zookeeper-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cami...@apache.org
Subject svn commit: r1526219 - in /zookeeper/trunk: CHANGES.txt src/java/main/org/apache/zookeeper/server/auth/SASLAuthenticationProvider.java src/java/test/org/apache/zookeeper/test/SaslAuthDesignatedClientTest.java
Date Wed, 25 Sep 2013 16:18:03 GMT
Author: camille
Date: Wed Sep 25 16:18:03 2013
New Revision: 1526219

URL: http://svn.apache.org/r1526219
Log:
ZOOKEEPER-1759. Adding ability to allow READ operations for authenticated users, 
  versus keeping ACLs wide open for READ. (Yuliya Feldman via camille)

Modified:
    zookeeper/trunk/CHANGES.txt
    zookeeper/trunk/src/java/main/org/apache/zookeeper/server/auth/SASLAuthenticationProvider.java
    zookeeper/trunk/src/java/test/org/apache/zookeeper/test/SaslAuthDesignatedClientTest.java

Modified: zookeeper/trunk/CHANGES.txt
URL: http://svn.apache.org/viewvc/zookeeper/trunk/CHANGES.txt?rev=1526219&r1=1526218&r2=1526219&view=diff
==============================================================================
--- zookeeper/trunk/CHANGES.txt (original)
+++ zookeeper/trunk/CHANGES.txt Wed Sep 25 16:18:03 2013
@@ -571,6 +571,9 @@ IMPROVEMENTS:
 
   ZOOKEEPER-1750 Race condition producing NPE in NIOServerCnxn.toString
   (Rakesh R via michim)
+  
+  ZOOKEEPER-1759. Adding ability to allow READ operations for authenticated users, 
+  versus keeping ACLs wide open for READ. (Yuliya Feldman via camille)
 
 Release 3.4.0 - 
 

Modified: zookeeper/trunk/src/java/main/org/apache/zookeeper/server/auth/SASLAuthenticationProvider.java
URL: http://svn.apache.org/viewvc/zookeeper/trunk/src/java/main/org/apache/zookeeper/server/auth/SASLAuthenticationProvider.java?rev=1526219&r1=1526218&r2=1526219&view=diff
==============================================================================
--- zookeeper/trunk/src/java/main/org/apache/zookeeper/server/auth/SASLAuthenticationProvider.java
(original)
+++ zookeeper/trunk/src/java/main/org/apache/zookeeper/server/auth/SASLAuthenticationProvider.java
Wed Sep 25 16:18:03 2013
@@ -39,9 +39,18 @@ public class SASLAuthenticationProvider 
 
     public boolean matches(String id,String aclExpr) {
         if (System.getProperty("zookeeper.superUser") != null) {
-            return (id.equals(System.getProperty("zookeeper.superUser")) || id.equals(aclExpr));
+            if (id.equals(System.getProperty("zookeeper.superUser")) || id.equals(aclExpr))
{
+              return true;
+            }
         }
-        return (id.equals("super") || id.equals(aclExpr));
+        if ((id.equals("super") || id.equals(aclExpr))) {
+          return true;
+        }
+        String readAccessUser = System.getProperty("zookeeper.readUser");
+        if ( readAccessUser != null && aclExpr.equals(readAccessUser)) {
+          return true;
+        }
+        return false;
     }
 
     public boolean isAuthenticated() {

Modified: zookeeper/trunk/src/java/test/org/apache/zookeeper/test/SaslAuthDesignatedClientTest.java
URL: http://svn.apache.org/viewvc/zookeeper/trunk/src/java/test/org/apache/zookeeper/test/SaslAuthDesignatedClientTest.java?rev=1526219&r1=1526218&r2=1526219&view=diff
==============================================================================
--- zookeeper/trunk/src/java/test/org/apache/zookeeper/test/SaslAuthDesignatedClientTest.java
(original)
+++ zookeeper/trunk/src/java/test/org/apache/zookeeper/test/SaslAuthDesignatedClientTest.java
Wed Sep 25 16:18:03 2013
@@ -21,12 +21,17 @@ package org.apache.zookeeper.test;
 import java.io.File;
 import java.io.FileWriter;
 import java.io.IOException;
+import java.util.ArrayList;
+import java.util.List;
 
 import org.apache.zookeeper.CreateMode;
 import org.apache.zookeeper.KeeperException;
 import org.apache.zookeeper.ZooKeeper;
 import org.apache.zookeeper.ZooDefs.Ids;
+import org.apache.zookeeper.ZooDefs.Perms;
 import org.apache.zookeeper.client.ZooKeeperSaslClient;
+import org.apache.zookeeper.data.ACL;
+import org.apache.zookeeper.data.Id;
 import org.junit.Assert;
 import org.junit.Test;
 
@@ -100,5 +105,54 @@ public class SaslAuthDesignatedClientTes
         }
     }
 
-
+    @Test
+    public void testReadAccessUser() throws Exception {
+      System.setProperty("zookeeper.readUser","anyone");
+      ZooKeeper zk = createClient();
+      List<ACL> aclList = new ArrayList<ACL>();
+      ACL acl = new ACL(Perms.ADMIN | Perms.CREATE | Perms.WRITE | Perms.DELETE, new Id("sasl",
"fakeuser"));
+      ACL acl1 = new ACL(Perms.READ, new Id("sasl", "anyone"));
+      aclList.add(acl);
+      aclList.add(acl1);
+      try { 
+        zk.create("/abc", "testData".getBytes(), aclList, CreateMode.PERSISTENT);
+      } catch (KeeperException e) {
+        Assert.fail("Unable to create znode");
+      }
+      zk.close();
+      Thread.sleep(100);
+      
+      // try to access it with different user (myuser)
+      zk = createClient();
+      
+      try {
+        zk.setData("/abc", "testData1".getBytes(), -1);
+        Assert.fail("Should not be able to set data");
+      } catch (KeeperException.NoAuthException e) {
+        // success
+      }
+      
+      try {
+        byte [] bytedata = zk.getData("/abc", null, null);
+        String data = new String(bytedata);
+        Assert.assertTrue("testData".equals(data));
+      } catch (KeeperException e) {
+        Assert.fail("failed to get data");
+      }
+      
+      zk.close();
+      Thread.sleep(100);
+      
+      // disable Client Sasl
+      System.setProperty(ZooKeeperSaslClient.ENABLE_CLIENT_SASL_KEY, "false");
+      
+      zk = createClient();
+      try {
+        zk.getData("/abc", null, null);
+        Assert.fail("Should not be able to read data when not authenticated");
+      } catch (KeeperException.NoAuthException e) {
+        // success
+      }
+      zk.close();
+    }
 }



Mime
View raw message