Return-Path: 
 <user-return-7305-apmail-zookeeper-user-archive=zookeeper.apache.org@zookeeper.apache.org>
X-Original-To: apmail-zookeeper-user-archive@www.apache.org
Delivered-To: apmail-zookeeper-user-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 6EC55108FB
	for <apmail-zookeeper-user-archive@www.apache.org>;
 Thu, 27 Feb 2014 16:36:20 +0000 (UTC)
Received: (qmail 62637 invoked by uid 500); 27 Feb 2014 16:36:18 -0000
Delivered-To: apmail-zookeeper-user-archive@zookeeper.apache.org
Received: (qmail 62410 invoked by uid 500); 27 Feb 2014 16:36:17 -0000
Mailing-List: contact user-help@zookeeper.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:user-help@zookeeper.apache.org>
List-Unsubscribe: <mailto:user-unsubscribe@zookeeper.apache.org>
List-Post: <mailto:user@zookeeper.apache.org>
List-Id: <user.zookeeper.apache.org>
Reply-To: user@zookeeper.apache.org
Delivered-To: mailing list user@zookeeper.apache.org
Received: (qmail 62401 invoked by uid 99); 27 Feb 2014 16:36:17 -0000
Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 27 Feb 2014 16:36:17 +0000
X-ASF-Spam-Status: No, hits=1.5 required=5.0
	tests=HTML_MESSAGE,NORMAL_HTTP_TO_IP,RCVD_IN_DNSWL_LOW,SPF_PASS,WEIRD_PORT
X-Spam-Check-By: apache.org
Received-SPF: pass (nike.apache.org: domain of olivier.mallassi@gmail.com
 designates 209.85.220.52 as permitted sender)
Received: from [209.85.220.52] (HELO mail-pa0-f52.google.com) (209.85.220.52)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 27 Feb 2014 16:36:10 +0000
Received: by mail-pa0-f52.google.com with SMTP id fb1so2714267pad.39
        for <user@zookeeper.apache.org>; Thu, 27 Feb 2014 08:35:49 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:date:message-id:subject:from:to:content-type;
        bh=eyDM+VwP/QfGwsrIKtXrLBxYEhRE7U236QUoeHn2nzU=;
        b=s8ga59joAO+SRSFB0Vu97tByW3toUCYvynmgbK1e6pjGfYRw4GXHCUGlPcuRCfwnU4
         ihErBlfbsNHThtumBnnbVGMe1Nd2ijgsRySq9Z+xqX7Oyt9EbxATuxRjA6tjdKRAEdDE
         PJz8Al5DxMOqoy5dHoXlUuvvtJze3Qcnk3ck2OhVEIoq9R01z6gJ29I2/7nWdx9S6PsH
         vOV4DE8GZ5kKYNRASx07Yrc8U0LBcNX+XJs1ULf28gQgLxOj0LUcjqNlRmEB1zWW3I//
         V0/REJGsEn2Zdo6K9Ke4Kgp7HTlzCH6Igm+D0/Og4J/Q7XDtHJEvHFvAVHXq45uefjXX
         4rvQ==
MIME-Version: 1.0
X-Received: by 10.66.8.169 with SMTP id s9mr11673268paa.101.1393518949353;
 Thu, 27 Feb 2014 08:35:49 -0800 (PST)
Received: by 10.70.57.34 with HTTP; Thu, 27 Feb 2014 08:35:49 -0800 (PST)
Date: Thu, 27 Feb 2014 17:35:49 +0100
Message-ID: 
 <CAHh5=gstzPPfqAcXfAn99fq7byZdmWQOo4eC2bhFhV5DhF+taQ@mail.gmail.com>
Subject: ACL mysteries
From: Olivier Mallassi <olivier.mallassi@gmail.com>
To: user@zookeeper.apache.org, Olivier Mallassi <olivier.mallassi@gmail.com>
Content-Type: multipart/alternative; boundary=bcaec520f58ff6d0e804f365e90d
X-Virus-Checked: Checked by ClamAV on apache.org

--bcaec520f58ff6d0e804f365e90d
Content-Type: text/plain; charset=ISO-8859-1

Hi all,

I am currently trying to understand how ACL works..

I am trying to run the following case (this is just an extract from my
client)

authentSession = new ZooKeeper(host, 100000, watcher);
authentSession.addAuthInfo("digest", "user:technique".getBytes());
String path = "/purClient_" + uid;
authentSession.create(path, "ValueOfNode".getBytes(), getACLs(),
CreateMode.PERSISTENT);
System.out.println("**********************************************************************************");
System.out.println("[authentSession] CREATE NODE " + path + " with " +
getACLs());
System.out.println("**********************************************************************************");
Thread.currentThread().sleep(3000);
Stat stat1 = new Stat();
authentSession.addAuthInfo("digest", "user:technique".getBytes());
byte[] data1 = authentSession.getData(path, watcher, stat1);
System.out.println("**********************************************************************************");
System.out.println("[anonymSession] READ NODE " + path + " - " + new
String(data1));
System.out.println("**********************************************************************************");
...

the method getACLs() is
private static List<ACL> getACLs() {
Id id = new Id("digest", "user:technique");
List<ACL> aclLst = new ArrayList<ACL>();
aclLst.add(new ACL(Perms.READ, id));
                //aclLst.add(new ACL(Perms.ALL, id));

// everybody has read access
// aclLst.add(new ACL(Perms.READ, Ids.ANYONE_ID_UNSAFE));

return aclLst;
}

1/ So, if I understood well, the node created by authentSession cannot be
accessed except by the user [user:technique]
right?

2/ when I run it
2.1 here is what I got from the client side :

=2014-02-27 17:15:19,535 - DEBUG
[main-SendThread(host-2.local:2181):ClientCnxn$SendThread@815][] - Reading
reply sessionid:0x44473f695450006, packet:: clientPath:null serverPath:null
finished:false header:: 1,1  replyHeader:: 1,163208757305,0  request::
'/purClient_70d334b0-69e2-48cd-a293-7a2ecbb700f5,#56616c75654f664e6f6465,v{s{1,s{'digest,'user:technique}}},0
 response:: '/purClient_70d334b0-69e2-48cd-a293-7a2ecbb700f5
**********************************************************************************
[authentSession] CREATE NODE
/purClient_70d334b0-69e2-48cd-a293-7a2ecbb700f5 with
[1,s{'digest,'user:technique}
]
**********************************************************************************
=2014-02-27 17:15:22,557 - DEBUG
[main-SendThread(host-2.local:2181):ClientCnxn$SendThread@730][] - Got auth
sessionid:0x44473f695450006
=2014-02-27 17:15:22,566 - DEBUG
[main-SendThread(host-2.local:2181):ClientCnxn$SendThread@815][] - Reading
reply sessionid:0x44473f695450006, packet:: clientPath:null serverPath:null
finished:false header:: 2,4  replyHeader:: 2,163208757305,-102  request::
'/purClient_70d334b0-69e2-48cd-a293-7a2ecbb700f5,T  response::
org.apache.zookeeper.KeeperException$NoAuthException: KeeperErrorCode =
NoAuth for /purClient_70d334b0-69e2-48cd-a293-7a2ecbb700f5
        at
org.apache.zookeeper.KeeperException.create(KeeperException.java:113)
        at
org.apache.zookeeper.KeeperException.create(KeeperException.java:51)
        at org.apache.zookeeper.ZooKeeper.getData(ZooKeeper.java:1151)
        at murex.middleware.zookeeper.acl.AclTests.main(AclTests.java:48)

so the node is well created but I cannot execute getData() on it (using the
same ZookeeperClient instance)


2.2 here is what I got from the zookeeper server log (I zoom on the
getData() call - identified by the time 17:18:28)

2014-02-27 17:18:25,549 [myid:4] - DEBUG
[CommitProcessor:4:FinalRequestProcessor@160] - sessionid:0x44473f695450007
type:create cxid:0x1 zxid:0x260000003c txntype:1
reqpath:/purClient_5c65f927-f47a-4c57-a58b-e5c6aebd2502
2014-02-27 17:18:28,581 [myid:4] - INFO  [NIOServerCxn.Factory:
0.0.0.0/0.0.0.0:2181:ZooKeeperServer@863] - got auth packet /
192.168.56.102:54421
2014-02-27 17:18:28,584 [myid:4] - DEBUG [NIOServerCxn.Factory:
0.0.0.0/0.0.0.0:2181:ZooKeeperServer@894] - Authentication succeeded for
scheme: digest
2014-02-27 17:18:28,585 [myid:4] - INFO  [NIOServerCxn.Factory:
0.0.0.0/0.0.0.0:2181:ZooKeeperServer@897] - auth success /
192.168.56.102:54421
2014-02-27 17:18:28,594 [myid:4] - TRACE
[FollowerRequestProcessor:4:ZooTrace@90] - :Fsessionid:0x44473f695450007
type:getData cxid:0x2 zxid:0xfffffffffffffffe txntype:unknown
reqpath:/purClient_5c65f927-f47a-4c57-a58b-e5c6aebd2502
2014-02-27 17:18:28,594 [myid:4] - DEBUG
[FollowerRequestProcessor:4:CommitProcessor@171] - Processing request::
sessionid:0x44473f695450007 type:getData cxid:0x2 zxid:0xfffffffffffffffe
txntype:unknown reqpath:/purClient_5c65f927-f47a-4c57-a58b-e5c6aebd2502
2014-02-27 17:18:28,594 [myid:4] - DEBUG
[CommitProcessor:4:FinalRequestProcessor@88] - Processing request::
sessionid:0x44473f695450007 type:getData cxid:0x2 zxid:0xfffffffffffffffe
txntype:unknown reqpath:/purClient_5c65f927-f47a-4c57-a58b-e5c6aebd2502
2014-02-27 17:18:28,595 [myid:4] - TRACE [CommitProcessor:4:ZooTrace@90] -
:Esessionid:0x44473f695450007 type:getData cxid:0x2 zxid:0xfffffffffffffffe
txntype:unknown reqpath:/purClient_5c65f927-f47a-4c57-a58b-e5c6aebd2502
2014-02-27 17:18:28,595 [myid:4] - DEBUG
[CommitProcessor:4:FinalRequestProcessor@160] - sessionid:0x44473f695450007
type:getData cxid:0x2 zxid:0xfffffffffffffffe txntype:unknown
reqpath:/purClient_5c65f927-f47a-4c57-a58b-e5c6aebd2502
2014-02-27 17:18:28,653 [myid:4] - TRACE
[FollowerRequestProcessor:4:ZooTrace@90] - :Fsessionid:0x44473f695450007
type:closeSession cxid:0x3 zxid:0xfffffffffffffffe txntype:unknown
reqpath:n/a
2014-02-27 17:18:28,653 [myid:4] - DEBUG
[FollowerRequestProcessor:4:CommitProcessor@171] - Processing request::
sessionid:0x44473f695450007 type:closeSession cxid:0x3
zxid:0xfffffffffffffffe txntype:unknown reqpath:n/a
2014-02-27 17:18:28,658 [myid:4] - DEBUG
[QuorumPeer[myid=4]/0:0:0:0:0:0:0:0:2181:CommitProcessor@161] - Committing
request:: sessionid:0x44473f695450007 type:closeSession cxid:0x3
zxid:0x260000003d txntype:-11 reqpath:n/a
2014-02-27 17:18:28,658 [myid:4] - DEBUG
[CommitProcessor:4:FinalRequestProcessor@88] - Processing request::
sessionid:0x44473f695450007 type:closeSession cxid:0x3 zxid:0x260000003d
txntype:-11 reqpath:n/a
2014-02-27 17:18:28,658 [myid:4] - TRACE [CommitProcessor:4:ZooTrace@90] -
:Esessionid:0x44473f695450007 type:closeSession cxid:0x3 zxid:0x260000003d
txntype:-11 reqpath:n/a
2014-02-27 17:18:28,658 [myid:4] - DEBUG
[CommitProcessor:4:FinalRequestProcessor@160] - sessionid:0x44473f695450007
type:closeSession cxid:0x3 zxid:0x260000003d txntype:-11 reqpath:n/a
2014-02-27 17:18:28,658 [myid:4] - TRACE
[CommitProcessor:4:NIOServerCnxn@170] - Add a buffer to outgoingBuffers, sk
sun.nio.ch.SelectionKeyImpl@1cde83a is valid: true
2014-02-27 17:18:28,659 [myid:4] - INFO  [NIOServerCxn.Factory:
0.0.0.0/0.0.0.0:2181:NIOServerCnxn@1001] - Closed socket connection for
client

So from a server perspective, the getData() request is ok....

Any ideas / comments are welcomed.

Regards.

--bcaec520f58ff6d0e804f365e90d--