HI todd,
From what I understand, you are sayin that a creator_all_acl does not work
with auth?
I tried the following with CREATOR_ALL_ACL and it seemed to work for me...
import org.apache.zookeeper.CreateMode;
import org.apache.zookeeper.WatchedEvent;
import org.apache.zookeeper.Watcher;
import org.apache.zookeeper.ZooKeeper;
import org.apache.zookeeper.data.ACL;
import org.apache.zookeeper.ZooDefs.Ids;
import java.util.ArrayList;
import java.util.List;
public class TestACl implements Watcher {
public static void main(String[] argv) throws Exception {
List<ACL> acls = new ArrayList<ACL>(1);
String authentication_type = "digest";
String authentication = "mahadev:some";
for (ACL ids_acl : Ids.CREATOR_ALL_ACL) {
acls.add(ids_acl);
}
TestACl tacl = new TestACl();
ZooKeeper zoo = new ZooKeeper("localhost:2181", 3000, tacl);
zoo.addAuthInfo(authentication_type, authentication.getBytes());
zoo.create("/some", new byte[0], acls, CreateMode.PERSISTENT);
zoo.setData("/some", new byte[0], -1);
}
@Override
public void process(WatchedEvent event) {
}
}
And it worked on my set of zookeeper servers....
And then
I tried
Without auth
Getdata("/some")
Which correctly gave me the error:
Exception in thread "main"
org.apache.zookeeper.KeeperException$NoAuthException: KeeperErrorCode =
NoAuth for /some
at org.apache.zookeeper.KeeperException.create(KeeperException.java:104)
at org.apache.zookeeper.KeeperException.create(KeeperException.java:42)
at org.apache.zookeeper.ZooKeeper.getData(ZooKeeper.java:892)
at org.apache.zookeeper.ZooKeeper.getData(ZooKeeper.java:921)
at
org.apache.zookeeper.ZooKeeperMain.processZKCmd(ZooKeeperMain.java:692)
at org.apache.zookeeper.ZooKeeperMain.processCmd(ZooKeeperMain.java:579)
at
org.apache.zookeeper.ZooKeeperMain.executeLine(ZooKeeperMain.java:351)
at org.apache.zookeeper.ZooKeeperMain.run(ZooKeeperMain.java:309)
at org.apache.zookeeper.ZooKeeperMain.main(ZooKeeperMain.java:268)
Is this what you are trying to do?
Thanks
mahadev
On 9/17/09 5:05 PM, "Todd Greenwood" <to...@audiencescience.com> wrote:
> I'm attempting to secure a zookeeper installation using zookeeper ACLs.
> However, I'm finding that while Ids.OPEN_ACL_UNSAFE works great, my
> attempts at using Ids.CREATOR_ALL_ACL are failing. Here's a code
> snippet:
>
>
> public class ZooWrapper
> {
>
> /*
> 1. Here I'm setting up my authentication. I've got an ACL list, and my
> authentication strings.
> */
> private final List<ACL> acl = new ArrayList<ACL>( 1 );
> private static final String authentication_type = "digest";
> private static final String authentication =
> "audiencescience:gravy";
>
>
> public ZooWrapper( final String connection_string,
> final String path,
> final int connectiontimeout ) throws
> ZooWrapperException
> {
> ...
> /*
> 2. Here I'm adding the acls
> */
>
> // This works (creates nodes, sets data on nodes)
> for ( ACL ids_acl : Ids.OPEN_ACL_UNSAFE )
> {
> acl.add( ids_acl);
> }
>
> /*
> NOTE: This does not work (nodes are not created, cannot set data on
> nodes b/c nodes do not exist)
> */
>
> // for ( ACL ids_acl : Ids.CREATOR_ALL_ACL )
> // {
> // acl.add( ids_acl );
> // }
>
> /*
> 3. Finally, I create a new zookeeper instance and add my authorization
> info to it.
> */
> zoo = new ZooKeeper( connection_string, connectiontimeout, this );
> zoo.addAuthInfo( authentication_type, authentication.getBytes() )
>
> /*
> 4. Later, I try to write some data into zookeeper by first creating the
> node, and then calling setdata...
> */
> zoo.create( path, new byte[0], acl, CreateMode.PERSISTENT );
>
> zoo.setData( path, bytes, -1 )
>
> As I mentioned above, when I add Ids.OPEN_ACL_UNSAFE to acl, then both
> the create and setData succeed. However, when I use Ids.CREATOR_ALL_ACL,
> then the nodes are not created. Am I missing something obvious w/
> respect to configuring ACLs?
>
> I've used the following references:
>
> http://hadoop.apache.org/zookeeper/docs/r3.1.1/zookeeperProgrammers.html
>
> http://mail-archives.apache.org/mod_mbox/hadoop-zookeeper-commits/200807
> .mbox/%3c20080731201025.c62092388...@eris.apache.org%3e
>
> http://books.google.com/books?id=bKPEwR-Pt6EC&pg=PT404&lpg=PT404&dq=zook
> eeper+ACL+digest+%22new+Id%22&source=bl&ots=kObz0y8eFk&sig=VFCAsNW0mBJyZ
> swoweJDI31iNlo&hl=en&ei=Z82ySojRFsqRlAeqxsyIDw&sa=X&oi=book_result&ct=re
> sult&resnum=6#v=onepage&q=zookeeper%20ACL%20digest%20%22new%20Id%22&f=fa
> lse
>
> -Todd
