[ZooKeeper]ZooKeeper Java客户端ACL API
2016-05-29 22:19
363 查看
The following constants are provided by the ZooKeeper Java library:
ZooDefs.Perms.READ; //can read node’s value and list its children
ZooDefs.Perms.WRITE;// can set the node’s value
ZooDefs.Perms.CREATE; //can create children
ZooDefs.Perms.DELETE;// can delete children
ZooDefs.Perms.ADMIN; //can execute set_acl()
ZooDefs.Perms.ALL;// all of the above flags OR’d together
The following are the standard ACL IDs:
ZooDefs.Ids.ANYONE_ID_UNSAFE; //(‘world’, ‘anyone’)
ZooDefs.Ids.AUTH_IDS;// (‘auth’, ‘’)
ZooDefs.Ids.AUTH_IDS empty identity string should be interpreted as “the identity of the creator”.
ZooKeeper client comes with three standard ACLs:
ZooDefs.Ids.OPEN_ACL_UNSAFE; //(ZooDefs.Perms.ALL, ZooDefs.Ids.ANYONE_ID_UNSAFE)
ZooDefs.Ids.READ_ACL_UNSAFE;// (ZooDefs.Perms.READ, ZooDefs.Ids.ANYONE_ID_UNSAFE)
ZooDefs.Ids.CREATOR_ALL_ACL; //(ZooDefs.Perms.ALL, ZooDefs.Ids.AUTH_IDS)
The ZooDefs.Ids.OPEN_ACL_UNSAFE is completely open free for all ACL: any application can execute any operation on the node and can create, list and delete its children. The ZooDefs.Ids.READ_ACL_UNSAFE is read-only access for any application. ZooDefs.Ids.CREATOR_ALL_ACL grants all permissions to the creator of the node. The creator must have been authenticated by the server (for example, using “digest” scheme) before it can create nodes with this ACL.
The following ZooKeeper operations deal with ACLs:
public void addAuthInfo(String scheme, byte[] auth);
The application uses the addAuthInfo function to authenticate itself to the server. The function can be called multiple times if the application wants to authenticate using different schemes and/or identities.
public String create(String path, byte[] data, List acl, CreateMode createMode);
create(…) operation creates a new node. The acl parameter is a list of ACLs associated with the node. The parent node must have the CREATE permission bit set.
public List getACL(String path, Stat stat);
This operation returns a node’s ACL info.
public Stat setACL(String path, List acl, int version);
This function replaces node’s ACL list with a new one. The node must have the ADMIN permission set.
Here is a sample code that makes use of the above APIs to authenticate itself using the “foo” scheme and create an ephemeral node “/xyz” with create-only permissions.
Note
This is a very simple example which is intended to show how to interact with ZooKeeper ACLs specifically.
ZooDefs.Perms.READ; //can read node’s value and list its children
ZooDefs.Perms.WRITE;// can set the node’s value
ZooDefs.Perms.CREATE; //can create children
ZooDefs.Perms.DELETE;// can delete children
ZooDefs.Perms.ADMIN; //can execute set_acl()
ZooDefs.Perms.ALL;// all of the above flags OR’d together
The following are the standard ACL IDs:
ZooDefs.Ids.ANYONE_ID_UNSAFE; //(‘world’, ‘anyone’)
ZooDefs.Ids.AUTH_IDS;// (‘auth’, ‘’)
ZooDefs.Ids.AUTH_IDS empty identity string should be interpreted as “the identity of the creator”.
ZooKeeper client comes with three standard ACLs:
ZooDefs.Ids.OPEN_ACL_UNSAFE; //(ZooDefs.Perms.ALL, ZooDefs.Ids.ANYONE_ID_UNSAFE)
ZooDefs.Ids.READ_ACL_UNSAFE;// (ZooDefs.Perms.READ, ZooDefs.Ids.ANYONE_ID_UNSAFE)
ZooDefs.Ids.CREATOR_ALL_ACL; //(ZooDefs.Perms.ALL, ZooDefs.Ids.AUTH_IDS)
The ZooDefs.Ids.OPEN_ACL_UNSAFE is completely open free for all ACL: any application can execute any operation on the node and can create, list and delete its children. The ZooDefs.Ids.READ_ACL_UNSAFE is read-only access for any application. ZooDefs.Ids.CREATOR_ALL_ACL grants all permissions to the creator of the node. The creator must have been authenticated by the server (for example, using “digest” scheme) before it can create nodes with this ACL.
The following ZooKeeper operations deal with ACLs:
public void addAuthInfo(String scheme, byte[] auth);
The application uses the addAuthInfo function to authenticate itself to the server. The function can be called multiple times if the application wants to authenticate using different schemes and/or identities.
public String create(String path, byte[] data, List acl, CreateMode createMode);
create(…) operation creates a new node. The acl parameter is a list of ACLs associated with the node. The parent node must have the CREATE permission bit set.
public List getACL(String path, Stat stat);
This operation returns a node’s ACL info.
public Stat setACL(String path, List acl, int version);
This function replaces node’s ACL list with a new one. The node must have the ADMIN permission set.
Here is a sample code that makes use of the above APIs to authenticate itself using the “foo” scheme and create an ephemeral node “/xyz” with create-only permissions.
Note
This is a very simple example which is intended to show how to interact with ZooKeeper ACLs specifically.
package felix.zookeeper.examples.acl; import java.io.IOException; import java.util.Arrays; import java.util.List; import org.apache.zookeeper.CreateMode; import org.apache.zookeeper.KeeperException; import org.apache.zookeeper.WatchedEvent; import org.apache.zookeeper.Watcher; import org.apache.zookeeper.ZooDefs; import org.apache.zookeeper.ZooKeeper; import org.apache.zookeeper.data.ACL; import org.apache.zookeeper.data.Stat; public class ACLExample { /** * In this example this method gets the cert for your * environment -- you must provide */ public static String fooGetCertOnce(String id) { return null; } /** * Watcher function -- empty for this example, not something you should * do in real code * */ private static Watcher watcher = new Watcher() { @Override public void process(WatchedEvent event) { } }; public static void main(String[] args) throws IOException, KeeperException, InterruptedException { String appId = "example.foo_test"; String cert = fooGetCertOnce(appId); if (cert != null) { System.out.printf("Certificate for appid [%s] is [%s]\n", appId, cert); } else { System.err.printf( "Certificate for appid [%s] not found\n", appId); cert = "dummy"; } ZooKeeper client = new ZooKeeper("localhost:3181", 10000, watcher, false); try { client.addAuthInfo("foo", cert.getBytes()); List<ACL> CREATE_ONLY = Arrays.asList(new ACL[] { new ACL(ZooDefs.Perms.CREATE, ZooDefs.Ids.AUTH_IDS) }); client.create("/xyz", "value".getBytes(), CREATE_ONLY, CreateMode.EPHEMERAL); Stat stat = new Stat(); // this operation will fail with a NoAuthException client.getData("/xyz", watcher, stat); } catch (KeeperException.NoAuthException e) { System.err.printf("Error %d for %s\n", e.getMessage()); } finally { client.close(); } } }
相关文章推荐
- Shell脚本实现自动安装zookeeper
- 基于Zookeeper的使用详解
- mesos + marathon + docker部署
- 基于zk的配置管理
- 搭建分布式架构4--ZooKeeper注册中心安装
- 搭建分布式架构5--ZooKeeper 集群的安装 3ff0
- Zookeeper注册中心安装
- SolrCloud4.9+zookeeper在CentOS上的搭建与安装
- 基于外部ZooKeeper的GlusterFS作为分布式文件系统的完全分布式HBase集群安装指南
- Storm集群的搭建
- Zookeeper配置项说明
- redis集群搭建
- 安装 zookeeper PHP 扩展
- 大数据实验室(大数据基础培训)——Zookeeper的安装、配置及基础使用
- 使用 RMI + ZooKeeper 实现远程调用框架
- 轻量级分布式 RPC 框架
- 整合Kafka到Spark Streaming——代码示例和挑战
- HBase 系统架构
- 使用zookeeper实现分布式共享锁
- 将Zookeeper集成到你的应用中