Appologies for cross posting, but I haven't received a response on this. Quite simply, could someone point me to a working example/tutorial/docs that describe how to use digest ACLs in zookeeper 3.1.1? The docs that I have found (referenced below) have not clarified this for me.
-Todd > -----Original Message----- > From: Todd Greenwood > Sent: Thursday, September 17, 2009 5:05 PM > To: 'zookeeper-u...@hadoop.apache.org' > Subject: ACL question w/ Zookeeper 3.1.1 > > I'm attempting to secure a zookeeper installation using zookeeper ACLs. > However, I'm finding that while Ids.OPEN_ACL_UNSAFE works great, my > attempts at using Ids.CREATOR_ALL_ACL are failing. Here's a code snippet: > > > public class ZooWrapper > { > > /* > 1. Here I'm setting up my authentication. I've got an ACL list, and my > authentication strings. > */ > private final List<ACL> acl = new ArrayList<ACL>( 1 ); > private static final String authentication_type = "digest"; > private static final String authentication = "audiencescience:gravy"; > > > public ZooWrapper( final String connection_string, > final String path, > final int connectiontimeout ) throws > ZooWrapperException > { > ... > /* > 2. Here I'm adding the acls > */ > > // This works (creates nodes, sets data on nodes) > for ( ACL ids_acl : Ids.OPEN_ACL_UNSAFE ) > { > acl.add( ids_acl); > } > > /* > NOTE: This does not work (nodes are not created, cannot set data on nodes > b/c nodes do not exist) > */ > > // for ( ACL ids_acl : Ids.CREATOR_ALL_ACL ) > // { > // acl.add( ids_acl ); > // } > > /* > 3. Finally, I create a new zookeeper instance and add my authorization > info to it. > */ > zoo = new ZooKeeper( connection_string, connectiontimeout, this ); > zoo.addAuthInfo( authentication_type, authentication.getBytes() ) > > /* > 4. Later, I try to write some data into zookeeper by first creating the > node, and then calling setdata... > */ > zoo.create( path, new byte[0], acl, CreateMode.PERSISTENT ); > zoo.setData( path, bytes, -1 ) > > As I mentioned above, when I add Ids.OPEN_ACL_UNSAFE to acl, then both the > create and setData succeed. However, when I use Ids.CREATOR_ALL_ACL, then > the nodes are not created. Am I missing something obvious w/ respect to > configuring ACLs? > > I've used the following references: > > http://hadoop.apache.org/zookeeper/docs/r3.1.1/zookeeperProgrammers.html > > http://mail-archives.apache.org/mod_mbox/hadoop-zookeeper- > commits/200807.mbox/%3c20080731201025.c62092388...@eris.apache.org%3e > > http://books.google.com/books?id=bKPEwR- > Pt6EC&pg=PT404&lpg=PT404&dq=zookeeper+ACL+digest+%22new+Id%22&source=bl& ot > s=kObz0y8eFk&sig=VFCAsNW0mBJyZswoweJDI31iNlo&hl=en&ei=Z82ySojRFsqRlAeqxs yI > Dw&sa=X&oi=book_result&ct=result&resnum=6#v=onepage&q=zookeeper%20ACL%20 di > gest%20%22new%20Id%22&f=false > > -Todd