HI todd,
We did respond on zookeeper-user. Here is my response in case you didn't
see it...
HI todd,
From what I understand, you are sayin that a creator_all_acl does not work
with auth?
I tried the following with CREATOR_ALL_ACL and it seemed to work for me...
import org.apache.zookeeper.CreateMode;
import org.apache.zookeeper.WatchedEvent;
import org.apache.zookeeper.Watcher;
import org.apache.zookeeper.ZooKeeper;
import org.apache.zookeeper.data.ACL;
import org.apache.zookeeper.ZooDefs.Ids;
import java.util.ArrayList;
import java.util.List;
public class TestACl implements Watcher {
public static void main(String[] argv) throws Exception {
List<ACL> acls = new ArrayList<ACL>(1);
String authentication_type = "digest";
String authentication = "mahadev:some";
for (ACL ids_acl : Ids.CREATOR_ALL_ACL) {
acls.add(ids_acl);
}
TestACl tacl = new TestACl();
ZooKeeper zoo = new ZooKeeper("localhost:2181", 3000, tacl);
zoo.addAuthInfo(authentication_type, authentication.getBytes());
zoo.create("/some", new byte[0], acls, CreateMode.PERSISTENT);
zoo.setData("/some", new byte[0], -1);
}
@Override
public void process(WatchedEvent event) {
}
}
And it worked on my set of zookeeper servers....
And then
I tried
Without auth
Getdata("/some")
Which correctly gave me the error:
Exception in thread "main"
org.apache.zookeeper.KeeperException$NoAuthException: KeeperErrorCode =
NoAuth for /some
at org.apache.zookeeper.KeeperException.create(KeeperException.java:104)
at org.apache.zookeeper.KeeperException.create(KeeperException.java:42)
at org.apache.zookeeper.ZooKeeper.getData(ZooKeeper.java:892)
at org.apache.zookeeper.ZooKeeper.getData(ZooKeeper.java:921)
at
org.apache.zookeeper.ZooKeeperMain.processZKCmd(ZooKeeperMain.java:692)
at org.apache.zookeeper.ZooKeeperMain.processCmd(ZooKeeperMain.java:579)
at
org.apache.zookeeper.ZooKeeperMain.executeLine(ZooKeeperMain.java:351)
at org.apache.zookeeper.ZooKeeperMain.run(ZooKeeperMain.java:309)
at org.apache.zookeeper.ZooKeeperMain.main(ZooKeeperMain.java:268)
Is this what you are trying to do?
Thanks
mahadev
On 9/18/09 10:33 AM, "Todd Greenwood" <to...@audiencescience.com> wrote:
> Appologies for cross posting, but I haven't received a response on this.
> Quite simply, could someone point me to a working example/tutorial/docs
> that describe how to use digest ACLs in zookeeper 3.1.1? The docs that I
> have found (referenced below) have not clarified this for me.
>
> -Todd
>
>> -----Original Message-----
>> From: Todd Greenwood
>> Sent: Thursday, September 17, 2009 5:05 PM
>> To: 'zookeeper-u...@hadoop.apache.org'
>> Subject: ACL question w/ Zookeeper 3.1.1
>>
>> I'm attempting to secure a zookeeper installation using zookeeper
> ACLs.
>> However, I'm finding that while Ids.OPEN_ACL_UNSAFE works great, my
>> attempts at using Ids.CREATOR_ALL_ACL are failing. Here's a code
> snippet:
>>
>>
>> public class ZooWrapper
>> {
>>
>> /*
>> 1. Here I'm setting up my authentication. I've got an ACL list, and my
>> authentication strings.
>> */
>> private final List<ACL> acl = new ArrayList<ACL>( 1 );
>> private static final String authentication_type = "digest";
>> private static final String authentication =
> "audiencescience:gravy";
>>
>>
>> public ZooWrapper( final String connection_string,
>> final String path,
>> final int connectiontimeout ) throws
>> ZooWrapperException
>> {
>> ...
>> /*
>> 2. Here I'm adding the acls
>> */
>>
>> // This works (creates nodes, sets data on nodes)
>> for ( ACL ids_acl : Ids.OPEN_ACL_UNSAFE )
>> {
>> acl.add( ids_acl);
>> }
>>
>> /*
>> NOTE: This does not work (nodes are not created, cannot set data on
> nodes
>> b/c nodes do not exist)
>> */
>>
>> // for ( ACL ids_acl : Ids.CREATOR_ALL_ACL )
>> // {
>> // acl.add( ids_acl );
>> // }
>>
>> /*
>> 3. Finally, I create a new zookeeper instance and add my authorization
>> info to it.
>> */
>> zoo = new ZooKeeper( connection_string, connectiontimeout, this
> );
>> zoo.addAuthInfo( authentication_type, authentication.getBytes() )
>>
>> /*
>> 4. Later, I try to write some data into zookeeper by first creating
> the
>> node, and then calling setdata...
>> */
>> zoo.create( path, new byte[0], acl, CreateMode.PERSISTENT );
>> zoo.setData( path, bytes, -1 )
>>
>> As I mentioned above, when I add Ids.OPEN_ACL_UNSAFE to acl, then both
> the
>> create and setData succeed. However, when I use Ids.CREATOR_ALL_ACL,
> then
>> the nodes are not created. Am I missing something obvious w/ respect
> to
>> configuring ACLs?
>>
>> I've used the following references:
>>
>>
> http://hadoop.apache.org/zookeeper/docs/r3.1.1/zookeeperProgrammers.html
>>
>> http://mail-archives.apache.org/mod_mbox/hadoop-zookeeper-
>> commits/200807.mbox/%3c20080731201025.c62092388...@eris.apache.org%3e
>>
>> http://books.google.com/books?id=bKPEwR-
>>
> Pt6EC&pg=PT404&lpg=PT404&dq=zookeeper+ACL+digest+%22new+Id%22&source=bl&
> ot
>>
> s=kObz0y8eFk&sig=VFCAsNW0mBJyZswoweJDI31iNlo&hl=en&ei=Z82ySojRFsqRlAeqxs
> yI
>>
> Dw&sa=X&oi=book_result&ct=result&resnum=6#v=onepage&q=zookeeper%20ACL%20
> di
>> gest%20%22new%20Id%22&f=false
>>
>> -Todd
