C++中对zookeeper节点进行ACL权限控制资料少,让人误解。
zhandle_t *zk = zookeeper_init("127.0.0.1:5555", NULL, 10000, 0, NULL, 0);
char buffer[512];
char scheme[10]="digest";
char usr_pa[100]="test:V28q/NynI4JI3Rk54h0r8O5kMug=";
struct ACL_vector aclv;
aclv.count=1;
struct ACL acl;
acl.perms = ZOO_PERM_ALL;
acl.id.scheme = scheme;
acl.id.id = usr_pa;
aclv.data = &acl;
zoo_create(zk, "/mynode", "cluster", strlen("cluster"), &aclv, 0, buffer, sizeof(buffer)-1);
zoo_add_auth(zk,"digest","test:test",7,NULL,NULL);
memset(buffer,0,sizeof(buffer));
int buflen= sizeof(buffer);
struct Stat stat;
int rc = zoo_get(zk, "/mynode", 0, buffer, &buflen, &stat);
if (rc) {
fprintf(stderr, "zoo_get Error %d for %d\n", rc, __LINE__);
}
printf("get buffer: %s\n", buffer);
rc = zoo_delete(zk, "/mynode", -1);
if (rc) {
fprintf(stderr, "zoo_delete Error %d for %d\n", rc, __LINE__);
}
sleep(1000000);
其中对于希望使用的用户名、密码分别为user,passwd时: ACL的id中保存的字符串为user:base64encode(sha1(user:passwd)) 其中编码为:单字符8位,字符集为ASCII 在Java中有DigestAuthenticationProvider.java模块插件可以进行此加密: 对应加密函数
static public String generateDigest(String idPassword)
throws NoSuchAlgorithmException {
String parts[] = idPassword.split(":", 2);
byte digest[] = MessageDigest.getInstance("SHA1").digest(
idPassword.getBytes());
return parts[0] + ":" + base64Encode(digest);
}
在zkCli.sh命令行中: 创建节点create -s /test null digest:test:V28q/NynI4JI3Rk54h0r8O5kMug=:rwcda 让zookeeper知道自己的权限addauth digest test:test 获取节点数据get /test
ZooKeeper 的详细介绍:请点这里
ZooKeeper 的下载地址:请点这里
相关阅读:
分布式服务框架 ZooKeeper -- 管理分布式环境中的数据