Appologies for cross posting, but I haven't received a response on this.
Quite simply, could someone point me to a working example/tutorial/docs
that describe how to use digest ACLs in zookeeper 3.1.1? The docs that I
have found (referenced below) have not clarified this for me.
-Todd
> -----Original Message-----
> From: Todd Greenwood
> Sent: Thursday, September 17, 2009 5:05 PM
> To: 'zookeeper-u...@hadoop.apache.org'
> Subject: ACL question w/ Zookeeper 3.1.1
>
> I'm attempting to secure a zookeeper installation using zookeeper
ACLs.
> However, I'm finding that while Ids.OPEN_ACL_UNSAFE works great, my
> attempts at using Ids.CREATOR_ALL_ACL are failing. Here's a code
snippet:
>
>
> public class ZooWrapper
> {
>
> /*
> 1. Here I'm setting up my authentication. I've got an ACL list, and my
> authentication strings.
> */
> private final List<ACL> acl = new ArrayList<ACL>( 1 );
> private static final String authentication_type = "digest";
> private static final String authentication =
"audiencescience:gravy";
>
>
> public ZooWrapper( final String connection_string,
> final String path,
> final int connectiontimeout ) throws
> ZooWrapperException
> {
> ...
> /*
> 2. Here I'm adding the acls
> */
>
> // This works (creates nodes, sets data on nodes)
> for ( ACL ids_acl : Ids.OPEN_ACL_UNSAFE )
> {
> acl.add( ids_acl);
> }
>
> /*
> NOTE: This does not work (nodes are not created, cannot set data on
nodes
> b/c nodes do not exist)
> */
>
> // for ( ACL ids_acl : Ids.CREATOR_ALL_ACL )
> // {
> // acl.add( ids_acl );
> // }
>
> /*
> 3. Finally, I create a new zookeeper instance and add my authorization
> info to it.
> */
> zoo = new ZooKeeper( connection_string, connectiontimeout, this
);
> zoo.addAuthInfo( authentication_type, authentication.getBytes() )
>
> /*
> 4. Later, I try to write some data into zookeeper by first creating
the
> node, and then calling setdata...
> */
> zoo.create( path, new byte[0], acl, CreateMode.PERSISTENT );
> zoo.setData( path, bytes, -1 )
>
> As I mentioned above, when I add Ids.OPEN_ACL_UNSAFE to acl, then both
the
> create and setData succeed. However, when I use Ids.CREATOR_ALL_ACL,
then
> the nodes are not created. Am I missing something obvious w/ respect
to
> configuring ACLs?
>
> I've used the following references:
>
>
http://hadoop.apache.org/zookeeper/docs/r3.1.1/zookeeperProgrammers.html
>
> http://mail-archives.apache.org/mod_mbox/hadoop-zookeeper-
> commits/200807.mbox/%3c20080731201025.c62092388...@eris.apache.org%3e
>
> http://books.google.com/books?id=bKPEwR-
>
Pt6EC&pg=PT404&lpg=PT404&dq=zookeeper+ACL+digest+%22new+Id%22&source=bl&
ot
>
s=kObz0y8eFk&sig=VFCAsNW0mBJyZswoweJDI31iNlo&hl=en&ei=Z82ySojRFsqRlAeqxs
yI
>
Dw&sa=X&oi=book_result&ct=result&resnum=6#v=onepage&q=zookeeper%20ACL%20
di
> gest%20%22new%20Id%22&f=false
>
> -Todd
