use of org.apache.zookeeper.data.Id in project zookeeper by apache.
the class PrepRequestProcessor method fixupACL.
/**
* This method checks out the acl making sure it isn't null or empty,
* it has valid schemes and ids, and expanding any relative ids that
* depend on the requestor's authentication information.
*
* @param authInfo list of ACL IDs associated with the client connection
* @param acls list of ACLs being assigned to the node (create or setACL operation)
* @return verified and expanded ACLs
* @throws KeeperException.InvalidACLException
*/
private List<ACL> fixupACL(String path, List<Id> authInfo, List<ACL> acls) throws KeeperException.InvalidACLException {
// check for well formed ACLs
// This resolves https://issues.apache.org/jira/browse/ZOOKEEPER-1877
List<ACL> uniqacls = removeDuplicates(acls);
LinkedList<ACL> rv = new LinkedList<ACL>();
if (uniqacls == null || uniqacls.size() == 0) {
throw new KeeperException.InvalidACLException(path);
}
for (ACL a : uniqacls) {
LOG.debug("Processing ACL: {}", a);
if (a == null) {
throw new KeeperException.InvalidACLException(path);
}
Id id = a.getId();
if (id == null || id.getScheme() == null) {
throw new KeeperException.InvalidACLException(path);
}
if (id.getScheme().equals("world") && id.getId().equals("anyone")) {
rv.add(a);
} else if (id.getScheme().equals("auth")) {
// This is the "auth" id, so we have to expand it to the
// authenticated ids of the requestor
boolean authIdValid = false;
for (Id cid : authInfo) {
ServerAuthenticationProvider ap = ProviderRegistry.getServerProvider(cid.getScheme());
if (ap == null) {
LOG.error("Missing AuthenticationProvider for " + cid.getScheme());
} else if (ap.isAuthenticated()) {
authIdValid = true;
rv.add(new ACL(a.getPerms(), cid));
}
}
if (!authIdValid) {
throw new KeeperException.InvalidACLException(path);
}
} else {
ServerAuthenticationProvider ap = ProviderRegistry.getServerProvider(id.getScheme());
if (ap == null || !ap.isValid(id.getId())) {
throw new KeeperException.InvalidACLException(path);
}
rv.add(a);
}
}
return rv;
}
use of org.apache.zookeeper.data.Id in project zookeeper by apache.
the class AclParser method parse.
/**
* parse string into list of ACL
* @param aclString
* @return
*/
public static List<ACL> parse(String aclString) {
List<ACL> acl;
String[] acls = aclString.split(",");
acl = new ArrayList<ACL>();
for (String a : acls) {
int firstColon = a.indexOf(':');
int lastColon = a.lastIndexOf(':');
if (firstColon == -1 || lastColon == -1 || firstColon == lastColon) {
System.err.println(a + " does not have the form scheme:id:perm");
continue;
}
ACL newAcl = new ACL();
newAcl.setId(new Id(a.substring(0, firstColon), a.substring(firstColon + 1, lastColon)));
newAcl.setPerms(getPermFromString(a.substring(lastColon + 1)));
acl.add(newAcl);
}
return acl;
}
use of org.apache.zookeeper.data.Id in project zookeeper by apache.
the class IPAuthenticationProvider method handleAuthentication.
public KeeperException.Code handleAuthentication(ServerCnxn cnxn, byte[] authData) {
String id = cnxn.getRemoteSocketAddress().getAddress().getHostAddress();
cnxn.addAuthInfo(new Id(getScheme(), id));
return KeeperException.Code.OK;
}
use of org.apache.zookeeper.data.Id in project zookeeper by apache.
the class ReferenceCountedACLCacheTest method testWhetherOrderingMatters.
@Test
public void testWhetherOrderingMatters() {
List<ACL> testACL = new ArrayList<ACL>();
testACL.add(new ACL(ZooDefs.Perms.READ, new Id("scheme", "ro")));
testACL.add(new ACL(ZooDefs.Perms.WRITE, new Id("scheme", "rw")));
ReferenceCountedACLCache cache = new ReferenceCountedACLCache();
Long aclId = cache.convertAcls(testACL);
List<ACL> testACL2 = new ArrayList<ACL>();
testACL2.add(new ACL(ZooDefs.Perms.WRITE, new Id("scheme", "rw")));
testACL2.add(new ACL(ZooDefs.Perms.READ, new Id("scheme", "ro")));
assertFalse(aclId.equals(cache.convertAcls(testACL2)));
}
use of org.apache.zookeeper.data.Id in project zookeeper by apache.
the class ACLTest method testAcls.
/**
* Verify that acl optimization of storing just
* a few acls and there references in the data
* node is actually working.
*/
@Test
public void testAcls() throws Exception {
File tmpDir = ClientBase.createTmpDir();
ClientBase.setupTestEnv();
ZooKeeperServer zks = new ZooKeeperServer(tmpDir, tmpDir, 3000);
SyncRequestProcessor.setSnapCount(1000);
final int PORT = Integer.parseInt(HOSTPORT.split(":")[1]);
ServerCnxnFactory f = ServerCnxnFactory.createFactory(PORT, -1);
f.startup(zks);
ZooKeeper zk;
String path;
try {
LOG.info("starting up the zookeeper server .. waiting");
Assert.assertTrue("waiting for server being up", ClientBase.waitForServerUp(HOSTPORT, CONNECTION_TIMEOUT));
zk = ClientBase.createZKClient(HOSTPORT);
LOG.info("starting creating acls");
for (int i = 0; i < 100; i++) {
path = "/" + i;
zk.create(path, path.getBytes(), Ids.OPEN_ACL_UNSAFE, CreateMode.PERSISTENT);
}
int size = zks.getZKDatabase().getAclSize();
Assert.assertTrue("size of the acl map ", (2 == zks.getZKDatabase().getAclSize()));
for (int j = 100; j < 200; j++) {
path = "/" + j;
ACL acl = new ACL();
acl.setPerms(0);
Id id = new Id();
id.setId("1.1.1." + j);
id.setScheme("ip");
acl.setId(id);
ArrayList<ACL> list = new ArrayList<ACL>();
list.add(acl);
zk.create(path, path.getBytes(), list, CreateMode.PERSISTENT);
}
Assert.assertTrue("size of the acl map ", (102 == zks.getZKDatabase().getAclSize()));
} finally {
// now shutdown the server and restart it
f.shutdown();
zks.shutdown();
Assert.assertTrue("waiting for server down", ClientBase.waitForServerDown(HOSTPORT, CONNECTION_TIMEOUT));
}
zks = new ZooKeeperServer(tmpDir, tmpDir, 3000);
f = ServerCnxnFactory.createFactory(PORT, -1);
f.startup(zks);
try {
Assert.assertTrue("waiting for server up", ClientBase.waitForServerUp(HOSTPORT, CONNECTION_TIMEOUT));
zk = ClientBase.createZKClient(HOSTPORT);
Assert.assertTrue("acl map ", (102 == zks.getZKDatabase().getAclSize()));
for (int j = 200; j < 205; j++) {
path = "/" + j;
ACL acl = new ACL();
acl.setPerms(0);
Id id = new Id();
id.setId("1.1.1." + j);
id.setScheme("ip");
acl.setId(id);
ArrayList<ACL> list = new ArrayList<ACL>();
list.add(acl);
zk.create(path, path.getBytes(), list, CreateMode.PERSISTENT);
}
Assert.assertTrue("acl map ", (107 == zks.getZKDatabase().getAclSize()));
zk.close();
} finally {
f.shutdown();
zks.shutdown();
Assert.assertTrue("waiting for server down", ClientBase.waitForServerDown(HOSTPORT, ClientBase.CONNECTION_TIMEOUT));
}
}
Aggregations