hey Stevo, I'm not aware of any programmatic way to configure SASL stuff (but I've never used it before, so I could be missing something).
I haven't looked at any security stuff in Java for a while. Does the location of the JAAS configuration file have to be set via a system property, or are there other options? While Curator could potentially be extended to expose an API to set the JAAS configuration, if it's just essentially setting a system property I'm not sure of the benefit. Especially when it will have the side effect of modifying the JAAS configuration for the whole JVM. cheers Cam On Thu, Feb 2, 2017 at 3:12 AM, Stevo Slavić <[email protected]> wrote: > Hello Apache Curator community, > > With digest scheme it seemed to be enough to configure > CuratorFrameworkFactory.Builder authorization with appropriate AuthInfo - > scheme "digest" and "user:pass" bytes as auth. > > By experimenting and checking ZooKeeperServer [1] and > SASLAuthenticationProvider [2] code, I've got it work with SASL scheme when > CuratorFrameworkFactory.Builder does not have authorization configured, > JAAS config file is provisioned and JVM is configured to use it via > java.security.auth.login.config Java system property. > > I'd prefer API support over provisioning via file. Is there equivalent (to > digest support) Java API in Curator that one can use to configure SASL > scheme authorization? > > Kind regards, > Stevo Slavic. > > [1] http://svn.apache.org/viewvc/zookeeper/trunk/src/java/main/ > org/apache/zookeeper/server/ZooKeeperServer.java?view=markup#l1060 > [2] http://svn.apache.org/viewvc/zookeeper/trunk/src/java/main/ > org/apache/zookeeper/server/auth/SASLAuthenticationProvider. > java?view=markup#l30 >
