ACL:Access Control List  访问控制列表

1.  简介

0.概述

ACL 权限控制,使用:scheme:id:perm 来标识,主要涵盖 3 个方面:
  权限模式(Scheme):授权的策略
  授权对象(ID):授权的对象
  权限(Permission):授予的权限

其特性如下:
  ZooKeeper的权限控制是基于每个znode节点的,需要对每个节点设置权限
  每个znode支持设置多种权限控制方案和多个权限
  子节点不会继承父节点的权限,客户端无权访问某节点,但可能可以访问它的子节点

例如:

  1. setAcl /test2 ip:128.0.0.1:crwda

1.  scheme  采用何种方式授权

  world:默认方式,相当于全部都能访问
  auth:代表已经认证通过的用户(cli中可以通过addauth digest user:pwd 来添加当前上下文中的授权用户)
  digest:即用户名:密码这种方式认证,这也是业务系统中最常用的。用 username:password 字符串来产生一个MD5串,然后该串被用来作为ACL ID。认证是通过明文发送username:password 来进行的,当用在ACL时,表达式为username:base64 ,base64是password的SHA1摘要的编码。
  ip:使用客户端的主机IP作为ACL ID 。这个ACL表达式的格式为addr/bits ,此时addr中的有效位与客户端addr中的有效位进行比对。

2.  ID   给谁授予权限

  授权对象ID是指,权限赋予的用户或者一个实体,例如:IP 地址或者机器。授权模式 schema 与 授权对象 ID 之间

3.  permission   授予什么权限

  CREATE、READ、WRITE、DELETE、ADMIN 也就是 增、删、改、查、管理权限,这5种权限简写为crwda

注意:

  这5种权限中,delete是指对子节点的删除权限,其它4种权限指对自身节点的操作权限

更详细的如下:

  CREATE   c 可以创建子节点
  DELETE   d 可以删除子节点(仅下一级节点)
  READ       r 可以读取节点数据及显示子节点列表
  WRITE     w 可以设置节点数据
  ADMIN     a 可以设置节点访问控制列表权限

2.ACL 相关命令

getAcl        getAcl <path>     读取ACL权限
setAcl        setAcl <path> <acl>     设置ACL权限
addauth      addauth <scheme> <auth>     添加认证用户

3.测试zkCli设置权限

1.word方式

  1. [zk: localhost:(CONNECTED) ] create /test1 test1-value
  2. Created /test1
  3. [zk: localhost:(CONNECTED) ] getAcl /test1 #创建的默认是所有用户都可以进行cdrwa
  4. 'world,'anyone
  5. : cdrwa
  6. [zk: localhost:(CONNECTED) ] setAcl /test1 world:anyone:acd #修改为所有人可以acd
  7. cZxid = 0x400000007
  8. ctime = Tue Mar :: CST
  9. mZxid = 0x400000007
  10. mtime = Tue Mar :: CST
  11. pZxid = 0x400000007
  12. cversion =
  13. dataVersion =
  14. aclVersion =
  15. ephemeralOwner = 0x0
  16. dataLength =
  17. numChildren =
  18. [zk: localhost:(CONNECTED) ] getAcl /test1
  19. 'world,'anyone
  20. : cda

2.IP的方式

  1. [zk: localhost:(CONNECTED) ] create /test2 test2-value
  2. Created /test2
  3. [zk: localhost:(CONNECTED) ] setAcl /test2 ip:127.0.0.1:crwda #修改此IP具有所有权限
  4. cZxid = 0x400000009
  5. ctime = Tue Mar :: CST
  6. mZxid = 0x400000009
  7. mtime = Tue Mar :: CST
  8. pZxid = 0x400000009
  9. cversion =
  10. dataVersion =
  11. aclVersion =
  12. ephemeralOwner = 0x0
  13. dataLength =
  14. numChildren =
  15. [zk: localhost:(CONNECTED) ] getAcl /test2
  16. 'ip,'127.0.0.1
  17. : cdrwa

 当然可以设置IP的时候使用多个ip的方式,比如:

  1. [zk: localhost:(CONNECTED) ] setAcl /t3 ip:192.168.0.164:cdwra,ip:127.0.0.1:cdwra
  2. cZxid = 0x400000018
  3. ctime = Tue Mar :: CST
  4. mZxid = 0x400000018
  5. mtime = Tue Mar :: CST
  6. pZxid = 0x400000018
  7. cversion =
  8. dataVersion =
  9. aclVersion =
  10. ephemeralOwner = 0x0
  11. dataLength =
  12. numChildren =
  13. [zk: localhost:(CONNECTED) ] getAcl /t3
  14. 'ip,'192.168.0.164
  15. : cdrwa
  16. 'ip,'127.0.0.1
  17. : cdrwa

3.  Auth

  1. [zk: localhost:(CONNECTED) ] create /t4
  2. Created /t4
  3. [zk: localhost:(CONNECTED) ] addauth digest qlq:111222 #增加授权用户,明文用户名和密码
  4. [zk: localhost:(CONNECTED) ] setAcl /t4 auth:qlq:cdwra  #授予权限
  5. cZxid = 0x40000001d
  6. ctime = Tue Mar :: CST
  7. mZxid = 0x40000001d
  8. mtime = Tue Mar :: CST
  9. pZxid = 0x40000001d
  10. cversion =
  11. dataVersion =
  12. aclVersion =
  13. ephemeralOwner = 0x0
  14. dataLength =
  15. numChildren =
  16. [zk: localhost:(CONNECTED) ] getAcl /t4
  17. 'digest,'qlq:JWNEexxIoeVompjU7O5pZzTU+VQ=
  18. : cdrwa

 如果重新连接之后获取会报没权限,需要添加授权用户:

  1. [zk: localhost:(CONNECTED) ] get /t4
  2. Authentication is not valid : /t4
  3. [zk: localhost:(CONNECTED) ] addauth digest qlq:
  4. [zk: localhost:(CONNECTED) ] get /t4
  5.  
  6. cZxid = 0x40000001d
  7. ctime = Tue Mar :: CST
  8. mZxid = 0x40000001d
  9. mtime = Tue Mar :: CST
  10. pZxid = 0x40000001d
  11. cversion =
  12. dataVersion =
  13. aclVersion =
  14. ephemeralOwner = 0x0
  15. dataLength =
  16. numChildren =

4. Digest

  1. etAcl /test digest:用户名:密码:权限

  密码是用户名和密码加密后的字符串。

(1)生成密码:sha1加密之后base64编码

  1. package zd.dms.test;
  2.  
  3. import java.security.MessageDigest;
  4. import java.security.NoSuchAlgorithmException;
  5. import org.apache.commons.codec.binary.Base64;
  6.  
  7. public class Test {
  8. public static void main(String[] args) throws NoSuchAlgorithmException {
  9. String usernameAndPassword = "user:123456";
  10. byte digest[] = MessageDigest.getInstance("SHA1").digest(usernameAndPassword.getBytes());
  11. Base64 base64 = new Base64();
  12. String encodeToString = base64.encodeToString(digest);
  13. System.out.println(encodeToString);
  14. }
  15. }

6DY5WhzOfGsWQ1XFuIyzxkpwdPo=

(2)设置权限

  1. [zk: localhost:(CONNECTED) ] setAcl /t6 digest:user:6DY5WhzOfGsWQ1XFuIyzxkpwdPo=:crwda #授权
  2. cZxid = 0x400000028
  3. ctime = Tue Mar :: CST
  4. mZxid = 0x400000028
  5. mtime = Tue Mar :: CST
  6. pZxid = 0x400000028
  7. cversion =
  8. dataVersion =
  9. aclVersion =
  10. ephemeralOwner = 0x0
  11. dataLength =
  12. numChildren =
  13. [zk: localhost:(CONNECTED) ] getAcl /t6
  14. 'digest,'user:6DY5WhzOfGsWQ1XFuIyzxkpwdPo=
  15. : cdrwa

直接删除会不允许,也必须增加摘要之后才能删除

  1. [zk: localhost:(CONNECTED) ] rmr /t6 #直接删除没权限
  2. Authentication is not valid : /t6
  3. [zk: localhost:(CONNECTED) ] addauth digest user:123456 #增加认证用户
  4. [zk: localhost:(CONNECTED) ] rmr /t6
  5. [zk: localhost:(CONNECTED) ] ls /
  6. [t4, curator, test2, zookeeper, test1, t3]

5.Java原生的zookeperAPI的ACL

1.创建节点回顾

原来我们创建节点的时候如下:

  1. package zookeper;
  2.  
  3. import java.io.IOException;
  4. import java.util.concurrent.CountDownLatch;
  5.  
  6. import org.apache.zookeeper.CreateMode;
  7. import org.apache.zookeeper.KeeperException;
  8. import org.apache.zookeeper.WatchedEvent;
  9. import org.apache.zookeeper.Watcher;
  10. import org.apache.zookeeper.Watcher.Event.KeeperState;
  11. import org.apache.zookeeper.ZooDefs;
  12. import org.apache.zookeeper.ZooKeeper;
  13.  
  14. public class BaseAPI {
  15. private static ZooKeeper zoo;
  16. final static CountDownLatch connectedSignal = new CountDownLatch(1);
  17.  
  18. public static ZooKeeper connect(String host) throws IOException, InterruptedException {
  19. zoo = new ZooKeeper(host, 5000, new Watcher() {
  20. public void process(WatchedEvent event) {
  21. if (event.getState() == KeeperState.SyncConnected) {
  22. connectedSignal.countDown();
  23. }
  24. }
  25. });
  26.  
  27. connectedSignal.await();
  28. return zoo;
  29. }
  30.  
  31. public void close() throws InterruptedException {
  32. zoo.close();
  33. }
  34.  
  35. public static void create(String path, byte[] data) throws KeeperException, InterruptedException {
  36. zoo.create(path, data, ZooDefs.Ids.OPEN_ACL_UNSAFE, CreateMode.PERSISTENT);
  37. }
  38.  
  39. public static void main(String[] args) throws IOException, InterruptedException, KeeperException {
  40. final String path = "/t7";
  41. final ZooKeeper connect = connect("127.0.0.1:2181,127.0.0.1:2182,127.0.0.1:2183");
  42. connect.create(path, "777".getBytes(), ZooDefs.Ids.OPEN_ACL_UNSAFE, CreateMode.PERSISTENT);
  43. Thread.sleep(10 * 1000);
  44. }
  45.  
  46. }

可以看到create方法的第三个参数就是ACL集合,使用的是与zkCli方式一样的word:anyone:crwda 默认方式

如下:

  1. /**
  2. * This is a completely open ACL .
  3. */
  4. public final ArrayList<ACL> OPEN_ACL_UNSAFE = new ArrayList<ACL>(
  5. Collections.singletonList(new ACL(Perms.ALL, ANYONE_ID_UNSAFE)));
  6.  
  7. public interface Perms {
  8. int READ = 1 << 0;
  9.  
  10. int WRITE = 1 << 1;
  11.  
  12. int CREATE = 1 << 2;
  13.  
  14. int DELETE = 1 << 3;
  15.  
  16. int ADMIN = 1 << 4;
  17.  
  18. int ALL = READ | WRITE | CREATE | DELETE | ADMIN;
  19. }
  20.  
  21. public interface Ids {
  22. public final Id ANYONE_ID_UNSAFE = new Id("world", "anyone");
  23.  
  24. public final Id AUTH_IDS = new Id("auth", "");
  25.  
  26. public final ArrayList<ACL> OPEN_ACL_UNSAFE = new ArrayList<ACL>(
  27. Collections.singletonList(new ACL(Perms.ALL, ANYONE_ID_UNSAFE)));
  28.  
  29. public final ArrayList<ACL> CREATOR_ALL_ACL = new ArrayList<ACL>(
  30. Collections.singletonList(new ACL(Perms.ALL, AUTH_IDS)));
  31.  
  32. public final ArrayList<ACL> READ_ACL_UNSAFE = new ArrayList<ACL>(
  33. Collections
  34. .singletonList(new ACL(Perms.READ, ANYONE_ID_UNSAFE)));
  35. }

自己手动写一个采用IP的方式设置ACL的方法:

  1. package zookeper;
  2.  
  3. import java.io.IOException;
  4. import java.util.ArrayList;
  5. import java.util.List;
  6. import java.util.concurrent.CountDownLatch;
  7.  
  8. import org.apache.zookeeper.CreateMode;
  9. import org.apache.zookeeper.KeeperException;
  10. import org.apache.zookeeper.WatchedEvent;
  11. import org.apache.zookeeper.Watcher;
  12. import org.apache.zookeeper.Watcher.Event.KeeperState;
  13. import org.apache.zookeeper.ZooDefs;
  14. import org.apache.zookeeper.ZooDefs.Perms;
  15. import org.apache.zookeeper.ZooKeeper;
  16. import org.apache.zookeeper.data.ACL;
  17. import org.apache.zookeeper.data.Id;
  18.  
  19. public class BaseAPI {
  20. private static ZooKeeper zoo;
  21. final static CountDownLatch connectedSignal = new CountDownLatch(1);
  22.  
  23. public static ZooKeeper connect(String host) throws IOException, InterruptedException {
  24. zoo = new ZooKeeper(host, 5000, new Watcher() {
  25. public void process(WatchedEvent event) {
  26. if (event.getState() == KeeperState.SyncConnected) {
  27. connectedSignal.countDown();
  28. }
  29. }
  30. });
  31.  
  32. connectedSignal.await();
  33. return zoo;
  34. }
  35.  
  36. public void close() throws InterruptedException {
  37. zoo.close();
  38. }
  39.  
  40. public static void create(String path, byte[] data) throws KeeperException, InterruptedException {
  41. zoo.create(path, data, ZooDefs.Ids.OPEN_ACL_UNSAFE, CreateMode.PERSISTENT);
  42. }
  43.  
  44. public static void main(String[] args) throws IOException, InterruptedException, KeeperException {
  45. final String path = "/t9";
  46. final ZooKeeper connect = connect("127.0.0.1:2181,127.0.0.1:2182,127.0.0.1:2183");
  47.  
  48. // 创建ACL
  49. ACL acl = new ACL();
  50. // 创建Id,也可以设置构造方法传入scheme和id
  51. Id id = new Id("ip", "192.168.0.164");
  52. acl.setId(id);
  53. acl.setPerms(Perms.ALL);
  54.  
  55. List<ACL> acls = new ArrayList<>();
  56. acls.add(acl);
  57.  
  58. connect.create(path, "777".getBytes(), acls, CreateMode.PERSISTENT);
  59. Thread.sleep(10 * 1000);
  60. }
  61.  
  62. }

获取ACL:

  1. package zookeper;
  2.  
  3. import java.io.IOException;
  4. import java.util.ArrayList;
  5. import java.util.List;
  6. import java.util.concurrent.CountDownLatch;
  7.  
  8. import org.apache.zookeeper.CreateMode;
  9. import org.apache.zookeeper.KeeperException;
  10. import org.apache.zookeeper.WatchedEvent;
  11. import org.apache.zookeeper.Watcher;
  12. import org.apache.zookeeper.Watcher.Event.KeeperState;
  13. import org.apache.zookeeper.ZooDefs;
  14. import org.apache.zookeeper.ZooDefs.Perms;
  15. import org.apache.zookeeper.ZooKeeper;
  16. import org.apache.zookeeper.data.ACL;
  17. import org.apache.zookeeper.data.Id;
  18.  
  19. public class BaseAPI {
  20. private static ZooKeeper zoo;
  21. final static CountDownLatch connectedSignal = new CountDownLatch(1);
  22.  
  23. public static ZooKeeper connect(String host) throws IOException, InterruptedException {
  24. zoo = new ZooKeeper(host, 5000, new Watcher() {
  25. public void process(WatchedEvent event) {
  26. if (event.getState() == KeeperState.SyncConnected) {
  27. connectedSignal.countDown();
  28. }
  29. }
  30. });
  31.  
  32. connectedSignal.await();
  33. return zoo;
  34. }
  35.  
  36. public void close() throws InterruptedException {
  37. zoo.close();
  38. }
  39.  
  40. public static void create(String path, byte[] data) throws KeeperException, InterruptedException {
  41. zoo.create(path, data, ZooDefs.Ids.OPEN_ACL_UNSAFE, CreateMode.PERSISTENT);
  42. }
  43.  
  44. public static void main(String[] args) throws IOException, InterruptedException, KeeperException {
  45. final String path = "/t9";
  46. final ZooKeeper connect = connect("127.0.0.1:2181,127.0.0.1:2182,127.0.0.1:2183");
  47.  
  48. List<ACL> acls = connect.getACL("/t9", connect.exists("/t9", false));
  49. for (ACL acl : acls) {
  50. System.out.println(acl.getPerms());
  51. System.out.println(acl.getId());
  52. }
  53. }
  54.  
  55. }

结果:

31
'ip,'192.168.0.164

ckCli客户端进行验证:

  1. [zk: localhost:(CONNECTED) ] getAcl /t9
  2. 'ip,'192.168.0.164
  3. : cdrwa

补充:权限的计算方法:

<<:左移位,在低位处补0;  &与(AND),对两个整型操作数中对应位执行布尔代数,两个位都为1时输出1,否则0。

1

10

100

1000

10000

按位与之后是:11111  也就是十进制的31.

2.修改ACL

  修改节点   /t10 节点的acl访问方式采用digest:user:111222

  1. package zookeper;
  2.  
  3. import java.io.IOException;
  4. import java.util.ArrayList;
  5. import java.util.List;
  6. import java.util.concurrent.CountDownLatch;
  7.  
  8. import org.apache.zookeeper.CreateMode;
  9. import org.apache.zookeeper.KeeperException;
  10. import org.apache.zookeeper.WatchedEvent;
  11. import org.apache.zookeeper.Watcher;
  12. import org.apache.zookeeper.Watcher.Event.KeeperState;
  13. import org.apache.zookeeper.ZooDefs;
  14. import org.apache.zookeeper.ZooDefs.Perms;
  15. import org.apache.zookeeper.ZooKeeper;
  16. import org.apache.zookeeper.data.ACL;
  17. import org.apache.zookeeper.data.Id;
  18. import org.apache.zookeeper.data.Stat;
  19.  
  20. public class BaseAPI {
  21. private static ZooKeeper zoo;
  22. final static CountDownLatch connectedSignal = new CountDownLatch(1);
  23.  
  24. public static ZooKeeper connect(String host) throws IOException, InterruptedException {
  25. zoo = new ZooKeeper(host, 5000, new Watcher() {
  26. public void process(WatchedEvent event) {
  27. if (event.getState() == KeeperState.SyncConnected) {
  28. connectedSignal.countDown();
  29. }
  30. }
  31. });
  32.  
  33. connectedSignal.await();
  34. return zoo;
  35. }
  36.  
  37. public void close() throws InterruptedException {
  38. zoo.close();
  39. }
  40.  
  41. public static void create(String path, byte[] data) throws KeeperException, InterruptedException {
  42. zoo.create(path, data, ZooDefs.Ids.OPEN_ACL_UNSAFE, CreateMode.PERSISTENT);
  43. }
  44.  
  45. public static void main(String[] args) throws IOException, InterruptedException, KeeperException {
  46. final String path = "/t10";
  47. final ZooKeeper connect = connect("127.0.0.1:2181,127.0.0.1:2182,127.0.0.1:2183");
  48.  
  49. // 创建ACL
  50. ACL acl = new ACL();
  51. // 创建Id,也可以设置构造方法传入scheme和id
  52. Id id = new Id("digest", "user:6DY5WhzOfGsWQ1XFuIyzxkpwdPo=");
  53. acl.setId(id);
  54. acl.setPerms(Perms.ALL);
  55.  
  56. List<ACL> acls = new ArrayList<>();
  57. acls.add(acl);
  58.  
  59. // 修改ACL
  60. Stat setACL = connect.setACL(path, acls, connect.exists(path, false).getAversion());
  61.  
  62. // 获取Acl
  63. System.out.println(connect.getACL(path, setACL));
  64. }
  65. }

结果:

[31,s{'digest,'user:6DY5WhzOfGsWQ1XFuIyzxkpwdPo=}
]

zkCli客户端进行验证:

  1. [zk: localhost:(CONNECTED) ] getAcl /t10
  2. 'digest,'user:6DY5WhzOfGsWQ1XFuIyzxkpwdPo=
  3. : cdrwa

3.访问上面的节点会报错没权限

  1. package zookeper;
  2.  
  3. import java.io.IOException;
  4. import java.util.ArrayList;
  5. import java.util.List;
  6. import java.util.concurrent.CountDownLatch;
  7.  
  8. import org.apache.zookeeper.CreateMode;
  9. import org.apache.zookeeper.KeeperException;
  10. import org.apache.zookeeper.WatchedEvent;
  11. import org.apache.zookeeper.Watcher;
  12. import org.apache.zookeeper.Watcher.Event.KeeperState;
  13. import org.apache.zookeeper.ZooDefs;
  14. import org.apache.zookeeper.ZooDefs.Perms;
  15. import org.apache.zookeeper.ZooKeeper;
  16. import org.apache.zookeeper.data.ACL;
  17. import org.apache.zookeeper.data.Id;
  18. import org.apache.zookeeper.data.Stat;
  19.  
  20. public class BaseAPI {
  21. private static ZooKeeper zoo;
  22. final static CountDownLatch connectedSignal = new CountDownLatch(1);
  23.  
  24. public static ZooKeeper connect(String host) throws IOException, InterruptedException {
  25. zoo = new ZooKeeper(host, 5000, new Watcher() {
  26. public void process(WatchedEvent event) {
  27. if (event.getState() == KeeperState.SyncConnected) {
  28. connectedSignal.countDown();
  29. }
  30. }
  31. });
  32.  
  33. connectedSignal.await();
  34. return zoo;
  35. }
  36.  
  37. public void close() throws InterruptedException {
  38. zoo.close();
  39. }
  40.  
  41. public static void create(String path, byte[] data) throws KeeperException, InterruptedException {
  42. zoo.create(path, data, ZooDefs.Ids.OPEN_ACL_UNSAFE, CreateMode.PERSISTENT);
  43. }
  44.  
  45. public static void main(String[] args) throws IOException, InterruptedException, KeeperException {
  46. final String path = "/t10";
  47. final ZooKeeper connect = connect("127.0.0.1:2181,127.0.0.1:2182,127.0.0.1:2183");
  48. byte[] data = connect.getData(path, false, null);
  49. System.out.println(new String(data, "UTF-8"));
  50. }
  51. }

结果:

log4j:WARN No appenders could be found for logger (org.apache.zookeeper.ZooKeeper).
log4j:WARN Please initialize the log4j system properly.
log4j:WARN See http://logging.apache.org/log4j/1.2/faq.html#noconfig for more info.
Exception in thread "main" org.apache.zookeeper.KeeperException$NoAuthException: KeeperErrorCode = NoAuth for /t10
at org.apache.zookeeper.KeeperException.create(KeeperException.java:113)
at org.apache.zookeeper.KeeperException.create(KeeperException.java:51)
at org.apache.zookeeper.ZooKeeper.getData(ZooKeeper.java:1212)
at org.apache.zookeeper.ZooKeeper.getData(ZooKeeper.java:1241)
at zookeper.BaseAPI.main(BaseAPI.java:42)

4.    解决办法:连接的connection增加用户信息

  1. package zookeper;
  2.  
  3. import java.io.IOException;
  4. import java.util.concurrent.CountDownLatch;
  5.  
  6. import org.apache.zookeeper.CreateMode;
  7. import org.apache.zookeeper.KeeperException;
  8. import org.apache.zookeeper.WatchedEvent;
  9. import org.apache.zookeeper.Watcher;
  10. import org.apache.zookeeper.Watcher.Event.KeeperState;
  11. import org.apache.zookeeper.ZooDefs;
  12. import org.apache.zookeeper.ZooKeeper;
  13.  
  14. public class BaseAPI {
  15. private static ZooKeeper zoo;
  16. final static CountDownLatch connectedSignal = new CountDownLatch(1);
  17.  
  18. public static ZooKeeper connect(String host) throws IOException, InterruptedException {
  19. zoo = new ZooKeeper(host, 5000, new Watcher() {
  20. public void process(WatchedEvent event) {
  21. if (event.getState() == KeeperState.SyncConnected) {
  22. connectedSignal.countDown();
  23. }
  24. }
  25. });
  26.  
  27. connectedSignal.await();
  28. return zoo;
  29. }
  30.  
  31. public void close() throws InterruptedException {
  32. zoo.close();
  33. }
  34.  
  35. public static void create(String path, byte[] data) throws KeeperException, InterruptedException {
  36. zoo.create(path, data, ZooDefs.Ids.OPEN_ACL_UNSAFE, CreateMode.PERSISTENT);
  37. }
  38.  
  39. public static void main(String[] args) throws IOException, InterruptedException, KeeperException {
  40. final String path = "/t10";
  41. final ZooKeeper connect = connect("127.0.0.1:2181,127.0.0.1:2182,127.0.0.1:2183");
  42.  
  43. // 会话添加用户和密码信息
  44. connect.addAuthInfo("digest", "user:123456".getBytes());
  45.  
  46. byte[] data = connect.getData(path, false, null);
  47. System.out.println(new String(data, "UTF-8"));
  48. }
  49. }

结果:

10

zookeeper的ACL权限控制的更多相关文章

  1. ZooKeeper设置ACL权限控制

    ZK的节点有5种操作权限:CREATE.READ.WRITE.DELETE.ADMIN 也就是 增.删.改.查.管理权限,这5种权限简写为crwda(即:每个单词的首字符缩写)注:这5种权限中,del ...

  2. 1.ZooKeeper ACL权限控制

    参考:https://blog.csdn.net/liuxiao723846/article/details/79391650 ZK 类似文件系统,Client 可以在上面创建节点.更新节点.删除节点 ...

  3. Linux系统——ACL权限控制及特殊权限

    ACL权限控制 ACL(access control list),可以提供除属主.属组.其他人的rwx权限之外的细节权限设定 ACL的权限控制 (1)User 使用者 (2)Group 群组 (3)M ...

  4. phalcon: 目录分组后的acl权限控制

    phalcon: 目录分组后的acl权限控制 楼主在做acl权限的时候,发现官方的acl只能针对未分组的目录,如下: app/ ___|./controller ___|./logic ___|./p ...

  5. ZooKeeper学习之路(五)—— ACL权限控制

    一.前言 为了避免存储在Zookeeper上的数据被其他程序或者人为误修改,Zookeeper提供了ACL(Access Control Lists)进行权限控制.只有拥有对应权限的用户才可以对节点进 ...

  6. ZooKeeper系列(五)—— ACL 权限控制

    一.前言 为了避免存储在 Zookeeper 上的数据被其他程序或者人为误修改,Zookeeper 提供了 ACL(Access Control Lists) 进行权限控制.只有拥有对应权限的用户才可 ...

  7. 面试题解析|ACL权限控制机制

    ACL(Access Control List)访问控制列表 包括三个方面: 一.权限模式(Scheme) 1.IP:从 IP 地址粒度进行权限控制 2.Digest:最常用,用类似于 usernam ...

  8. ZooKeeper的ACL权限

    ACL控制权限 什么是ACL(Access Control List访问控制列表) 针对节点可以设置相关读写等权限, 目的为了保障数据安全性 权限permission可以指定不同的权限范围以及角色 A ...

  9. ACL 权限控制机制 ?

    UGO(User/Group/Others) 目前在 Linux/Unix 文件系统中使用,也是使用最广泛的权限控制方式.是一种粗 粒度的文件系统权限控制模式. ACL(Access Control ...

随机推荐

  1. (count 或直接枚举) 统计字符 hdu1860

    统计字符(很水) 链接:http://acm.hdu.edu.cn/showproblem.php?pid=1860 Time Limit: 1000/1000 MS (Java/Others)    ...

  2. 3.django学习

    ##另外一种url配置方法 首先要导入include 要包含blog目录下的urls.py(新建)的文件 从views连接到index

  3. layui基础总结

    1.layui结构 ├─css //css目录      │  │─modules //模块css目录(一般如果模块相对较大,我们会单独提取,比如下面三个:)      │  │  ├─laydate ...

  4. LightGBM 调参方法(具体操作)

     sklearn实战-乳腺癌细胞数据挖掘(博主亲自录制视频) https://study.163.com/course/introduction.htm?courseId=1005269003& ...

  5. 《Apache Kafka实战》读书笔记-调优Kafka集群

    <Apache Kafka实战>读书笔记-调优Kafka集群 作者:尹正杰 版权声明:原创作品,谢绝转载!否则将追究法律责任. 一.确定调优目标 1>.常见的非功能性要求 一.性能( ...

  6. SpringBoot笔记十五:任务

    目录 异步任务 定时任务 异步任务 注解:@Async,@EnableAsync 我新建一个Service,就叫AsyncService package com.example.service; im ...

  7. MyBatis-SqlSessionFactory的创建

    Main 方法,mybatis 版本为 3.5.0 解析配置文件的所有信息,保存在 Configuration 中,返回包含 Configuration 的 DefaultSqlSession Map ...

  8. Hadoop记录-hive操作示范

  9. Sqlserver中的视图

    一.视图的基本知识 什么是视图:视图是从一个或多个表导出的虚拟的表,具有普通表的结构,物理上是不存在的.视图是动态的数据的集合,数据是随着基表的更新而更新. 视图的优点: ①在多表查询时,查询方便. ...

  10. 解决pycharm启动慢

    xms -xmx相关参数设置 打开pycharm的安装目录 D:\PyCharm\PyCharm 2018.2.3\bin下文件pycharm.exe.vmoptions修改默认(版本2016.2)的 ...