Database Reference
In-Depth Information
digest
The client is authenticated by a username and password.
sasl
The client is authenticated using Kerberos.
ip
The client is authenticated by its IP address.
Clients may authenticate themselves after establishing a ZooKeeper session. Authentica-
tion is optional, although a znode's ACL may require an authenticated client, in which
case the client must authenticate itself to access the znode. Here is an example of using
the
digest
scheme to authenticate with a username and password:
zk
.
addAuthInfo
(
"digest"
,
"tom:secret"
.
getBytes
());
An ACL is the combination of an authentication scheme, an identity for that scheme, and
a set of permissions. For example, if we wanted to give a client with the IP address
10.0.0.1
read access to a znode, we would set an ACL on the znode with the
ip
scheme, an ID of
10.0.0.1
, and
READ
permission. In Java, we would create the
ACL
object as follows:
new
ACL
(
Perms
.
READ
,
new
Id
(
"ip"
,
"10.0.0.1"
));
governed by an ACL permission, so any client may call
exists
to find the
Stat
for a
znode or to discover that a znode does not in fact exist.
Table 21-4. ACL permissions
ACL permission Permitted operations
create
(a child znode)
CREATE
READ
getChildren
getData
WRITE
setData
delete
(a child znode)
DELETE
ADMIN
setACL
