1、新建用户并授权
CREATE USER 'test'@'%' IDENTIFIED BY 'root';
GRANT SELECT, INSERT, UPDATE, DELETE, SHOW DATABASES ON *.* TO 'test'@'%';
GRANT SELECT, INSERT, UPDATE, REFERENCES, CREATE VIEW, SHOW VIEW, LOCK TABLES ON `db3`.* TO 'test'@'%';
GRANT SELECT, INSERT, UPDATE, REFERENCES, CREATE VIEW, SHOW VIEW, LOCK TABLES ON `db2`.* TO 'test'@'%';
GRANT SELECT, INSERT, UPDATE, REFERENCES, CREATE VIEW, SHOW VIEW, LOCK TABLES ON `db1`.* TO 'test'@'%';
2、修改server.xml配置文件
<firewall>
<whitehost>
<host host="192.168.1.102" user="root"/>
<host host="192.168.1.101" user="root"/>
<host host="127.0.0.1" user="test"/>
<host host="192.168.1.102" user="test"/>
</whitehost>
<blacklist check="true">
</blacklist>
</firewall>
<user name="test">
<property name="password">root</property>
<property name="schemas">TESTDB</property>
<property name="readOnly">true</property>
</user>
<user name="root">
<property name="password">root</property>
<property name="schemas">TESTDB</property>
<!-- 表级 DML 权限设置 -->
<!--
<privileges check="false">
<schema name="TESTDB" dml="0110" >
<table name="tb01" dml="0000"></table>
<table name="tb02" dml="1111"></table>
</schema>
</privileges>
-->
</user>
错误解决方案
3、程序运行流程Debug
前端认证处理器 FrontendAuthenticator类
public void handle(byte[] data) {
// check quit packet
if (data.length == QuitPacket.QUIT.length && data[4] == MySQLPacket.COM_QUIT) {
source.close("quit packet");
return;
}
AuthPacket auth = new AuthPacket();
auth.read(data);
if (!checkUser(auth.user, source.getHost())) {
failure(ErrorCode.ER_ACCESS_DENIED_ERROR, "Access denied for user '" + auth.user + "' with host '" + source.getHost()+ "'");
return;
}
}
protected boolean checkUser(String user, String host) {
return source.getPrivileges().userExists(user, host);
}
MycatPrivileges权限提供者类
@Override
public boolean userExists(String user, String host) {
//检查用户及白名单
return checkFirewallWhiteHostPolicy(user, host);
}
@Override
public boolean checkFirewallWhiteHostPolicy(String user, String host) {
MycatConfig mycatConfig = MycatServer.getInstance().getConfig();
FirewallConfig firewallConfig = mycatConfig.getFirewall();
//防火墙 白名单处理
boolean isPassed = false;
Map<String, List<UserConfig>> whitehost = firewallConfig.getWhitehost();
if (whitehost == null || whitehost.size() == 0) {
Map<String, UserConfig> users = mycatConfig.getUsers();
isPassed = users.containsKey(user);
} else {
List<UserConfig> list = whitehost.get(host);
if (list != null) {
for (UserConfig userConfig : list) {
if (userConfig.getName().equals(user)) {
isPassed = true;
break;
}
}
}
}
if ( !isPassed ) {
ALARM.error(new StringBuilder().append(Alarms.FIREWALL_ATTACK).append("[host=").append(host)
.append(",user=").append(user).append(']').toString());
return false;
}
return true;
}