hadoop-zookeeper-dev mailing list archives

Site index · List index

Message view	« Date » · « Thread »
Top	« Date » · « Thread »
From	Mahadev Konar <maha...@yahoo-inc.com>
Subject	Re: ACL question w/ Zookeeper 3.1.1
Date	Fri, 18 Sep 2009 17:39:18 GMT
HI todd, We did respond on zookeeper-user. Here is my response in case you didn't see it... HI todd, From what I understand, you are sayin that a creator_all_acl does not work with auth? I tried the following with CREATOR_ALL_ACL and it seemed to work for me... import org.apache.zookeeper.CreateMode; import org.apache.zookeeper.WatchedEvent; import org.apache.zookeeper.Watcher; import org.apache.zookeeper.ZooKeeper; import org.apache.zookeeper.data.ACL; import org.apache.zookeeper.ZooDefs.Ids; import java.util.ArrayList; import java.util.List; public class TestACl implements Watcher { public static void main(String[] argv) throws Exception { List<ACL> acls = new ArrayList<ACL>(1); String authentication_type = "digest"; String authentication = "mahadev:some"; for (ACL ids_acl : Ids.CREATOR_ALL_ACL) { acls.add(ids_acl); } TestACl tacl = new TestACl(); ZooKeeper zoo = new ZooKeeper("localhost:2181", 3000, tacl); zoo.addAuthInfo(authentication_type, authentication.getBytes()); zoo.create("/some", new byte[0], acls, CreateMode.PERSISTENT); zoo.setData("/some", new byte[0], -1); } @Override public void process(WatchedEvent event) { } } And it worked on my set of zookeeper servers.... And then I tried Without auth Getdata("/some") Which correctly gave me the error: Exception in thread "main" org.apache.zookeeper.KeeperException$NoAuthException: KeeperErrorCode = NoAuth for /some at org.apache.zookeeper.KeeperException.create(KeeperException.java:104) at org.apache.zookeeper.KeeperException.create(KeeperException.java:42) at org.apache.zookeeper.ZooKeeper.getData(ZooKeeper.java:892) at org.apache.zookeeper.ZooKeeper.getData(ZooKeeper.java:921) at org.apache.zookeeper.ZooKeeperMain.processZKCmd(ZooKeeperMain.java:692) at org.apache.zookeeper.ZooKeeperMain.processCmd(ZooKeeperMain.java:579) at org.apache.zookeeper.ZooKeeperMain.executeLine(ZooKeeperMain.java:351) at org.apache.zookeeper.ZooKeeperMain.run(ZooKeeperMain.java:309) at org.apache.zookeeper.ZooKeeperMain.main(ZooKeeperMain.java:268) Is this what you are trying to do? Thanks mahadev On 9/18/09 10:33 AM, "Todd Greenwood" <toddg@audiencescience.com> wrote: > Appologies for cross posting, but I haven't received a response on this. > Quite simply, could someone point me to a working example/tutorial/docs > that describe how to use digest ACLs in zookeeper 3.1.1? The docs that I > have found (referenced below) have not clarified this for me. > > -Todd > >> -----Original Message----- >> From: Todd Greenwood >> Sent: Thursday, September 17, 2009 5:05 PM >> To: 'zookeeper-user@hadoop.apache.org' >> Subject: ACL question w/ Zookeeper 3.1.1 >> >> I'm attempting to secure a zookeeper installation using zookeeper > ACLs. >> However, I'm finding that while Ids.OPEN_ACL_UNSAFE works great, my >> attempts at using Ids.CREATOR_ALL_ACL are failing. Here's a code > snippet: >> >> >> public class ZooWrapper >> { >> >> /* >> 1. Here I'm setting up my authentication. I've got an ACL list, and my >> authentication strings. >> / >> private final List<ACL> acl = new ArrayList<ACL>( 1 ); >> private static final String authentication_type = "digest"; >> private static final String authentication = > "audiencescience:gravy"; >> >> >> public ZooWrapper( final String connection_string, >> final String path, >> final int connectiontimeout ) throws >> ZooWrapperException >> { >> ... >> / >> 2. Here I'm adding the acls >> / >> >> // This works (creates nodes, sets data on nodes) >> for ( ACL ids_acl : Ids.OPEN_ACL_UNSAFE ) >> { >> acl.add( ids_acl); >> } >> >> / >> NOTE: This does not work (nodes are not created, cannot set data on > nodes >> b/c nodes do not exist) >> / >> >> // for ( ACL ids_acl : Ids.CREATOR_ALL_ACL ) >> // { >> // acl.add( ids_acl ); >> // } >> >> / >> 3. Finally, I create a new zookeeper instance and add my authorization >> info to it. >> / >> zoo = new ZooKeeper( connection_string, connectiontimeout, this > ); >> zoo.addAuthInfo( authentication_type, authentication.getBytes() ) >> >> / >> 4. Later, I try to write some data into zookeeper by first creating > the >> node, and then calling setdata... >> */ >> zoo.create( path, new byte[0], acl, CreateMode.PERSISTENT ); >> zoo.setData( path, bytes, -1 ) >> >> As I mentioned above, when I add Ids.OPEN_ACL_UNSAFE to acl, then both > the >> create and setData succeed. However, when I use Ids.CREATOR_ALL_ACL, > then >> the nodes are not created. Am I missing something obvious w/ respect > to >> configuring ACLs? >> >> I've used the following references: >> >> > http://hadoop.apache.org/zookeeper/docs/r3.1.1/zookeeperProgrammers.html >> >> http://mail-archives.apache.org/mod_mbox/hadoop-zookeeper- >> commits/200807.mbox/%3C20080731201025.C62092388873@eris.apache.org%3E >> >> http://books.google.com/books?id=bKPEwR- >> > Pt6EC&pg=PT404&lpg=PT404&dq=zookeeper+ACL+digest+%22new+Id%22&source=bl& > ot >> > s=kObz0y8eFk&sig=VFCAsNW0mBJyZswoweJDI31iNlo&hl=en&ei=Z82ySojRFsqRlAeqxs > yI >> > Dw&sa=X&oi=book_result&ct=result&resnum=6#v=onepage&q=zookeeper%20ACL%20 > di >> gest%20%22new%20Id%22&f=false >> >> -Todd
Mime	Unnamed text/plain (inline, 7-Bit, 5462 bytes)
	View raw message