Todd, there were other responses as well. Are you seeing other traffic from the lists? (perhaps a spam filtering issue?)


Mahadev Konar wrote:
HI todd,
  We did respond on zookeeper-user. Here is my response in case you didn't
see it...

HI todd,
 From what I understand, you are sayin that a creator_all_acl does not work
with auth?

 I tried the following with CREATOR_ALL_ACL and it seemed to work for me...

import org.apache.zookeeper.CreateMode;
import org.apache.zookeeper.WatchedEvent;
import org.apache.zookeeper.Watcher;
import org.apache.zookeeper.ZooKeeper;
import org.apache.zookeeper.ZooDefs.Ids;
import java.util.ArrayList;
import java.util.List;

public class TestACl implements Watcher {

    public static void main(String[] argv) throws Exception {
        List<ACL> acls = new ArrayList<ACL>(1);
        String authentication_type = "digest";
        String authentication = "mahadev:some";

        for (ACL ids_acl : Ids.CREATOR_ALL_ACL) {
        TestACl tacl = new TestACl();
        ZooKeeper zoo = new ZooKeeper("localhost:2181", 3000, tacl);
        zoo.addAuthInfo(authentication_type, authentication.getBytes());
        zoo.create("/some", new byte[0], acls, CreateMode.PERSISTENT);
        zoo.setData("/some", new byte[0], -1);

    public void process(WatchedEvent event) {


And it worked on my set of zookeeper servers....

And then I tried Without auth Getdata("/some")
Which correctly gave me the error:

Exception in thread "main"
org.apache.zookeeper.KeeperException$NoAuthException: KeeperErrorCode =
NoAuth for /some
    at org.apache.zookeeper.KeeperException.create(
    at org.apache.zookeeper.KeeperException.create(
    at org.apache.zookeeper.ZooKeeper.getData(
    at org.apache.zookeeper.ZooKeeper.getData(
at org.apache.zookeeper.ZooKeeperMain.processZKCmd(
    at org.apache.zookeeper.ZooKeeperMain.processCmd(
at org.apache.zookeeper.ZooKeeperMain.executeLine(
    at org.apache.zookeeper.ZooKeeperMain.main(

Is this what you are trying to do?


On 9/18/09 10:33 AM, "Todd Greenwood" <> wrote:

Appologies for cross posting, but I haven't received a response on this.
Quite simply, could someone point me to a working example/tutorial/docs
that describe how to use digest ACLs in zookeeper 3.1.1? The docs that I
have found (referenced below) have not clarified this for me.


-----Original Message-----
From: Todd Greenwood
Sent: Thursday, September 17, 2009 5:05 PM
To: ''
Subject: ACL question w/ Zookeeper 3.1.1

I'm attempting to secure a zookeeper installation using zookeeper
However, I'm finding that while Ids.OPEN_ACL_UNSAFE works great, my
attempts at using Ids.CREATOR_ALL_ACL are failing. Here's a code

public class ZooWrapper

1. Here I'm setting up my authentication. I've got an ACL list, and my
authentication strings.
    private final List<ACL> acl = new ArrayList<ACL>( 1 );
    private static final String authentication_type = "digest";
    private static final String authentication =

    public ZooWrapper( final String connection_string,
                       final String path,
                       final int connectiontimeout ) throws
2. Here I'm adding the acls

        // This works (creates nodes, sets data on nodes)
        for ( ACL ids_acl : Ids.OPEN_ACL_UNSAFE )
            acl.add( ids_acl);

NOTE:  This does not work (nodes are not created, cannot set data on
b/c nodes do not exist)

//        for ( ACL ids_acl : Ids.CREATOR_ALL_ACL )
//        {
//            acl.add( ids_acl );
//        }

3. Finally, I create a new zookeeper instance and add my authorization
info to it.
     zoo = new ZooKeeper( connection_string, connectiontimeout, this
     zoo.addAuthInfo( authentication_type, authentication.getBytes() )

4. Later, I try to write some data into zookeeper by first creating
node, and then calling setdata...
      zoo.create( path, new byte[0], acl, CreateMode.PERSISTENT );
      zoo.setData( path, bytes, -1 )

As I mentioned above, when I add Ids.OPEN_ACL_UNSAFE to acl, then both
create and setData succeed. However, when I use Ids.CREATOR_ALL_ACL,
the nodes are not created. Am I missing something obvious w/ respect
configuring ACLs?

I've used the following references:



Reply via email to