Return-Path: 
 <user-return-6384-apmail-zookeeper-user-archive=zookeeper.apache.org@zookeeper.apache.org>
X-Original-To: apmail-zookeeper-user-archive@www.apache.org
Delivered-To: apmail-zookeeper-user-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id C8307E08E
	for <apmail-zookeeper-user-archive@www.apache.org>;
 Wed, 29 May 2013 22:28:53 +0000 (UTC)
Received: (qmail 93005 invoked by uid 500); 29 May 2013 22:28:53 -0000
Delivered-To: apmail-zookeeper-user-archive@zookeeper.apache.org
Received: (qmail 92836 invoked by uid 500); 29 May 2013 22:28:53 -0000
Mailing-List: contact user-help@zookeeper.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:user-help@zookeeper.apache.org>
List-Unsubscribe: <mailto:user-unsubscribe@zookeeper.apache.org>
List-Post: <mailto:user@zookeeper.apache.org>
List-Id: <user.zookeeper.apache.org>
Reply-To: user@zookeeper.apache.org
Delivered-To: mailing list user@zookeeper.apache.org
Received: (qmail 92828 invoked by uid 99); 29 May 2013 22:28:53 -0000
Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 29 May 2013 22:28:53 +0000
X-ASF-Spam-Status: No, hits=-0.7 required=5.0
	tests=RCVD_IN_DNSWL_LOW,SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (nike.apache.org: domain of mutsuzaki@gmail.com designates
 209.85.214.54 as permitted sender)
Received: from [209.85.214.54] (HELO mail-bk0-f54.google.com) (209.85.214.54)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 29 May 2013 22:28:46 +0000
Received: by mail-bk0-f54.google.com with SMTP id it16so4807766bkc.41
        for <user@zookeeper.apache.org>; Wed, 29 May 2013 15:28:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:reply-to:sender:in-reply-to:references:date
         :x-google-sender-auth:message-id:subject:from:to:content-type
         :content-transfer-encoding;
        bh=OhKjfRb14v+qtFl9ZgSM92wQoDNfkcAy8iYUzGSso3w=;
        b=fwGyV5KQKqobwS8foLmuAdM43qkwox8NpjkC0WydDI/j85o3gTyv0gB9Qn/OhMjCR1
         CsnHEcWZ3COhtxTYJDeXmeS1/uuJ4YNQuiIsyn9tqHISkfNGaxjiXLEavn+92AiYumv1
         PTErJpVzeAS6UrMjwvbwmglGxFayLdNJUiNjRgHjbYnC6w4R0ETnpKaFI3DlRg+B9s7P
         TXGgCzigEJASNfPDbocq8MxcDOids1tLfe5oZoe+7d/jW1ojgqZWNDh6ehbq8+mJN2vN
         TuT4zoqxlMPJ/HcwOu9zW6os7FyByfnqlztNXZPrSgThEVc4LPPAgO++l2xdRLHwtz4I
         krdQ==
MIME-Version: 1.0
X-Received: by 10.204.227.3 with SMTP id iy3mr1060757bkb.107.1369866504513;
 Wed, 29 May 2013 15:28:24 -0700 (PDT)
Reply-To: michi@cs.stanford.edu
Sender: mutsuzaki@gmail.com
Received: by 10.204.50.147 with HTTP; Wed, 29 May 2013 15:28:24 -0700 (PDT)
In-Reply-To: 
 <E195B18E0EBA0E4AB3F317A39FF8BB9B599B965B@ASHBDAG1M1.resource.ds.bah.com>
References: 
 <E195B18E0EBA0E4AB3F317A39FF8BB9B599B965B@ASHBDAG1M1.resource.ds.bah.com>
Date: Wed, 29 May 2013 15:28:24 -0700
X-Google-Sender-Auth: v02LgAh-r8nCPTJH4V5K5KCXczI
Message-ID: 
 <CAHYqJpGO-N3rZm7bL+5hE8G24t5=5BuQhVAtcD0X_7jCioBPqQ@mail.gmail.com>
Subject: Re: Ip ACL
From: Michi Mutsuzaki <michi@cs.stanford.edu>
To: user@zookeeper.apache.org
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
X-Virus-Checked: Checked by ClamAV on apache.org

Hi Janet,

I'm guessing the client IP address the server sees is 127.0.0.1 (which
is probably different from the ip address you specify in addAuthInfo)
if the client and the server are running on a same host. You can try
passing 127.0.0.1 to addAuthInfo and see if it works.

--Michi

On Wed, May 29, 2013 at 1:09 PM, Proctor, Janet [USA]
<proctor_janet@bah.com> wrote:
> Hello,
>
>
>
> I am trying to use ACLs to lock down znodes to a specific Ip Address. I a=
m getting a NoAuth error when I try create the sturcture /testkeystore/cert=
s/somecert.pem.  I create the node /testkeystore with an ACL of cdrwa with =
no problem. When I try to attach certs to /testkeystore (/testkeystore/cert=
s), I get an the NoAuth error on the create method below.  I had to type th=
is code in email, beacuse it lives a different network. Please excuse mista=
bbling. It should compile. I've tried to account for all of the braces. Als=
o, please forgive the catch all exceptions, I'm just trying to get things t=
o work.
>
>
>
>
>
> My code is as follows:
>
>
>
> DataStore mystore =3D new DataStore();
>
> mystore.connect();
>
> mystore.create("testkeystore", null);
>
> mystore.copyFolder(new File("home/hadoop/testkeystore/certs"), "/testkeys=
tore/certs");
>
> mystore.close();
>
>
>
>
>
> public class DataStore implements Watcher {
>
>
>
> private ZooKeeper zk;
>
> List <ACL> aclLst =3D new ArrayList<ACL> (1);
>
>
>
> public void connect throws IOException, InterruptedException {
>
>
>
> zk =3D new Zookeeper("localhost", SESSION_TIMEOUT, this);
>
> zk.addAuthInfo("ip", "#.#.#.#) //the #s are the ip address of the server =
that i'm running zookeeper on and executing this code on
>
> aclLst.add(new ACL(Perms.ALL, new Id("ip", "#.#.#.#")));
>
> connectedSignal.await()
>
>
>
> }
>
>
>
> public void create(String path, byte [] fileBytes) throws KeeperException=
, InterruptedException, Exception
>
> {
>
> Stat stat =3D zk.exists(path, false);
>
>
>
>     if(stat =3D=3D null){
>
>         zk.create(path, fileBytes, aclLst, CreateMode.PERSISTENT);
>
>     }
>
>
>
>     else
>
>     {
>
>         zk.setData(path, fileBytes, -1);
>
>     }
>
> }
>
>
>
>
>
> public void copyFolder(File srcFolder, String dst) throws Exception
>
> {
>
>     String dstFolder =3D dst;
>
>
>
>
>
>         if(srcFolder.isDirectory())
>
>         {
>
>             Stat stat =3D zk.exists(dst, false);
>
>
>
>         if(stat =3D=3D null){
>
>             zk.create(dst, new byte[0], aclLst, CreateMode.PERSISTENT);
>
>         }
>
>         String files [] =3D srcFolder.list();
>
>         for(String file:files)
>
>         {
>
>             File srcFile =3D new File(srcFolder, file);
>
>             dstFolder =3D dst + "/" + file;
>
>
>
>         //recursive copy
>
>         copyFolder(srcFile, dstFolder);
>
>         }
>
>
>
>     }
>
>     else
>
>     {
>
>
>
>         copyFromLocal(srcFolder.getPath, dstFolder);
>
>     }
>
>
>
> }
>
>
>
> public void copyFromLocal(String src, String dst) throws Exception
>
> {
>
> File srcFile =3D new File (src);
>
> file byte [] fileBytes;
>
>
>
> InputStream in =3D null;
>
>
>
>     try{
>
>
>
>          in =3D new FileInputStream(srcFile);
>
>          fileBytes =3D readFully(in)_;
>
>         create(dst, fileBytes);
>
>         }
>
>
>
>     finally {
>
>     if(in !=3D null)
>
>         try {
>
>         in.close();
>
>         }
>
>
>
>         catch(Exception ignore) {
>
>         }
>
>     }
>
>
>
> }
>
>
>
> private static byte [] readFully(final InputStream in ) throws IOExceptio=
n {
>
>
>
> final ByteArrayOutputStream buf1 =3D new ByteArrayOutputStream();
>
> final byte [] buf2 =3D new byte[8*1024];
>
> for(int read; (read =3D in.read(buf2)) >0;){
>
>     buf1.write(buf2, 0, read);
>
>     }
>
> return buf1.toByteArray();
>
> }
>
>
>
> }
>
>
>
>
>
>
>
> Janet Proctor, PMP
> Booz Allen Hamilton
> 301-617-2565 (Booz Allen)
> 410-854-3559(Client Site)