hadoop-zookeeper-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Patrick Hunt <ph...@apache.org>
Subject Re: ACL question w/ Zookeeper 3.1.1
Date Fri, 18 Sep 2009 18:19:09 GMT
Todd, there were other responses as well. Are you seeing other traffic 
from the lists? (perhaps a spam filtering issue?)

Patrick

Mahadev Konar wrote:
> HI todd,
>   We did respond on zookeeper-user. Here is my response in case you didn't
> see it... 
> 
> 
> HI todd,
>  From what I understand, you are sayin that a creator_all_acl does not work
> with auth?
> 
>  I tried the following with CREATOR_ALL_ACL and it seemed to work for me...
> 
> import org.apache.zookeeper.CreateMode;
> import org.apache.zookeeper.WatchedEvent;
> import org.apache.zookeeper.Watcher;
> import org.apache.zookeeper.ZooKeeper;
> import org.apache.zookeeper.data.ACL;
> import org.apache.zookeeper.ZooDefs.Ids;
> import java.util.ArrayList;
> import java.util.List;
> 
> public class TestACl implements Watcher {
> 
>     public static void main(String[] argv) throws Exception {
>         List<ACL> acls = new ArrayList<ACL>(1);
>         String authentication_type = "digest";
>         String authentication = "mahadev:some";
> 
>         for (ACL ids_acl : Ids.CREATOR_ALL_ACL) {
>             acls.add(ids_acl);
>         }
>         TestACl tacl = new TestACl();
>         ZooKeeper zoo = new ZooKeeper("localhost:2181", 3000, tacl);
>         zoo.addAuthInfo(authentication_type, authentication.getBytes());
>         zoo.create("/some", new byte[0], acls, CreateMode.PERSISTENT);
>         zoo.setData("/some", new byte[0], -1);
>     }
> 
>     @Override
>     public void process(WatchedEvent event) {
> 
> 
>     }
> }
> 
> 
> And it worked on my set of zookeeper servers....
> 
> And then 
> I tried 
> 
> Without auth 
> 
> Getdata("/some") 
> 
> Which correctly gave me the error:
> 
> 
> Exception in thread "main"
> org.apache.zookeeper.KeeperException$NoAuthException: KeeperErrorCode =
> NoAuth for /some
>     at org.apache.zookeeper.KeeperException.create(KeeperException.java:104)
>     at org.apache.zookeeper.KeeperException.create(KeeperException.java:42)
>     at org.apache.zookeeper.ZooKeeper.getData(ZooKeeper.java:892)
>     at org.apache.zookeeper.ZooKeeper.getData(ZooKeeper.java:921)
>     at 
> org.apache.zookeeper.ZooKeeperMain.processZKCmd(ZooKeeperMain.java:692)
>     at org.apache.zookeeper.ZooKeeperMain.processCmd(ZooKeeperMain.java:579)
>     at 
> org.apache.zookeeper.ZooKeeperMain.executeLine(ZooKeeperMain.java:351)
>     at org.apache.zookeeper.ZooKeeperMain.run(ZooKeeperMain.java:309)
>     at org.apache.zookeeper.ZooKeeperMain.main(ZooKeeperMain.java:268)
> 
> 
> Is this what you are trying to do?
> 
> Thanks
> mahadev
> 
> 
> On 9/18/09 10:33 AM, "Todd Greenwood" <toddg@audiencescience.com> wrote:
> 
>> Appologies for cross posting, but I haven't received a response on this.
>> Quite simply, could someone point me to a working example/tutorial/docs
>> that describe how to use digest ACLs in zookeeper 3.1.1? The docs that I
>> have found (referenced below) have not clarified this for me.
>>
>> -Todd
>>
>>> -----Original Message-----
>>> From: Todd Greenwood
>>> Sent: Thursday, September 17, 2009 5:05 PM
>>> To: 'zookeeper-user@hadoop.apache.org'
>>> Subject: ACL question w/ Zookeeper 3.1.1
>>>
>>> I'm attempting to secure a zookeeper installation using zookeeper
>> ACLs.
>>> However, I'm finding that while Ids.OPEN_ACL_UNSAFE works great, my
>>> attempts at using Ids.CREATOR_ALL_ACL are failing. Here's a code
>> snippet:
>>>
>>> public class ZooWrapper
>>> {
>>>
>>> /*
>>> 1. Here I'm setting up my authentication. I've got an ACL list, and my
>>> authentication strings.
>>> */
>>>     private final List<ACL> acl = new ArrayList<ACL>( 1 );
>>>     private static final String authentication_type = "digest";
>>>     private static final String authentication =
>> "audiencescience:gravy";
>>>
>>>     public ZooWrapper( final String connection_string,
>>>                        final String path,
>>>                        final int connectiontimeout ) throws
>>> ZooWrapperException
>>>     {
>>> ...
>>> /*
>>> 2. Here I'm adding the acls
>>> */
>>>
>>>         // This works (creates nodes, sets data on nodes)
>>>         for ( ACL ids_acl : Ids.OPEN_ACL_UNSAFE )
>>>         {
>>>             acl.add( ids_acl);
>>>         }
>>>
>>> /*
>>> NOTE:  This does not work (nodes are not created, cannot set data on
>> nodes
>>> b/c nodes do not exist)
>>> */
>>>
>>> //        for ( ACL ids_acl : Ids.CREATOR_ALL_ACL )
>>> //        {
>>> //            acl.add( ids_acl );
>>> //        }
>>>
>>> /*
>>> 3. Finally, I create a new zookeeper instance and add my authorization
>>> info to it.
>>> */
>>>      zoo = new ZooKeeper( connection_string, connectiontimeout, this
>> );
>>>      zoo.addAuthInfo( authentication_type, authentication.getBytes() )
>>>
>>> /*
>>> 4. Later, I try to write some data into zookeeper by first creating
>> the
>>> node, and then calling setdata...
>>> */
>>>       zoo.create( path, new byte[0], acl, CreateMode.PERSISTENT );
>>>       zoo.setData( path, bytes, -1 )
>>>
>>> As I mentioned above, when I add Ids.OPEN_ACL_UNSAFE to acl, then both
>> the
>>> create and setData succeed. However, when I use Ids.CREATOR_ALL_ACL,
>> then
>>> the nodes are not created. Am I missing something obvious w/ respect
>> to
>>> configuring ACLs?
>>>
>>> I've used the following references:
>>>
>>>
>> http://hadoop.apache.org/zookeeper/docs/r3.1.1/zookeeperProgrammers.html
>>> http://mail-archives.apache.org/mod_mbox/hadoop-zookeeper-
>>> commits/200807.mbox/%3C20080731201025.C62092388873@eris.apache.org%3E
>>>
>>> http://books.google.com/books?id=bKPEwR-
>>>
>> Pt6EC&pg=PT404&lpg=PT404&dq=zookeeper+ACL+digest+%22new+Id%22&source=bl&
>> ot
>> s=kObz0y8eFk&sig=VFCAsNW0mBJyZswoweJDI31iNlo&hl=en&ei=Z82ySojRFsqRlAeqxs
>> yI
>> Dw&sa=X&oi=book_result&ct=result&resnum=6#v=onepage&q=zookeeper%20ACL%20
>> di
>>> gest%20%22new%20Id%22&f=false
>>>
>>> -Todd
> 

Mime
View raw message