HI todd, From what I understand, you are sayin that a creator_all_acl does not work with auth?
I tried the following with CREATOR_ALL_ACL and it seemed to work for me... import org.apache.zookeeper.CreateMode; import org.apache.zookeeper.WatchedEvent; import org.apache.zookeeper.Watcher; import org.apache.zookeeper.ZooKeeper; import org.apache.zookeeper.data.ACL; import org.apache.zookeeper.ZooDefs.Ids; import java.util.ArrayList; import java.util.List; public class TestACl implements Watcher { public static void main(String[] argv) throws Exception { List<ACL> acls = new ArrayList<ACL>(1); String authentication_type = "digest"; String authentication = "mahadev:some"; for (ACL ids_acl : Ids.CREATOR_ALL_ACL) { acls.add(ids_acl); } TestACl tacl = new TestACl(); ZooKeeper zoo = new ZooKeeper("localhost:2181", 3000, tacl); zoo.addAuthInfo(authentication_type, authentication.getBytes()); zoo.create("/some", new byte[0], acls, CreateMode.PERSISTENT); zoo.setData("/some", new byte[0], -1); } @Override public void process(WatchedEvent event) { } } And it worked on my set of zookeeper servers.... And then I tried Without auth Getdata("/some") Which correctly gave me the error: Exception in thread "main" org.apache.zookeeper.KeeperException$NoAuthException: KeeperErrorCode = NoAuth for /some at org.apache.zookeeper.KeeperException.create(KeeperException.java:104) at org.apache.zookeeper.KeeperException.create(KeeperException.java:42) at org.apache.zookeeper.ZooKeeper.getData(ZooKeeper.java:892) at org.apache.zookeeper.ZooKeeper.getData(ZooKeeper.java:921) at org.apache.zookeeper.ZooKeeperMain.processZKCmd(ZooKeeperMain.java:692) at org.apache.zookeeper.ZooKeeperMain.processCmd(ZooKeeperMain.java:579) at org.apache.zookeeper.ZooKeeperMain.executeLine(ZooKeeperMain.java:351) at org.apache.zookeeper.ZooKeeperMain.run(ZooKeeperMain.java:309) at org.apache.zookeeper.ZooKeeperMain.main(ZooKeeperMain.java:268) Is this what you are trying to do? Thanks mahadev On 9/17/09 5:05 PM, "Todd Greenwood" <to...@audiencescience.com> wrote: > I'm attempting to secure a zookeeper installation using zookeeper ACLs. > However, I'm finding that while Ids.OPEN_ACL_UNSAFE works great, my > attempts at using Ids.CREATOR_ALL_ACL are failing. Here's a code > snippet: > > > public class ZooWrapper > { > > /* > 1. Here I'm setting up my authentication. I've got an ACL list, and my > authentication strings. > */ > private final List<ACL> acl = new ArrayList<ACL>( 1 ); > private static final String authentication_type = "digest"; > private static final String authentication = > "audiencescience:gravy"; > > > public ZooWrapper( final String connection_string, > final String path, > final int connectiontimeout ) throws > ZooWrapperException > { > ... > /* > 2. Here I'm adding the acls > */ > > // This works (creates nodes, sets data on nodes) > for ( ACL ids_acl : Ids.OPEN_ACL_UNSAFE ) > { > acl.add( ids_acl); > } > > /* > NOTE: This does not work (nodes are not created, cannot set data on > nodes b/c nodes do not exist) > */ > > // for ( ACL ids_acl : Ids.CREATOR_ALL_ACL ) > // { > // acl.add( ids_acl ); > // } > > /* > 3. Finally, I create a new zookeeper instance and add my authorization > info to it. > */ > zoo = new ZooKeeper( connection_string, connectiontimeout, this ); > zoo.addAuthInfo( authentication_type, authentication.getBytes() ) > > /* > 4. Later, I try to write some data into zookeeper by first creating the > node, and then calling setdata... > */ > zoo.create( path, new byte[0], acl, CreateMode.PERSISTENT ); > > zoo.setData( path, bytes, -1 ) > > As I mentioned above, when I add Ids.OPEN_ACL_UNSAFE to acl, then both > the create and setData succeed. However, when I use Ids.CREATOR_ALL_ACL, > then the nodes are not created. Am I missing something obvious w/ > respect to configuring ACLs? > > I've used the following references: > > http://hadoop.apache.org/zookeeper/docs/r3.1.1/zookeeperProgrammers.html > > http://mail-archives.apache.org/mod_mbox/hadoop-zookeeper-commits/200807 > .mbox/%3c20080731201025.c62092388...@eris.apache.org%3e > > http://books.google.com/books?id=bKPEwR-Pt6EC&pg=PT404&lpg=PT404&dq=zook > eeper+ACL+digest+%22new+Id%22&source=bl&ots=kObz0y8eFk&sig=VFCAsNW0mBJyZ > swoweJDI31iNlo&hl=en&ei=Z82ySojRFsqRlAeqxsyIDw&sa=X&oi=book_result&ct=re > sult&resnum=6#v=onepage&q=zookeeper%20ACL%20digest%20%22new%20Id%22&f=fa > lse > > -Todd