用的zk依赖是cdh5.16.2的3.4.5

<!-- zookeeper -->
<dependency>
    <groupId>org.apache.zookeeper</groupId>
    <artifactId>zookeeper</artifactId>
    <version>3.4.5-cdh5.16.2</version>
</dependency>

Zookeeper提供了多种权限控制模式,分别是world,auth,digest,ip和super。

下面介绍模式scheme中的digest

使用如下语句对zk session添加权限,其中的username:password是账号密码

zk1.addAuthInfo("digest", "username:password".getBytes());

如果操作zk节点没有权限的话,会抛出NoAuthException

Exception in thread "main" org.apache.zookeeper.KeeperException$NoAuthException: KeeperErrorCode = NoAuth for /app6

代码

package com.bigdata.zookeeper;

import org.apache.zookeeper.CreateMode;
import org.apache.zookeeper.ZooDefs;
import org.apache.zookeeper.ZooKeeper;

public class AuthExample {

    private static ZooKeeper zk1;
    private static ZooKeeper zk2;

    public static void main(String[] args) throws Exception {
        // zk1 session
        zk1 = new ZooKeeper("master:2181", 5000, null);
        zk1.addAuthInfo("digest", "username:password".getBytes());
        // 创建一个节点
        String path = "/app6";
        zk1.create(path, "123".getBytes(), ZooDefs.Ids.CREATOR_ALL_ACL, CreateMode.EPHEMERAL);

        // zk2 session无权限
        zk2 = new ZooKeeper("master:2181", 5000, null);
//        System.out.println(new String(zk2.getData(path, false, null)));

        // zk2 session有权限
        zk2.addAuthInfo("digest", "username:password".getBytes());
        System.out.println(new String(zk2.getData(path, false, null)));
    }

}

没有权限的话,zkui也会报错

使用zookeeper-client访问

lintong@master:/opt/cloudera/parcels/CDH/bin$ ./zookeeper-client
Connecting to localhost:2181

查看,仍然没有权限

[zk: localhost:2181(CONNECTED) 0] ls /
[cluster, controller, brokers, zookeeper, admin, isr_change_notification, log_dir_event_notification, ngdata, controller_epoch, kafka-manager, solr, app6, consumers, hive_zookeeper_namespace_hive, latest_producer_id_block, app2, config, app1, hbase, app4, app3]
[zk: localhost:2181(CONNECTED) 1] ls /app6
Authentication is not valid : /app6

设置密码并查看

[zk: localhost:2181(CONNECTED) 3] addauth digest username:password

[zk: localhost:2181(CONNECTED) 7] get /app6
123
cZxid = 0x139e88
ctime = Sun Aug 02 23:38:30 CST 2020
mZxid = 0x139e88
mtime = Sun Aug 02 23:38:30 CST 2020
pZxid = 0x139e88
cversion = 0
dataVersion = 0
aclVersion = 0
ephemeralOwner = 0x0
dataLength = 3
numChildren = 0

 

posted @ 2020-08-02 23:39  tonglin0325  阅读(360)  评论(0编辑  收藏  举报