Example 1 with AuthenticationProvider
use of org.apache.zookeeper_voltpatches.server.auth.AuthenticationProvider in project voltdb by VoltDB.
the class ZooKeeperServer method fixupACL.
/**
* This method checks out the acl making sure it isn't null or empty, it has
* valid schemes and ids, and expanding any relative ids that depend on the
* requestor's authentication information.
*
* @param authInfo
* list of ACL IDs associated with the client connection
* @param acl
* list of ACLs being assigned to the node (create or setACL
* operation)
* @return
*/
private boolean fixupACL(List<Id> authInfo, List<ACL> acl) {
if (skipACL) {
return true;
}
if (acl == null || acl.size() == 0) {
return false;
}
Iterator<ACL> it = acl.iterator();
LinkedList<ACL> toAdd = null;
while (it.hasNext()) {
ACL a = it.next();
Id id = a.getId();
if (id.getScheme().equals("world") && id.getId().equals("anyone")) {
// wide open
} else if (id.getScheme().equals("auth")) {
// This is the "auth" id, so we have to expand it to the
// authenticated ids of the requestor
it.remove();
if (toAdd == null) {
toAdd = new LinkedList<ACL>();
}
boolean authIdValid = false;
for (Id cid : authInfo) {
AuthenticationProvider ap = ProviderRegistry.getProvider(cid.getScheme());
if (ap == null) {
LOG.error("Missing AuthenticationProvider for " + cid.getScheme());
} else if (ap.isAuthenticated()) {
authIdValid = true;
toAdd.add(new ACL(a.getPerms(), cid));
}
}
if (!authIdValid) {
return false;
}
} else {
AuthenticationProvider ap = ProviderRegistry.getProvider(id.getScheme());
if (ap == null) {
return false;
}
if (!ap.isValid(id.getId())) {
return false;
}
}
}
if (toAdd != null) {
for (ACL a : toAdd) {
acl.add(a);
}
}
return acl.size() > 0;
}
Also used :
AuthenticationProvider(org.apache.zookeeper_voltpatches.server.auth.AuthenticationProvider)
ACL(org.apache.zookeeper_voltpatches.data.ACL)
Id(org.apache.zookeeper_voltpatches.data.Id)
LinkedList(java.util.LinkedList)
Example 2 with AuthenticationProvider
use of org.apache.zookeeper_voltpatches.server.auth.AuthenticationProvider in project voltdb by VoltDB.
the class ProviderRegistry method initialize.
public static void initialize() {
synchronized (ProviderRegistry.class) {
if (initialized)
return;
IPAuthenticationProvider ipp = new IPAuthenticationProvider();
DigestAuthenticationProvider digp = new DigestAuthenticationProvider();
authenticationProviders.put(ipp.getScheme(), ipp);
authenticationProviders.put(digp.getScheme(), digp);
Enumeration<Object> en = System.getProperties().keys();
while (en.hasMoreElements()) {
String k = (String) en.nextElement();
if (k.startsWith("zookeeper.authProvider.")) {
String className = System.getProperty(k);
try {
Class<?> c = ZooKeeperServer.class.getClassLoader().loadClass(className);
AuthenticationProvider ap = (AuthenticationProvider) c.newInstance();
authenticationProviders.put(ap.getScheme(), ap);
} catch (Exception e) {
LOG.warn("Problems loading " + className, e);
}
}
}
initialized = true;
}
}
Also used :
IPAuthenticationProvider(org.apache.zookeeper_voltpatches.server.auth.IPAuthenticationProvider)
ProviderRegistry(org.apache.zookeeper_voltpatches.server.auth.ProviderRegistry)
AuthenticationProvider(org.apache.zookeeper_voltpatches.server.auth.AuthenticationProvider)
DigestAuthenticationProvider(org.apache.zookeeper_voltpatches.server.auth.DigestAuthenticationProvider)
IPAuthenticationProvider(org.apache.zookeeper_voltpatches.server.auth.IPAuthenticationProvider)
ZooKeeperServer(org.apache.zookeeper_voltpatches.server.ZooKeeperServer)
DigestAuthenticationProvider(org.apache.zookeeper_voltpatches.server.auth.DigestAuthenticationProvider)
Example 3 with AuthenticationProvider
use of org.apache.zookeeper_voltpatches.server.auth.AuthenticationProvider in project voltdb by VoltDB.
the class NIOServerCnxn method readRequest.
private void readRequest() throws IOException {
// We have the request, now process and setup for next
InputStream bais = new ByteBufferInputStream(incomingBuffer);
BinaryInputArchive bia = BinaryInputArchive.getArchive(bais);
RequestHeader h = new RequestHeader();
h.deserialize(bia, "header");
// Through the magic of byte buffers, txn will not be
// pointing
// to the start of the txn
incomingBuffer = incomingBuffer.slice();
if (h.getType() == OpCode.auth) {
AuthPacket authPacket = new AuthPacket();
ZooKeeperServer.byteBuffer2Record(incomingBuffer, authPacket);
String scheme = authPacket.getScheme();
AuthenticationProvider ap = ProviderRegistry.getProvider(scheme);
if (ap == null || (ap.handleAuthentication(this, authPacket.getAuth()) != KeeperException.Code.OK)) {
if (ap == null) {
LOG.warn("No authentication provider for scheme: " + scheme + " has " + ProviderRegistry.listProviders());
} else {
LOG.warn("Authentication failed for scheme: " + scheme);
}
// send a response...
ReplyHeader rh = new ReplyHeader(h.getXid(), 0, KeeperException.Code.AUTHFAILED.intValue());
sendResponse(rh, null, null);
// ... and close connection
sendCloseSession();
disableRecv();
} else {
if (LOG.isDebugEnabled()) {
LOG.debug("Authentication succeeded for scheme: " + scheme);
}
ReplyHeader rh = new ReplyHeader(h.getXid(), 0, KeeperException.Code.OK.intValue());
sendResponse(rh, null, null);
}
return;
} else {
Request si = new Request(this, sessionId, h.getXid(), h.getType(), incomingBuffer, authInfo);
si.setOwner(ServerCnxn.me);
zk.submitRequest(si);
}
if (h.getXid() >= 0) {
synchronized (this) {
outstandingRequests++;
}
synchronized (this.factory) {
// check throttling
if (zk.getInProcess() > factory.outstandingLimit) {
if (LOG.isDebugEnabled()) {
LOG.debug("Throttling recv " + zk.getInProcess());
}
disableRecv();
// following lines should not be needed since we are
// already reading
// } else {
// enableRecv();
}
}
}
}
Also used :
BinaryInputArchive(org.apache.jute_voltpatches.BinaryInputArchive)
ReplyHeader(org.apache.zookeeper_voltpatches.proto.ReplyHeader)
InputStream(java.io.InputStream)
AuthPacket(org.apache.zookeeper_voltpatches.proto.AuthPacket)
AuthenticationProvider(org.apache.zookeeper_voltpatches.server.auth.AuthenticationProvider)
ConnectRequest(org.apache.zookeeper_voltpatches.proto.ConnectRequest)
RequestHeader(org.apache.zookeeper_voltpatches.proto.RequestHeader)
Aggregations
AuthenticationProvider (org.apache.zookeeper_voltpatches.server.auth.AuthenticationProvider)3
InputStream (java.io.InputStream)1
LinkedList (java.util.LinkedList)1
BinaryInputArchive (org.apache.jute_voltpatches.BinaryInputArchive)1
ACL (org.apache.zookeeper_voltpatches.data.ACL)1
Id (org.apache.zookeeper_voltpatches.data.Id)1
AuthPacket (org.apache.zookeeper_voltpatches.proto.AuthPacket)1
ConnectRequest (org.apache.zookeeper_voltpatches.proto.ConnectRequest)1
ReplyHeader (org.apache.zookeeper_voltpatches.proto.ReplyHeader)1
RequestHeader (org.apache.zookeeper_voltpatches.proto.RequestHeader)1
ZooKeeperServer (org.apache.zookeeper_voltpatches.server.ZooKeeperServer)1
DigestAuthenticationProvider (org.apache.zookeeper_voltpatches.server.auth.DigestAuthenticationProvider)1
IPAuthenticationProvider (org.apache.zookeeper_voltpatches.server.auth.IPAuthenticationProvider)1
ProviderRegistry (org.apache.zookeeper_voltpatches.server.auth.ProviderRegistry)1
