use of org.apache.zookeeper.data.Id in project helios by spotify.
the class RuleBasedZooKeeperAclProviderTest method testMultipleMatchingRules.
@Test
public void testMultipleMatchingRules() {
final Id id1 = new Id("some_scheme", "id1");
final Id id2 = new Id("some_scheme", "id2");
final RuleBasedZooKeeperAclProvider aclProvider = RuleBasedZooKeeperAclProvider.builder().rule("/foo.*", DELETE, id1).rule("/foo/bar", CREATE, id1).rule(".*", READ, id2).rule("/foo/bar/baz", WRITE, id2).build();
assertThat(aclProvider.getAclForPath("/foo/bar"), containsInAnyOrder(new ACL(CREATE | DELETE, id1), new ACL(READ, id2)));
}
use of org.apache.zookeeper.data.Id in project zookeeper by apache.
the class SaslAuthTest method testInvalidSaslIds.
@Test
public void testInvalidSaslIds() throws Exception {
ZooKeeper zk = createClient();
List<String> invalidIds = new ArrayList<String>();
invalidIds.add("user@KERB.REALM/server.com");
invalidIds.add("user@KERB.REALM1@KERB.REALM2");
int i = 0;
for (String invalidId : invalidIds) {
List<ACL> aclList = new ArrayList<ACL>();
try {
ACL acl = new ACL(0, new Id("sasl", invalidId));
aclList.add(acl);
zk.create("/invalid" + i, null, aclList, CreateMode.PERSISTENT);
Assert.fail("SASLAuthenticationProvider.isValid() failed to catch invalid Id.");
} catch (KeeperException.InvalidACLException e) {
// ok.
} finally {
i++;
}
}
}
use of org.apache.zookeeper.data.Id in project zookeeper by apache.
the class SaslAuthTest method testValidSaslIds.
@Test
public void testValidSaslIds() throws Exception {
ZooKeeper zk = createClient();
List<String> validIds = new ArrayList<String>();
validIds.add("user");
validIds.add("service/host.name.com");
validIds.add("user@KERB.REALM");
validIds.add("service/host.name.com@KERB.REALM");
int i = 0;
for (String validId : validIds) {
List<ACL> aclList = new ArrayList<ACL>();
ACL acl = new ACL(0, new Id("sasl", validId));
aclList.add(acl);
zk.create("/valid" + i, null, aclList, CreateMode.PERSISTENT);
i++;
}
}
use of org.apache.zookeeper.data.Id in project zookeeper by apache.
the class AclParser method parse.
/**
* parse string into list of ACL
* @param aclString
* @return
*/
public static List<ACL> parse(String aclString) {
List<ACL> acl;
String[] acls = aclString.split(",");
acl = new ArrayList<ACL>();
for (String a : acls) {
int firstColon = a.indexOf(':');
int lastColon = a.lastIndexOf(':');
if (firstColon == -1 || lastColon == -1 || firstColon == lastColon) {
System.err.println(a + " does not have the form scheme:id:perm");
continue;
}
ACL newAcl = new ACL();
newAcl.setId(new Id(a.substring(0, firstColon), a.substring(firstColon + 1, lastColon)));
newAcl.setPerms(getPermFromString(a.substring(lastColon + 1)));
acl.add(newAcl);
}
return acl;
}
use of org.apache.zookeeper.data.Id in project zookeeper by apache.
the class PrepRequestProcessor method fixupACL.
/**
* This method checks out the acl making sure it isn't null or empty,
* it has valid schemes and ids, and expanding any relative ids that
* depend on the requestor's authentication information.
*
* @param authInfo list of ACL IDs associated with the client connection
* @param acls list of ACLs being assigned to the node (create or setACL operation)
* @return verified and expanded ACLs
* @throws KeeperException.InvalidACLException
*/
private List<ACL> fixupACL(String path, List<Id> authInfo, List<ACL> acls) throws KeeperException.InvalidACLException {
// check for well formed ACLs
// This resolves https://issues.apache.org/jira/browse/ZOOKEEPER-1877
List<ACL> uniqacls = removeDuplicates(acls);
List<ACL> rv = new LinkedList<ACL>();
if (uniqacls == null || uniqacls.size() == 0) {
throw new KeeperException.InvalidACLException(path);
}
for (ACL a : uniqacls) {
LOG.debug("Processing ACL: {}", a);
if (a == null) {
throw new KeeperException.InvalidACLException(path);
}
Id id = a.getId();
if (id == null || id.getScheme() == null) {
throw new KeeperException.InvalidACLException(path);
}
if (id.getScheme().equals("world") && id.getId().equals("anyone")) {
rv.add(a);
} else if (id.getScheme().equals("auth")) {
// This is the "auth" id, so we have to expand it to the
// authenticated ids of the requestor
boolean authIdValid = false;
for (Id cid : authInfo) {
ServerAuthenticationProvider ap = ProviderRegistry.getServerProvider(cid.getScheme());
if (ap == null) {
LOG.error("Missing AuthenticationProvider for " + cid.getScheme());
} else if (ap.isAuthenticated()) {
authIdValid = true;
rv.add(new ACL(a.getPerms(), cid));
}
}
if (!authIdValid) {
throw new KeeperException.InvalidACLException(path);
}
} else {
ServerAuthenticationProvider ap = ProviderRegistry.getServerProvider(id.getScheme());
if (ap == null || !ap.isValid(id.getId())) {
throw new KeeperException.InvalidACLException(path);
}
rv.add(a);
}
}
return rv;
}
Aggregations