zookeeper-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Olivier Mallassi <olivier.malla...@gmail.com>
Subject ACL mysteries
Date Thu, 27 Feb 2014 16:35:49 GMT
Hi all,

I am currently trying to understand how ACL works..

I am trying to run the following case (this is just an extract from my
client)

authentSession = new ZooKeeper(host, 100000, watcher);
authentSession.addAuthInfo("digest", "user:technique".getBytes());
String path = "/purClient_" + uid;
authentSession.create(path, "ValueOfNode".getBytes(), getACLs(),
CreateMode.PERSISTENT);
System.out.println("**********************************************************************************");
System.out.println("[authentSession] CREATE NODE " + path + " with " +
getACLs());
System.out.println("**********************************************************************************");
Thread.currentThread().sleep(3000);
Stat stat1 = new Stat();
authentSession.addAuthInfo("digest", "user:technique".getBytes());
byte[] data1 = authentSession.getData(path, watcher, stat1);
System.out.println("**********************************************************************************");
System.out.println("[anonymSession] READ NODE " + path + " - " + new
String(data1));
System.out.println("**********************************************************************************");
...

the method getACLs() is
private static List<ACL> getACLs() {
Id id = new Id("digest", "user:technique");
List<ACL> aclLst = new ArrayList<ACL>();
aclLst.add(new ACL(Perms.READ, id));
                //aclLst.add(new ACL(Perms.ALL, id));

// everybody has read access
// aclLst.add(new ACL(Perms.READ, Ids.ANYONE_ID_UNSAFE));

return aclLst;
}

1/ So, if I understood well, the node created by authentSession cannot be
accessed except by the user [user:technique]
right?

2/ when I run it
2.1 here is what I got from the client side :

=2014-02-27 17:15:19,535 - DEBUG
[main-SendThread(host-2.local:2181):ClientCnxn$SendThread@815][] - Reading
reply sessionid:0x44473f695450006, packet:: clientPath:null serverPath:null
finished:false header:: 1,1  replyHeader:: 1,163208757305,0  request::
'/purClient_70d334b0-69e2-48cd-a293-7a2ecbb700f5,#56616c75654f664e6f6465,v{s{1,s{'digest,'user:technique}}},0
 response:: '/purClient_70d334b0-69e2-48cd-a293-7a2ecbb700f5
**********************************************************************************
[authentSession] CREATE NODE
/purClient_70d334b0-69e2-48cd-a293-7a2ecbb700f5 with
[1,s{'digest,'user:technique}
]
**********************************************************************************
=2014-02-27 17:15:22,557 - DEBUG
[main-SendThread(host-2.local:2181):ClientCnxn$SendThread@730][] - Got auth
sessionid:0x44473f695450006
=2014-02-27 17:15:22,566 - DEBUG
[main-SendThread(host-2.local:2181):ClientCnxn$SendThread@815][] - Reading
reply sessionid:0x44473f695450006, packet:: clientPath:null serverPath:null
finished:false header:: 2,4  replyHeader:: 2,163208757305,-102  request::
'/purClient_70d334b0-69e2-48cd-a293-7a2ecbb700f5,T  response::
org.apache.zookeeper.KeeperException$NoAuthException: KeeperErrorCode =
NoAuth for /purClient_70d334b0-69e2-48cd-a293-7a2ecbb700f5
        at
org.apache.zookeeper.KeeperException.create(KeeperException.java:113)
        at
org.apache.zookeeper.KeeperException.create(KeeperException.java:51)
        at org.apache.zookeeper.ZooKeeper.getData(ZooKeeper.java:1151)
        at murex.middleware.zookeeper.acl.AclTests.main(AclTests.java:48)

so the node is well created but I cannot execute getData() on it (using the
same ZookeeperClient instance)


2.2 here is what I got from the zookeeper server log (I zoom on the
getData() call - identified by the time 17:18:28)

2014-02-27 17:18:25,549 [myid:4] - DEBUG
[CommitProcessor:4:FinalRequestProcessor@160] - sessionid:0x44473f695450007
type:create cxid:0x1 zxid:0x260000003c txntype:1
reqpath:/purClient_5c65f927-f47a-4c57-a58b-e5c6aebd2502
2014-02-27 17:18:28,581 [myid:4] - INFO  [NIOServerCxn.Factory:
0.0.0.0/0.0.0.0:2181:ZooKeeperServer@863] - got auth packet /
192.168.56.102:54421
2014-02-27 17:18:28,584 [myid:4] - DEBUG [NIOServerCxn.Factory:
0.0.0.0/0.0.0.0:2181:ZooKeeperServer@894] - Authentication succeeded for
scheme: digest
2014-02-27 17:18:28,585 [myid:4] - INFO  [NIOServerCxn.Factory:
0.0.0.0/0.0.0.0:2181:ZooKeeperServer@897] - auth success /
192.168.56.102:54421
2014-02-27 17:18:28,594 [myid:4] - TRACE
[FollowerRequestProcessor:4:ZooTrace@90] - :Fsessionid:0x44473f695450007
type:getData cxid:0x2 zxid:0xfffffffffffffffe txntype:unknown
reqpath:/purClient_5c65f927-f47a-4c57-a58b-e5c6aebd2502
2014-02-27 17:18:28,594 [myid:4] - DEBUG
[FollowerRequestProcessor:4:CommitProcessor@171] - Processing request::
sessionid:0x44473f695450007 type:getData cxid:0x2 zxid:0xfffffffffffffffe
txntype:unknown reqpath:/purClient_5c65f927-f47a-4c57-a58b-e5c6aebd2502
2014-02-27 17:18:28,594 [myid:4] - DEBUG
[CommitProcessor:4:FinalRequestProcessor@88] - Processing request::
sessionid:0x44473f695450007 type:getData cxid:0x2 zxid:0xfffffffffffffffe
txntype:unknown reqpath:/purClient_5c65f927-f47a-4c57-a58b-e5c6aebd2502
2014-02-27 17:18:28,595 [myid:4] - TRACE [CommitProcessor:4:ZooTrace@90] -
:Esessionid:0x44473f695450007 type:getData cxid:0x2 zxid:0xfffffffffffffffe
txntype:unknown reqpath:/purClient_5c65f927-f47a-4c57-a58b-e5c6aebd2502
2014-02-27 17:18:28,595 [myid:4] - DEBUG
[CommitProcessor:4:FinalRequestProcessor@160] - sessionid:0x44473f695450007
type:getData cxid:0x2 zxid:0xfffffffffffffffe txntype:unknown
reqpath:/purClient_5c65f927-f47a-4c57-a58b-e5c6aebd2502
2014-02-27 17:18:28,653 [myid:4] - TRACE
[FollowerRequestProcessor:4:ZooTrace@90] - :Fsessionid:0x44473f695450007
type:closeSession cxid:0x3 zxid:0xfffffffffffffffe txntype:unknown
reqpath:n/a
2014-02-27 17:18:28,653 [myid:4] - DEBUG
[FollowerRequestProcessor:4:CommitProcessor@171] - Processing request::
sessionid:0x44473f695450007 type:closeSession cxid:0x3
zxid:0xfffffffffffffffe txntype:unknown reqpath:n/a
2014-02-27 17:18:28,658 [myid:4] - DEBUG
[QuorumPeer[myid=4]/0:0:0:0:0:0:0:0:2181:CommitProcessor@161] - Committing
request:: sessionid:0x44473f695450007 type:closeSession cxid:0x3
zxid:0x260000003d txntype:-11 reqpath:n/a
2014-02-27 17:18:28,658 [myid:4] - DEBUG
[CommitProcessor:4:FinalRequestProcessor@88] - Processing request::
sessionid:0x44473f695450007 type:closeSession cxid:0x3 zxid:0x260000003d
txntype:-11 reqpath:n/a
2014-02-27 17:18:28,658 [myid:4] - TRACE [CommitProcessor:4:ZooTrace@90] -
:Esessionid:0x44473f695450007 type:closeSession cxid:0x3 zxid:0x260000003d
txntype:-11 reqpath:n/a
2014-02-27 17:18:28,658 [myid:4] - DEBUG
[CommitProcessor:4:FinalRequestProcessor@160] - sessionid:0x44473f695450007
type:closeSession cxid:0x3 zxid:0x260000003d txntype:-11 reqpath:n/a
2014-02-27 17:18:28,658 [myid:4] - TRACE
[CommitProcessor:4:NIOServerCnxn@170] - Add a buffer to outgoingBuffers, sk
sun.nio.ch.SelectionKeyImpl@1cde83a is valid: true
2014-02-27 17:18:28,659 [myid:4] - INFO  [NIOServerCxn.Factory:
0.0.0.0/0.0.0.0:2181:NIOServerCnxn@1001] - Closed socket connection for
client

So from a server perspective, the getData() request is ok....

Any ideas / comments are welcomed.

Regards.

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message