ACL for zookeeper

What is an ACL

ACLs are called access control List,acl, such as in Linux file systems have ACLs, traditional file systems, ACLs are divided into two dimensions, one is a group, and one is permissions. subdirectories/files inherit the ACL of the parent directory by default. In zookeeper, node's ACL is not inherited and is independently controlled. Zookeeper ACLs can be understood from three dimensions: one is scheme; The second is user; Three is permission. Why zookeeper also have ACLs

Zookeeper as a distributed coordination framework, its internal storage is related to the distributed System Runtime state of the meta-data, especially design to distributed locks, master election and coordination of the application scenarios. We need to effectively protect the data security in zookeeper, zookeeper provide a set of perfect ACL privilege control mechanism to ensure the security of data.
ZK offers three modes. Permission mode, authorization object, permission.
1. Licensing mode: Scheme
-World: It has only one ID, called anyone, World:anyone on behalf of any person, zookeeper in the right to all the nodes are belong to World:anyone
-AUTH: It does not require an ID, as long as it is authentication by the user has permissions (zookeeper support through Kerberos Authencation, also support username/ Password form of authentication)
-Digest: It corresponds to the ID of username:base64 (SHA1 (password)) and it needs to be username:password in authentication form first
-IP: It corresponds to the ID of the client's IP address, set the time can be set up an IP segment, such as IP:192.168.1.0/16, representing the first 16 bits of the IP segment
-Super: In this scheme case, the corresponding ID has super privilege and can do anything (Cdrwa)

Specific code can refer to the content under the Bjsxt.zookeeper.auth package, or to view the relevant content on the Internet, the online is indeed more detailed, Bo master.

Github:https://github.com/zhaikaishun/zookeeper_tutorial