Using ACL with Curator
Using CuratorFramework, could someone explain how I can:
- Create a new path
- Set data for this path
- Get this path
Using username
-
It wasn't part of the original question, but I thought I would share a solution I came up with in which the credentials used determine the access level.
I didn't have much luck finding any examples and kept ending up on this page so maybe it will help someone else. I dug through the source code of Curator Framework and luckily the org.apache.curator.framework.recipes.leader.TestLeaderAcls class was there to point me in the right direction.
So in this example:
- One generic client used across multiple apps which only needs to read data from ZK.
- Another admin client has the ability to read, delete, and update nodes in ZK.
- Read-only or admin access is determined by the credentials used.
FULL-CONTROL ADMIN CLIENT
import java.security.NoSuchAlgorithmException; import java.util.ArrayList; import java.util.List; import org.apache.curator.RetryPolicy; import org.apache.curator.framework.CuratorFramework; import org.apache.curator.framework.CuratorFrameworkFactory; import org.apache.curator.framework.api.ACLProvider; import org.apache.curator.retry.ExponentialBackoffRetry; import org.apache.zookeeper.ZooDefs; import org.apache.zookeeper.data.ACL; import org.apache.zookeeper.data.Id; import org.apache.zookeeper.server.auth.DigestAuthenticationProvider; public class AdminClient { protected static CuratorFramework client = null; public void initializeClient() throws NoSuchAlgorithmException { String zkConnectString = "127.0.0.1:2181"; RetryPolicy retryPolicy = new ExponentialBackoffRetry(1000, 3); final Listacls = new ArrayList<>(); //full-control ACL String zkUsername = "adminuser"; String zkPassword = "adminpass"; String fullControlAuth = zkUsername + ":" + zkPassword; String fullControlDigest = DigestAuthenticationProvider.generateDigest(fullControlAuth); ACL fullControlAcl = new ACL(ZooDefs.Perms.ALL, new Id("digest", fullControlDigest)); acls.add(fullControlAcl); //read-only ACL String zkReadOnlyUsername = "readuser"; String zkReadOnlyPassword = "readpass"; String readOnlyAuth = zkReadOnlyUsername + ":" + zkReadOnlyPassword; String readOnlyDigest = DigestAuthenticationProvider.generateDigest(readOnlyAuth); ACL readOnlyAcl = new ACL(ZooDefs.Perms.READ, new Id("digest", readOnlyDigest)); acls.add(readOnlyAcl); //create the client with full-control access client = CuratorFrameworkFactory.builder() .connectString(zkConnectString) .retryPolicy(retryPolicy) .authorization("digest", fullControlAuth.getBytes()) .aclProvider(new ACLProvider() { @Override public List getDefaultAcl() { return acls; } @Override public List getAclForPath(String string) { return acls; } }) .build(); client.start(); //Now create, read, delete ZK nodes } } READ-ONLY CLIENT
import java.security.NoSuchAlgorithmException; import org.apache.curator.RetryPolicy; import org.apache.curator.framework.CuratorFramework; import org.apache.curator.framework.CuratorFrameworkFactory; import org.apache.curator.retry.ExponentialBackoffRetry; public class ReadOnlyClient { protected static CuratorFramework client = null; public void initializeClient() throws NoSuchAlgorithmException { String zkConnectString = "127.0.0.1:2181"; RetryPolicy retryPolicy = new ExponentialBackoffRetry(1000, 3); String zkReadOnlyUsername = "readuser"; String zkReadOnlyPassword = "readpass"; String readOnlyAuth = zkReadOnlyUsername + ":" + zkReadOnlyPassword; client = CuratorFrameworkFactory.builder() .connectString(zkConnectString) .retryPolicy(retryPolicy) .authorization("digest", readOnlyAuth.getBytes()) .build(); client.start(); //Now read ZK nodes } }
加载中...
- 热议问题