Ok I found it .
the issue was linked to the ACL definition (and the getACL method). more
precisely, that was link to my Id defintion.
1/ the code defining the ACL was :
Id id = new Id("digest", "user:technique");
2/ the client code was :
authentSession = new ZooKeeper(host, 100000, watcher);
authentSession.addAuthInfo("digest", "user:technique".getBytes());
...
authentSession.create(path, "ValueOfNode".getBytes(), getACLs(),
CreateMode.PERSISTENT);
my mistake came from the fact the Id should contain the digest form of the
password (that you can read from a properties file or...)
So using the DigestAuthenticatoinProvider to generate the SHA1-Base64
version of the password and changing the getAcl() method to :
Id id = new Id("digest", "user:etACc5dufGjdXkkCXYE2tZSME18="/*
"user:technique" */);
That works as expected and you can mix Perms.ALL for a specific user and
read only for all anonymous users etc...
HTH
On Thu, Feb 27, 2014 at 6:01 PM, Olivier Mallassi <
[email protected]> wrote:
> hum, I mixed logs from two different runs. below are the same infos but
> with right timestamps .... (sorry)
>
> *from client side : *
> =2014-02-27 17:*45:19*,413 - DEBUG
> [main-SendThread(host-2.local:2181):ClientCnxn$SendThread@815][] -
> Reading reply sessionid:0x444743c2ade0000, packet:: clientPath:null
> serverPath:null finished:false header:: 1,1 replyHeader:: 1,184683593730,0
> request::
> '/purClient_9f370cd2-9f57-40de-afbd-09843b3b7b26,#56616c75654f664e6f6465,v{s{1,s{'digest,'user:technique}}},0
> response:: '/purClient_9f370cd2-9f57-40de-afbd-09843b3b7b26
>
> **********************************************************************************
> [authentSession] CREATE NODE
> /purClient_9f370cd2-9f57-40de-afbd-09843b3b7b26 with
> [1,s{'digest,'user:technique}
> ]
>
> **********************************************************************************
> =2014-02-27 17:*45:22*,421 - DEBUG
> [main-SendThread(host-2.local:2181):ClientCnxn$SendThread@730][] - Got
> auth sessionid:0x444743c2ade0000
> =2014-02-27 17:45:22,447 - DEBUG
> [main-SendThread(host-2.local:2181):ClientCnxn$SendThread@815][] -
> Reading reply sessionid:0x444743c2ade0000, packet:: clientPath:null
> serverPath:null finished:false header:: 2,4 replyHeader::
> 2,184683593730,-102 request::
> '/purClient_9f370cd2-9f57-40de-afbd-09843b3b7b26,T response::
> org.apache.zookeeper.KeeperException$NoAuthException:* KeeperErrorCode =
> NoAuth for /purC*lient_9f370cd2-9f57-40de-afbd-09843b3b7b26
> at
> org.apache.zookeeper.KeeperException.create(KeeperException.java:113)
> at
> org.apache.zookeeper.KeeperException.create(KeeperException.java:51)
> at org.apache.zookeeper.ZooKeeper.getData(ZooKeeper.java:1151)
> at murex.middleware.zookeeper.acl.AclTests.main(AclTests.java:48)
> =2014-02-27 17:45:22,477 - DEBUG [main:ZooKeeper@673][] - Closing
> session: 0x444743c2ade0000
>
>
> ==> 17:45:22 is the getData() call.
>
> *from server side : *
> 2014-02-27 17:45:19,407 [myid:4] - DEBUG
> [CommitProcessor:4:FinalRequestProcessor@160] -
> sessionid:0x444743c2ade0000 type:create cxid:0x1 zxid:0x2b00000002
> txntype:1 reqpath:/purClient_9f370cd2-9f57-40de-afbd-09843b3b7b262014-02-27
> 17:45:22,417 [myid:4] - INFO [NIOServerCxn.Factory:
> 0.0.0.0/0.0.0.0:2181:ZooKeeperServer@863] - *got auth packet
> /192.168.56.102:54488 <http://192.168.56.102:54488>*
> 2014-02-27 17:45:22,418 [myid:4] - DEBUG [NIOServerCxn.Factory:
> 0.0.0.0/0.0.0.0:2181:ZooKeeperServer@894] - *Authentication succeeded for
> scheme: digest*
> 2014-02-27 17:45:22,418 [myid:4] - INFO [NIOServerCxn.Factory:
> 0.0.0.0/0.0.0.0:2181:ZooKeeperServer@897] - *auth success
> /192.168.56.102:54488 <http://192.168.56.102:54488>*
> 2014-02-27 17:45:22,425 [myid:4] - TRACE
> [FollowerRequestProcessor:4:ZooTrace@90] - :Fsessionid:0x444743c2ade0000
> type:getData cxid:0x2 zxid:0xfffffffffffffffe txntype:unknown
> reqpath:/purClient_9f370cd2-9f57-40de-afbd-09843b3b7b26
> 2014-02-27 17:45:22,425 [myid:4] - DEBUG
> [FollowerRequestProcessor:4:CommitProcessor@171] - Processing request::
> sessionid:0x444743c2ade0000 type:getData cxid:0x2 zxid:0xfffffffffffffffe
> txntype:unknown reqpath:/purClient_9f370cd2-9f57-40de-afbd-09843b3b7b26
> 2014-02-27 17:45:22,426 [myid:4] - DEBUG
> [CommitProcessor:4:FinalRequestProcessor@88] - Processing request::
> sessionid:0x444743c2ade0000 type:getData cxid:0x2 zxid:0xfffffffffffffffe
> txntype:unknown reqpath:/purClient_9f370cd2-9f57-40de-afbd-09843b3b7b26
> 2014-02-27 17:45:22,426 [myid:4] - TRACE [CommitProcessor:4:ZooTrace@90]
> - :Esessionid:0x444743c2ade0000 type:getData cxid:0x2
> zxid:0xfffffffffffffffe txntype:unknown
> reqpath:/purClient_9f370cd2-9f57-40de-afbd-09843b3b7b26
> 2014-02-27 17:45:22,426 [myid:4] - DEBUG
> [CommitProcessor:4:FinalRequestProcessor@160] -
> sessionid:0x444743c2ade0000 type:getData cxid:0x2 zxid:0xfffffffffffffffe
> txntype:unknown reqpath:/purClient_9f370cd2-9f57-40de-afbd-09843b3b7b26
> 2014-02-27 17:45:22,477 [myid:4] - TRACE
> [FollowerRequestProcessor:4:ZooTrace@90] - :Fsessionid:0x444743c2ade0000
> type:closeSession cxid:0x3 zxid:0xfffffffffffffffe txntype:unknown
> reqpath:n/a
> 2014-02-27 17:45:22,477 [myid:4] - DEBUG
> [FollowerRequestProcessor:4:CommitProcessor@171] - Processing request::
> sessionid:0x4447.....
>
>
>
>
>
>
> On Thu, Feb 27, 2014 at 5:35 PM, Olivier Mallassi <
> [email protected]> wrote:
>
>> Hi all,
>>
>> I am currently trying to understand how ACL works..
>>
>> I am trying to run the following case (this is just an extract from my
>> client)
>>
>> authentSession = new ZooKeeper(host, 100000, watcher);
>> authentSession.addAuthInfo("digest", "user:technique".getBytes());
>> String path = "/purClient_" + uid;
>> authentSession.create(path, "ValueOfNode".getBytes(), getACLs(),
>> CreateMode.PERSISTENT);
>>
>> System.out.println("**********************************************************************************");
>> System.out.println("[authentSession] CREATE NODE " + path + " with " +
>> getACLs());
>>
>> System.out.println("**********************************************************************************");
>> Thread.currentThread().sleep(3000);
>> Stat stat1 = new Stat();
>> authentSession.addAuthInfo("digest", "user:technique".getBytes());
>> byte[] data1 = authentSession.getData(path, watcher, stat1);
>>
>> System.out.println("**********************************************************************************");
>> System.out.println("[anonymSession] READ NODE " + path + " - " + new
>> String(data1));
>>
>> System.out.println("**********************************************************************************");
>> ...
>>
>> the method getACLs() is
>> private static List<ACL> getACLs() {
>> Id id = new Id("digest", "user:technique");
>> List<ACL> aclLst = new ArrayList<ACL>();
>> aclLst.add(new ACL(Perms.READ, id));
>> //aclLst.add(new ACL(Perms.ALL, id));
>>
>> // everybody has read access
>> // aclLst.add(new ACL(Perms.READ, Ids.ANYONE_ID_UNSAFE));
>>
>> return aclLst;
>> }
>>
>> 1/ So, if I understood well, the node created by authentSession cannot be
>> accessed except by the user [user:technique]
>> right?
>>
>> 2/ when I run it
>> 2.1 here is what I got from the client side :
>>
>> =2014-02-27 17:15:19,535 - DEBUG
>> [main-SendThread(host-2.local:2181):ClientCnxn$SendThread@815][] -
>> Reading reply sessionid:0x44473f695450006, packet:: clientPath:null
>> serverPath:null finished:false header:: 1,1 replyHeader:: 1,163208757305,0
>> request::
>> '/purClient_70d334b0-69e2-48cd-a293-7a2ecbb700f5,#56616c75654f664e6f6465,v{s{1,s{'digest,'user:technique}}},0
>> response:: '/purClient_70d334b0-69e2-48cd-a293-7a2ecbb700f5
>>
>> **********************************************************************************
>> [authentSession] CREATE NODE
>> /purClient_70d334b0-69e2-48cd-a293-7a2ecbb700f5 with
>> [1,s{'digest,'user:technique}
>> ]
>>
>> **********************************************************************************
>> =2014-02-27 17:15:22,557 - DEBUG
>> [main-SendThread(host-2.local:2181):ClientCnxn$SendThread@730][] - Got
>> auth sessionid:0x44473f695450006
>> =2014-02-27 17:15:22,566 - DEBUG
>> [main-SendThread(host-2.local:2181):ClientCnxn$SendThread@815][] -
>> Reading reply sessionid:0x44473f695450006, packet:: clientPath:null
>> serverPath:null finished:false header:: 2,4 replyHeader::
>> 2,163208757305,-102 request::
>> '/purClient_70d334b0-69e2-48cd-a293-7a2ecbb700f5,T response::
>> org.apache.zookeeper.KeeperException$NoAuthException: KeeperErrorCode =
>> NoAuth for /purClient_70d334b0-69e2-48cd-a293-7a2ecbb700f5
>> at
>> org.apache.zookeeper.KeeperException.create(KeeperException.java:113)
>> at
>> org.apache.zookeeper.KeeperException.create(KeeperException.java:51)
>> at org.apache.zookeeper.ZooKeeper.getData(ZooKeeper.java:1151)
>> at murex.middleware.zookeeper.acl.AclTests.main(AclTests.java:48)
>>
>> so the node is well created but I cannot execute getData() on it (using
>> the same ZookeeperClient instance)
>>
>>
>> 2.2 here is what I got from the zookeeper server log (I zoom on the
>> getData() call - identified by the time 17:18:28)
>>
>> 2014-02-27 17:18:25,549 [myid:4] - DEBUG
>> [CommitProcessor:4:FinalRequestProcessor@160] -
>> sessionid:0x44473f695450007 type:create cxid:0x1 zxid:0x260000003c
>> txntype:1 reqpath:/purClient_5c65f927-f47a-4c57-a58b-e5c6aebd2502
>> 2014-02-27 17:18:28,581 [myid:4] - INFO [NIOServerCxn.Factory:
>> 0.0.0.0/0.0.0.0:2181:ZooKeeperServer@863] - got auth packet /
>> 192.168.56.102:54421
>> 2014-02-27 17:18:28,584 [myid:4] - DEBUG [NIOServerCxn.Factory:
>> 0.0.0.0/0.0.0.0:2181:ZooKeeperServer@894] - Authentication succeeded for
>> scheme: digest
>> 2014-02-27 17:18:28,585 [myid:4] - INFO [NIOServerCxn.Factory:
>> 0.0.0.0/0.0.0.0:2181:ZooKeeperServer@897] - auth success /
>> 192.168.56.102:54421
>> 2014-02-27 17:18:28,594 [myid:4] - TRACE
>> [FollowerRequestProcessor:4:ZooTrace@90] - :Fsessionid:0x44473f695450007
>> type:getData cxid:0x2 zxid:0xfffffffffffffffe txntype:unknown
>> reqpath:/purClient_5c65f927-f47a-4c57-a58b-e5c6aebd2502
>> 2014-02-27 17:18:28,594 [myid:4] - DEBUG
>> [FollowerRequestProcessor:4:CommitProcessor@171] - Processing request::
>> sessionid:0x44473f695450007 type:getData cxid:0x2 zxid:0xfffffffffffffffe
>> txntype:unknown reqpath:/purClient_5c65f927-f47a-4c57-a58b-e5c6aebd2502
>> 2014-02-27 17:18:28,594 [myid:4] - DEBUG
>> [CommitProcessor:4:FinalRequestProcessor@88] - Processing request::
>> sessionid:0x44473f695450007 type:getData cxid:0x2 zxid:0xfffffffffffffffe
>> txntype:unknown reqpath:/purClient_5c65f927-f47a-4c57-a58b-e5c6aebd2502
>> 2014-02-27 17:18:28,595 [myid:4] - TRACE [CommitProcessor:4:ZooTrace@90]
>> - :Esessionid:0x44473f695450007 type:getData cxid:0x2
>> zxid:0xfffffffffffffffe txntype:unknown
>> reqpath:/purClient_5c65f927-f47a-4c57-a58b-e5c6aebd2502
>> 2014-02-27 17:18:28,595 [myid:4] - DEBUG
>> [CommitProcessor:4:FinalRequestProcessor@160] -
>> sessionid:0x44473f695450007 type:getData cxid:0x2 zxid:0xfffffffffffffffe
>> txntype:unknown reqpath:/purClient_5c65f927-f47a-4c57-a58b-e5c6aebd2502
>> 2014-02-27 17:18:28,653 [myid:4] - TRACE
>> [FollowerRequestProcessor:4:ZooTrace@90] - :Fsessionid:0x44473f695450007
>> type:closeSession cxid:0x3 zxid:0xfffffffffffffffe txntype:unknown
>> reqpath:n/a
>> 2014-02-27 17:18:28,653 [myid:4] - DEBUG
>> [FollowerRequestProcessor:4:CommitProcessor@171] - Processing request::
>> sessionid:0x44473f695450007 type:closeSession cxid:0x3
>> zxid:0xfffffffffffffffe txntype:unknown reqpath:n/a
>> 2014-02-27 17:18:28,658 [myid:4] - DEBUG
>> [QuorumPeer[myid=4]/0:0:0:0:0:0:0:0:2181:CommitProcessor@161] -
>> Committing request:: sessionid:0x44473f695450007 type:closeSession cxid:0x3
>> zxid:0x260000003d txntype:-11 reqpath:n/a
>> 2014-02-27 17:18:28,658 [myid:4] - DEBUG
>> [CommitProcessor:4:FinalRequestProcessor@88] - Processing request::
>> sessionid:0x44473f695450007 type:closeSession cxid:0x3 zxid:0x260000003d
>> txntype:-11 reqpath:n/a
>> 2014-02-27 17:18:28,658 [myid:4] - TRACE [CommitProcessor:4:ZooTrace@90]
>> - :Esessionid:0x44473f695450007 type:closeSession cxid:0x3
>> zxid:0x260000003d txntype:-11 reqpath:n/a
>> 2014-02-27 17:18:28,658 [myid:4] - DEBUG
>> [CommitProcessor:4:FinalRequestProcessor@160] -
>> sessionid:0x44473f695450007 type:closeSession cxid:0x3 zxid:0x260000003d
>> txntype:-11 reqpath:n/a
>> 2014-02-27 17:18:28,658 [myid:4] - TRACE
>> [CommitProcessor:4:NIOServerCnxn@170] - Add a buffer to outgoingBuffers,
>> sk sun.nio.ch.SelectionKeyImpl@1cde83a is valid: true
>> 2014-02-27 17:18:28,659 [myid:4] - INFO [NIOServerCxn.Factory:
>> 0.0.0.0/0.0.0.0:2181:NIOServerCnxn@1001] - Closed socket connection for
>> client
>>
>> So from a server perspective, the getData() request is ok....
>>
>> Any ideas / comments are welcomed.
>>
>> Regards.
>>
>
>
