> On Feb. 4, 2015, 4:02 p.m., fpj wrote: > > src/docs/src/documentation/content/xdocs/zookeeperAdmin.xml, line 1107 > > <https://reviews.apache.org/r/30576/diff/1/?file=846510#file846510line1107> > > > > Is there any use case in which we need this? Could you explain? > > Ian Dimayuga wrote: > This is to enable the "super" scheme the same way the > DigestAuthenticationProvider does. It's so that an admin can inspect/modify > the tree even when a client has set very restrictive ACLs. > > fpj wrote: > I guess I'm confused about the context here. This feature is about secure > connections via SSL, so it is about connecting, not about inspecting the data > in the ZK state, but I guess I'm missing something here.
Well the X509AuthenticationProvider adds a new scheme for IDs based on the client certificate. By authenticating upon connection, the client gets this for free, just like with SASLAuthenticationProvider. And similar to SASL, the ID is based on the principal (X.500 instead of Kerberos). Since both Digest and SASL auth schemes have a mechanism for "super" it seems to make sense in this case as well. - Ian ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/30576/#review70954 ----------------------------------------------------------- On Feb. 3, 2015, 9 p.m., Hongchao Deng wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/30576/ > ----------------------------------------------------------- > > (Updated Feb. 3, 2015, 9 p.m.) > > > Review request for zookeeper. > > > Repository: zookeeper-git > > > Description > ------- > > SSL on Netty > > > Diffs > ----- > > build.xml e4c8e0374b25a5bcab7cfe77543378fdb8f98b06 > src/docs/src/documentation/content/xdocs/zookeeperAdmin.xml > 914a24471b0a27f7cf650c3ed2eef1077178853f > src/docs/src/documentation/content/xdocs/zookeeperProgrammers.xml > 223cf8e5a856aefba6f5c106d3f4861d3de8f1e1 > src/java/main/org/apache/zookeeper/ClientCnxnSocketNetty.java > 87e7834bc91c52d4a2d100dbcc98d41a1b98b849 > src/java/main/org/apache/zookeeper/ZooKeeper.java > dd13cc9ba5096312b06999a03ae0057cd3677623 > src/java/main/org/apache/zookeeper/ZooKeeperMain.java > 496e88748cf6aa291c8b71583a28fdb55fdf7761 > src/java/main/org/apache/zookeeper/auth/X509Auth.java PRE-CREATION > src/java/main/org/apache/zookeeper/client/FourLetterWordMain.java > e41465ab93a3a59dbced8294e83b1651ad0dfe69 > src/java/main/org/apache/zookeeper/server/NIOServerCnxn.java > e02753f4fb926a8cc6c7a7c10af42f949c1e210c > src/java/main/org/apache/zookeeper/server/NIOServerCnxnFactory.java > acabb33f6c7a000706763ccba94cbaf5aaaca08e > src/java/main/org/apache/zookeeper/server/NettyServerCnxn.java > b4bdc82f8b52f736c6ee3d67bb793a3616c1b436 > src/java/main/org/apache/zookeeper/server/NettyServerCnxnFactory.java > 09a794844978456fc3580adc22b6064e2a12cf77 > src/java/main/org/apache/zookeeper/server/ServerCnxn.java > a47d85662970cc0c219a46b226737a8689f8fe96 > src/java/main/org/apache/zookeeper/server/ServerCnxnFactory.java > 14037722c569d560acef56de0b5a7ae13464128c > src/java/main/org/apache/zookeeper/server/ServerConfig.java > f2b8463e871739319bdf40be1f014d5ad0af5602 > src/java/main/org/apache/zookeeper/server/ZooKeeperServer.java > 30a0ed390bb7473ddb36757da97bc7d5f4281887 > src/java/main/org/apache/zookeeper/server/ZooKeeperServerBean.java > 0eb5c7f979199f2f7dcb9e5cfa011a9b20113713 > src/java/main/org/apache/zookeeper/server/ZooKeeperServerMain.java > b756d349abeb1fc69534100c3633db4c1c18e031 > src/java/main/org/apache/zookeeper/server/auth/ProviderRegistry.java > 406015f84a51e6afcfe704b881f8494bdd687a25 > > src/java/main/org/apache/zookeeper/server/auth/X509AuthenticationProvider.java > PRE-CREATION > src/java/main/org/apache/zookeeper/server/quorum/Leader.java > 20589045752a7ba4ae9c9090055a4fcbe86a8eda > src/java/main/org/apache/zookeeper/server/quorum/Learner.java > 87f4c0627141c2cfee0533aca7ba2e7ff91433e3 > src/java/main/org/apache/zookeeper/server/quorum/QuorumPeer.java > 388ceeb45bd18c7cb8f0766a96ebd4a54a9e76de > src/java/main/org/apache/zookeeper/server/quorum/QuorumPeerConfig.java > badc8df1f05dea4be337bc8312d7ac22f6c77dc3 > src/java/main/org/apache/zookeeper/server/quorum/QuorumPeerMain.java > d17c58d59e0131a78adde1becb5c23ce8c7a16a7 > > src/java/main/org/apache/zookeeper/server/quorum/ReadOnlyZooKeeperServer.java > 2aab6d09f9bd980ed76f886fb8168aae2ac8f99f > src/java/test/org/apache/zookeeper/server/TestServerCnxn.java PRE-CREATION > src/java/test/org/apache/zookeeper/server/quorum/Zab1_0Test.java > 6ce058e48d17410d89d8348ee659dd7752bfd578 > src/java/test/org/apache/zookeeper/test/ClientBase.java > a6229b50b4a4486b443daa6b3b92ac4ab5cf94cb > src/java/test/org/apache/zookeeper/test/ReconfigTest.java > 8b238ee7463508122010208ebc3e786caa2cf1b1 > src/java/test/org/apache/zookeeper/test/SSLAuthTest.java PRE-CREATION > > Diff: https://reviews.apache.org/r/30576/diff/ > > > Testing > ------- > > > Thanks, > > Hongchao Deng > >
