Example 6 with Id
use of org.apache.zookeeper.data.Id in project zookeeper by apache.
the class PrepRequestProcessor method fixupACL.
/**
* This method checks out the acl making sure it isn't null or empty,
* it has valid schemes and ids, and expanding any relative ids that
* depend on the requestor's authentication information.
*
* @param authInfo list of ACL IDs associated with the client connection
* @param acls list of ACLs being assigned to the node (create or setACL operation)
* @return verified and expanded ACLs
* @throws KeeperException.InvalidACLException
*/
private List<ACL> fixupACL(String path, List<Id> authInfo, List<ACL> acls) throws KeeperException.InvalidACLException {
// check for well formed ACLs
// This resolves https://issues.apache.org/jira/browse/ZOOKEEPER-1877
List<ACL> uniqacls = removeDuplicates(acls);
LinkedList<ACL> rv = new LinkedList<ACL>();
if (uniqacls == null || uniqacls.size() == 0) {
throw new KeeperException.InvalidACLException(path);
}
for (ACL a : uniqacls) {
LOG.debug("Processing ACL: {}", a);
if (a == null) {
throw new KeeperException.InvalidACLException(path);
}
Id id = a.getId();
if (id == null || id.getScheme() == null) {
throw new KeeperException.InvalidACLException(path);
}
if (id.getScheme().equals("world") && id.getId().equals("anyone")) {
rv.add(a);
} else if (id.getScheme().equals("auth")) {
// This is the "auth" id, so we have to expand it to the
// authenticated ids of the requestor
boolean authIdValid = false;
for (Id cid : authInfo) {
ServerAuthenticationProvider ap = ProviderRegistry.getServerProvider(cid.getScheme());
if (ap == null) {
LOG.error("Missing AuthenticationProvider for " + cid.getScheme());
} else if (ap.isAuthenticated()) {
authIdValid = true;
rv.add(new ACL(a.getPerms(), cid));
}
}
if (!authIdValid) {
throw new KeeperException.InvalidACLException(path);
}
} else {
ServerAuthenticationProvider ap = ProviderRegistry.getServerProvider(id.getScheme());
if (ap == null || !ap.isValid(id.getId())) {
throw new KeeperException.InvalidACLException(path);
}
rv.add(a);
}
}
return rv;
}
Also used :
ACL(org.apache.zookeeper.data.ACL)
Id(org.apache.zookeeper.data.Id)
ServerAuthenticationProvider(org.apache.zookeeper.server.auth.ServerAuthenticationProvider)
LinkedList(java.util.LinkedList)
KeeperException(org.apache.zookeeper.KeeperException)
Example 7 with Id
use of org.apache.zookeeper.data.Id in project zookeeper by apache.
the class AclParser method parse.
/**
* parse string into list of ACL
* @param aclString
* @return
*/
public static List<ACL> parse(String aclString) {
List<ACL> acl;
String[] acls = aclString.split(",");
acl = new ArrayList<ACL>();
for (String a : acls) {
int firstColon = a.indexOf(':');
int lastColon = a.lastIndexOf(':');
if (firstColon == -1 || lastColon == -1 || firstColon == lastColon) {
System.err.println(a + " does not have the form scheme:id:perm");
continue;
}
ACL newAcl = new ACL();
newAcl.setId(new Id(a.substring(0, firstColon), a.substring(firstColon + 1, lastColon)));
newAcl.setPerms(getPermFromString(a.substring(lastColon + 1)));
acl.add(newAcl);
}
return acl;
}Example 8 with Id
use of org.apache.zookeeper.data.Id in project zookeeper by apache.
the class IPAuthenticationProvider method handleAuthentication.
public KeeperException.Code handleAuthentication(ServerCnxn cnxn, byte[] authData) {
String id = cnxn.getRemoteSocketAddress().getAddress().getHostAddress();
cnxn.addAuthInfo(new Id(getScheme(), id));
return KeeperException.Code.OK;
}
Also used :
Id(org.apache.zookeeper.data.Id)
Example 9 with Id
use of org.apache.zookeeper.data.Id in project zookeeper by apache.
the class ReferenceCountedACLCacheTest method testWhetherOrderingMatters.
@Test
public void testWhetherOrderingMatters() {
List<ACL> testACL = new ArrayList<ACL>();
testACL.add(new ACL(ZooDefs.Perms.READ, new Id("scheme", "ro")));
testACL.add(new ACL(ZooDefs.Perms.WRITE, new Id("scheme", "rw")));
ReferenceCountedACLCache cache = new ReferenceCountedACLCache();
Long aclId = cache.convertAcls(testACL);
List<ACL> testACL2 = new ArrayList<ACL>();
testACL2.add(new ACL(ZooDefs.Perms.WRITE, new Id("scheme", "rw")));
testACL2.add(new ACL(ZooDefs.Perms.READ, new Id("scheme", "ro")));
assertFalse(aclId.equals(cache.convertAcls(testACL2)));
}Example 10 with Id
use of org.apache.zookeeper.data.Id in project zookeeper by apache.
the class ACLTest method testAcls.
/**
* Verify that acl optimization of storing just
* a few acls and there references in the data
* node is actually working.
*/
@Test
public void testAcls() throws Exception {
File tmpDir = ClientBase.createTmpDir();
ClientBase.setupTestEnv();
ZooKeeperServer zks = new ZooKeeperServer(tmpDir, tmpDir, 3000);
SyncRequestProcessor.setSnapCount(1000);
final int PORT = Integer.parseInt(HOSTPORT.split(":")[1]);
ServerCnxnFactory f = ServerCnxnFactory.createFactory(PORT, -1);
f.startup(zks);
ZooKeeper zk;
String path;
try {
LOG.info("starting up the zookeeper server .. waiting");
Assert.assertTrue("waiting for server being up", ClientBase.waitForServerUp(HOSTPORT, CONNECTION_TIMEOUT));
zk = ClientBase.createZKClient(HOSTPORT);
LOG.info("starting creating acls");
for (int i = 0; i < 100; i++) {
path = "/" + i;
zk.create(path, path.getBytes(), Ids.OPEN_ACL_UNSAFE, CreateMode.PERSISTENT);
}
int size = zks.getZKDatabase().getAclSize();
Assert.assertTrue("size of the acl map ", (2 == zks.getZKDatabase().getAclSize()));
for (int j = 100; j < 200; j++) {
path = "/" + j;
ACL acl = new ACL();
acl.setPerms(0);
Id id = new Id();
id.setId("1.1.1." + j);
id.setScheme("ip");
acl.setId(id);
ArrayList<ACL> list = new ArrayList<ACL>();
list.add(acl);
zk.create(path, path.getBytes(), list, CreateMode.PERSISTENT);
}
Assert.assertTrue("size of the acl map ", (102 == zks.getZKDatabase().getAclSize()));
} finally {
// now shutdown the server and restart it
f.shutdown();
zks.shutdown();
Assert.assertTrue("waiting for server down", ClientBase.waitForServerDown(HOSTPORT, CONNECTION_TIMEOUT));
}
zks = new ZooKeeperServer(tmpDir, tmpDir, 3000);
f = ServerCnxnFactory.createFactory(PORT, -1);
f.startup(zks);
try {
Assert.assertTrue("waiting for server up", ClientBase.waitForServerUp(HOSTPORT, CONNECTION_TIMEOUT));
zk = ClientBase.createZKClient(HOSTPORT);
Assert.assertTrue("acl map ", (102 == zks.getZKDatabase().getAclSize()));
for (int j = 200; j < 205; j++) {
path = "/" + j;
ACL acl = new ACL();
acl.setPerms(0);
Id id = new Id();
id.setId("1.1.1." + j);
id.setScheme("ip");
acl.setId(id);
ArrayList<ACL> list = new ArrayList<ACL>();
list.add(acl);
zk.create(path, path.getBytes(), list, CreateMode.PERSISTENT);
}
Assert.assertTrue("acl map ", (107 == zks.getZKDatabase().getAclSize()));
zk.close();
} finally {
f.shutdown();
zks.shutdown();
Assert.assertTrue("waiting for server down", ClientBase.waitForServerDown(HOSTPORT, ClientBase.CONNECTION_TIMEOUT));
}
}
Also used :
ZooKeeper(org.apache.zookeeper.ZooKeeper)
ArrayList(java.util.ArrayList)
ServerCnxnFactory(org.apache.zookeeper.server.ServerCnxnFactory)
ACL(org.apache.zookeeper.data.ACL)
Id(org.apache.zookeeper.data.Id)
File(java.io.File)
ZooKeeperServer(org.apache.zookeeper.server.ZooKeeperServer)
Test(org.junit.Test)
Aggregations
Id (org.apache.zookeeper.data.Id)50
ACL (org.apache.zookeeper.data.ACL)39
ArrayList (java.util.ArrayList)19
Test (org.junit.Test)18
KeeperException (org.apache.zookeeper.KeeperException)8
ZooKeeper (org.apache.zookeeper.ZooKeeper)8
Stat (org.apache.zookeeper.data.Stat)5
ByteArrayOutputStream (java.io.ByteArrayOutputStream)4
BinaryOutputArchive (org.apache.jute.BinaryOutputArchive)4
TestableZooKeeper (org.apache.zookeeper.TestableZooKeeper)4
ByteBuffer (java.nio.ByteBuffer)3
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)3
Configuration (org.apache.hadoop.conf.Configuration)3
CreateRequest (org.apache.zookeeper.proto.CreateRequest)3
IOException (java.io.IOException)2
LinkedHashSet (java.util.LinkedHashSet)2
SetupStep (org.apache.atlas.setup.SetupStep)2
CuratorFramework (org.apache.curator.framework.CuratorFramework)2
ACLProvider (org.apache.curator.framework.api.ACLProvider)2
CreateBuilder (org.apache.curator.framework.api.CreateBuilder)2
