hadoop-zookeeper-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mahadev Konar <maha...@yahoo-inc.com>
Subject Re: ACL question w/ Zookeeper 3.1.1
Date Fri, 18 Sep 2009 17:39:18 GMT
HI todd,
  We did respond on zookeeper-user. Here is my response in case you didn't
see it... 


HI todd,
 From what I understand, you are sayin that a creator_all_acl does not work
with auth?

 I tried the following with CREATOR_ALL_ACL and it seemed to work for me...

import org.apache.zookeeper.CreateMode;
import org.apache.zookeeper.WatchedEvent;
import org.apache.zookeeper.Watcher;
import org.apache.zookeeper.ZooKeeper;
import org.apache.zookeeper.data.ACL;
import org.apache.zookeeper.ZooDefs.Ids;
import java.util.ArrayList;
import java.util.List;

public class TestACl implements Watcher {

    public static void main(String[] argv) throws Exception {
        List<ACL> acls = new ArrayList<ACL>(1);
        String authentication_type = "digest";
        String authentication = "mahadev:some";

        for (ACL ids_acl : Ids.CREATOR_ALL_ACL) {
            acls.add(ids_acl);
        }
        TestACl tacl = new TestACl();
        ZooKeeper zoo = new ZooKeeper("localhost:2181", 3000, tacl);
        zoo.addAuthInfo(authentication_type, authentication.getBytes());
        zoo.create("/some", new byte[0], acls, CreateMode.PERSISTENT);
        zoo.setData("/some", new byte[0], -1);
    }

    @Override
    public void process(WatchedEvent event) {


    }
}


And it worked on my set of zookeeper servers....

And then 
I tried 

Without auth 

Getdata("/some") 

Which correctly gave me the error:


Exception in thread "main"
org.apache.zookeeper.KeeperException$NoAuthException: KeeperErrorCode =
NoAuth for /some
    at org.apache.zookeeper.KeeperException.create(KeeperException.java:104)
    at org.apache.zookeeper.KeeperException.create(KeeperException.java:42)
    at org.apache.zookeeper.ZooKeeper.getData(ZooKeeper.java:892)
    at org.apache.zookeeper.ZooKeeper.getData(ZooKeeper.java:921)
    at 
org.apache.zookeeper.ZooKeeperMain.processZKCmd(ZooKeeperMain.java:692)
    at org.apache.zookeeper.ZooKeeperMain.processCmd(ZooKeeperMain.java:579)
    at 
org.apache.zookeeper.ZooKeeperMain.executeLine(ZooKeeperMain.java:351)
    at org.apache.zookeeper.ZooKeeperMain.run(ZooKeeperMain.java:309)
    at org.apache.zookeeper.ZooKeeperMain.main(ZooKeeperMain.java:268)


Is this what you are trying to do?

Thanks
mahadev


On 9/18/09 10:33 AM, "Todd Greenwood" <toddg@audiencescience.com> wrote:

> Appologies for cross posting, but I haven't received a response on this.
> Quite simply, could someone point me to a working example/tutorial/docs
> that describe how to use digest ACLs in zookeeper 3.1.1? The docs that I
> have found (referenced below) have not clarified this for me.
> 
> -Todd
> 
>> -----Original Message-----
>> From: Todd Greenwood
>> Sent: Thursday, September 17, 2009 5:05 PM
>> To: 'zookeeper-user@hadoop.apache.org'
>> Subject: ACL question w/ Zookeeper 3.1.1
>> 
>> I'm attempting to secure a zookeeper installation using zookeeper
> ACLs.
>> However, I'm finding that while Ids.OPEN_ACL_UNSAFE works great, my
>> attempts at using Ids.CREATOR_ALL_ACL are failing. Here's a code
> snippet:
>> 
>> 
>> public class ZooWrapper
>> {
>> 
>> /*
>> 1. Here I'm setting up my authentication. I've got an ACL list, and my
>> authentication strings.
>> */
>>     private final List<ACL> acl = new ArrayList<ACL>( 1 );
>>     private static final String authentication_type = "digest";
>>     private static final String authentication =
> "audiencescience:gravy";
>> 
>> 
>>     public ZooWrapper( final String connection_string,
>>                        final String path,
>>                        final int connectiontimeout ) throws
>> ZooWrapperException
>>     {
>> ...
>> /*
>> 2. Here I'm adding the acls
>> */
>> 
>>         // This works (creates nodes, sets data on nodes)
>>         for ( ACL ids_acl : Ids.OPEN_ACL_UNSAFE )
>>         {
>>             acl.add( ids_acl);
>>         }
>> 
>> /*
>> NOTE:  This does not work (nodes are not created, cannot set data on
> nodes
>> b/c nodes do not exist)
>> */
>> 
>> //        for ( ACL ids_acl : Ids.CREATOR_ALL_ACL )
>> //        {
>> //            acl.add( ids_acl );
>> //        }
>> 
>> /*
>> 3. Finally, I create a new zookeeper instance and add my authorization
>> info to it.
>> */
>>      zoo = new ZooKeeper( connection_string, connectiontimeout, this
> );
>>      zoo.addAuthInfo( authentication_type, authentication.getBytes() )
>> 
>> /*
>> 4. Later, I try to write some data into zookeeper by first creating
> the
>> node, and then calling setdata...
>> */
>>       zoo.create( path, new byte[0], acl, CreateMode.PERSISTENT );
>>       zoo.setData( path, bytes, -1 )
>> 
>> As I mentioned above, when I add Ids.OPEN_ACL_UNSAFE to acl, then both
> the
>> create and setData succeed. However, when I use Ids.CREATOR_ALL_ACL,
> then
>> the nodes are not created. Am I missing something obvious w/ respect
> to
>> configuring ACLs?
>> 
>> I've used the following references:
>> 
>> 
> http://hadoop.apache.org/zookeeper/docs/r3.1.1/zookeeperProgrammers.html
>> 
>> http://mail-archives.apache.org/mod_mbox/hadoop-zookeeper-
>> commits/200807.mbox/%3C20080731201025.C62092388873@eris.apache.org%3E
>> 
>> http://books.google.com/books?id=bKPEwR-
>> 
> Pt6EC&pg=PT404&lpg=PT404&dq=zookeeper+ACL+digest+%22new+Id%22&source=bl&
> ot
>> 
> s=kObz0y8eFk&sig=VFCAsNW0mBJyZswoweJDI31iNlo&hl=en&ei=Z82ySojRFsqRlAeqxs
> yI
>> 
> Dw&sa=X&oi=book_result&ct=result&resnum=6#v=onepage&q=zookeeper%20ACL%20
> di
>> gest%20%22new%20Id%22&f=false
>> 
>> -Todd


Mime
View raw message