Java Code Examples for org.apache.zookeeper.data.ACL

The following examples show how to use org.apache.zookeeper.data.ACL. These examples are extracted from open source projects. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source Project: distributedlog   Author: apache   File: Utils.java    License: Apache License 2.0 6 votes vote down vote up
/**
 * Synchronously create zookeeper path recursively and optimistically.
 *
 * @see #zkAsyncCreateFullPathOptimistic(ZooKeeperClient, String, byte[], List, CreateMode)
 * @param zkc Zookeeper client
 * @param path Zookeeper full path
 * @param data Zookeeper data
 * @param acl Acl of the zk path
 * @param createMode Create mode of zk path
 * @throws ZooKeeperClient.ZooKeeperConnectionException
 * @throws KeeperException
 * @throws InterruptedException
 */
public static void zkCreateFullPathOptimistic(
    ZooKeeperClient zkc,
    String path,
    byte[] data,
    final List<ACL> acl,
    final CreateMode createMode) throws IOException, KeeperException {
    try {
        FutureUtils.result(zkAsyncCreateFullPathOptimistic(zkc, path, data, acl, createMode));
    } catch (ZooKeeperClient.ZooKeeperConnectionException zkce) {
        throw zkce;
    } catch (KeeperException ke) {
        throw ke;
    } catch (InterruptedException ie) {
        throw new DLInterruptedException("Interrupted on create zookeeper path " + path, ie);
    } catch (RuntimeException rte) {
        throw rte;
    } catch (Exception exc) {
        throw new RuntimeException("Unexpected Exception", exc);
    }
}
 
Example #2
Source Project: lucene-solr   Author: apache   File: OutOfBoxZkACLAndCredentialsProvidersTest.java    License: Apache License 2.0 6 votes vote down vote up
protected void assertOpenACLUnsafeAllover(SolrZkClient zkClient, String path, List<String> verifiedList) throws Exception {
  List<ACL> acls = zkClient.getSolrZooKeeper().getACL(path, new Stat());
  if (log.isInfoEnabled()) {
    log.info("Verifying {}", path);
  }
  if (ZooDefs.CONFIG_NODE.equals(path)) {
    // Treat this node specially, from the ZK docs:
    // The dynamic configuration is stored in a special znode ZooDefs.CONFIG_NODE = /zookeeper/config.
    // This node by default is read only for all users, except super user and
    // users that's explicitly configured for write access.
    assertEquals("Path " + path + " does not have READ_ACL_UNSAFE", ZooDefs.Ids.READ_ACL_UNSAFE, acls);
  } else {
    assertEquals("Path " + path + " does not have OPEN_ACL_UNSAFE", ZooDefs.Ids.OPEN_ACL_UNSAFE, acls);
  }
  verifiedList.add(path);
  List<String> children = zkClient.getChildren(path, null, false);
  for (String child : children) {
    assertOpenACLUnsafeAllover(zkClient, path + ((path.endsWith("/")) ? "" : "/") + child, verifiedList);
  }
}
 
Example #3
Source Project: big-c   Author: yncxcw   File: CuratorService.java    License: Apache License 2.0 6 votes vote down vote up
/**
 * Get the ACLs of a path
 * @param path path of operation
 * @return a possibly empty list of ACLs
 * @throws IOException
 */
public List<ACL> zkGetACLS(String path) throws IOException {
  checkServiceLive();
  String fullpath = createFullPath(path);
  List<ACL> acls;
  try {
    if (LOG.isDebugEnabled()) {
      LOG.debug("GetACLS {}", fullpath);
    }
    acls = curator.getACL().forPath(fullpath);
  } catch (Exception e) {
    throw operationFailure(fullpath, "read()", e);
  }
  if (acls == null) {
    throw new PathNotFoundException(path);
  }
  return acls;
}
 
Example #4
Source Project: zkdoctor   Author: ucarGroup   File: CustomZKManager.java    License: Apache License 2.0 6 votes vote down vote up
/**
 * 创建节点
 *
 * @param instanceId 实例id
 * @param host       zk ip
 * @param port       zk port
 * @param path       路径
 * @param data       新数据
 * @param acl        节点acl
 * @param createMode 节点模式
 */
public void createNode(int instanceId, String host, int port, String path, byte[] data, List<ACL> acl, CreateMode createMode) {
    CuratorFramework zkClient = getZookeeper(instanceId, host, port);
    if (zkClient == null) {
        return;
    }
    try {
        zkClient.create().
                creatingParentsIfNeeded().
                withMode(createMode).
                withACL(acl).
                forPath(path, data);
    } catch (Exception e) {
        LOGGER.warn("Create node in zk {}:{} error, path is {}.", host, port, path, e);
    }
}
 
Example #5
Source Project: big-c   Author: yncxcw   File: ZKRMStateStore.java    License: Apache License 2.0 6 votes vote down vote up
/**
 * Given the {@link Configuration} and {@link ACL}s used (zkAcl) for
 * ZooKeeper access, construct the {@link ACL}s for the store's root node.
 * In the constructed {@link ACL}, all the users allowed by zkAcl are given
 * rwa access, while the current RM has exclude create-delete access.
 *
 * To be called only when HA is enabled and the configuration doesn't set ACL
 * for the root node.
 */
@VisibleForTesting
@Private
@Unstable
protected List<ACL> constructZkRootNodeACL(
    Configuration conf, List<ACL> sourceACLs) throws NoSuchAlgorithmException {
  List<ACL> zkRootNodeAcl = new ArrayList<ACL>();
  for (ACL acl : sourceACLs) {
    zkRootNodeAcl.add(new ACL(
        ZKUtil.removeSpecificPerms(acl.getPerms(), CREATE_DELETE_PERMS),
        acl.getId()));
  }

  zkRootNodeUsername = HAUtil.getConfValueForRMInstance(
      YarnConfiguration.RM_ADDRESS,
      YarnConfiguration.DEFAULT_RM_ADDRESS, conf);
  Id rmId = new Id(zkRootNodeAuthScheme,
      DigestAuthenticationProvider.generateDigest(
          zkRootNodeUsername + ":" + zkRootNodePassword));
  zkRootNodeAcl.add(new ACL(CREATE_DELETE_PERMS, rmId));
  return zkRootNodeAcl;
}
 
Example #6
Source Project: DDMQ   Author: didi   File: ZkClient.java    License: Apache License 2.0 6 votes vote down vote up
/**
 * Create a node with ACL.
 *
 * @param path
 * @param data
 * @param acl
 * @param mode
 * @return create node's path
 * @throws ZkInterruptedException
 *             if operation was interrupted, or a required reconnection got interrupted
 * @throws IllegalArgumentException
 *             if called from anything except the ZooKeeper event thread
 * @throws ZkException
 *             if any ZooKeeper exception occurred
 * @throws RuntimeException
 *             if any other exception occurs
 */
public String create(final String path, Object data, final List<ACL> acl, final CreateMode mode) {
    if (path == null) {
        throw new NullPointerException("Missing value for path");
    }
    if (acl == null || acl.size() == 0) {
        throw new NullPointerException("Missing value for ACL");
    }
    final byte[] bytes = data == null ? null : serialize(data);

    return retryUntilConnected(new Callable<String>() {
        @Override
        public String call() throws Exception {
            return _connection.create(path, bytes, acl, mode);
        }
    });

}
 
Example #7
Source Project: curator   Author: apache   File: SetACLBuilderImpl.java    License: Apache License 2.0 6 votes vote down vote up
@Override
public Stat forPath(String path) throws Exception
{
    String fixedPath = client.fixForNamespace(path);
    List<ACL> aclList = acling.getAclList(fixedPath);
    client.getSchemaSet().getSchema(path).validateGeneral(path, null, aclList);

    Stat        resultStat = null;
    if ( backgrounding.inBackground()  )
    {
        client.processBackgroundOperation(new OperationAndData<String>(this, fixedPath, backgrounding.getCallback(), null, backgrounding.getContext(), null), null);
    }
    else
    {
        resultStat = pathInForeground(fixedPath, aclList);
    }
    return resultStat;
}
 
Example #8
Source Project: jstorm   Author: alibaba   File: Utils.java    License: Apache License 2.0 6 votes vote down vote up
public static List<ACL> getWorkerACL(Map conf) {
    // This is a work around to an issue with ZK where a sasl super user is not super unless there is an open SASL ACL
    // so we are trying to give the correct perms
    if (!isZkAuthenticationConfiguredTopology(conf)) {
        return null;
    }
    String stormZKUser = (String) conf.get(Config.STORM_ZOOKEEPER_SUPERACL);
    if (stormZKUser == null) {
        throw new IllegalArgumentException("Authentication is enabled but " + Config.STORM_ZOOKEEPER_SUPERACL + " is not set");
    }
    String[] split = stormZKUser.split(":", 2);
    if (split.length != 2) {
        throw new IllegalArgumentException(Config.STORM_ZOOKEEPER_SUPERACL +
                " does not appear to be in the form scheme:acl, i.e. sasl:storm-user");
    }
    ArrayList<ACL> ret = new ArrayList<>(ZooDefs.Ids.CREATOR_ALL_ACL);
    ret.add(new ACL(ZooDefs.Perms.ALL, new Id(split[0], split[1])));
    return ret;
}
 
Example #9
Source Project: javabase   Author: ggj2010   File: ZookeeperUtil.java    License: Apache License 2.0 6 votes vote down vote up
/**
 *
 * @return
 */
public List<ACL> getCreateNodeAcls() {
    List<ACL> listAcls = new ArrayList<ACL>(3);
    try {
        Id id = new Id(PropertiesDynLoading.authScheme,
                DigestAuthenticationProvider.generateDigest(PropertiesDynLoading.accessKey));
        ACL acl = new ACL(Perms.CREATE, id);
        listAcls.add(acl);

    } catch (NoSuchAlgorithmException e) {

        e.printStackTrace();
        return Ids.OPEN_ACL_UNSAFE;
    }
    return listAcls;
}
 
Example #10
Source Project: ambari-logsearch   Author: apache   File: LogSearchConfigZKHelper.java    License: Apache License 2.0 6 votes vote down vote up
/**
 * Get ACLs from a property (get the value then parse and transform it as ACL objects)
 * @param properties key/value pairs that needs to be parsed as ACLs
 * @return list of ACLs
 */
public static List<ACL> getAcls(Map<String, String> properties) {
  String aclStr = properties.get(ZK_ACLS_PROPERTY);
  if (StringUtils.isBlank(aclStr)) {
    return ZooDefs.Ids.OPEN_ACL_UNSAFE;
  }

  List<ACL> acls = new ArrayList<>();
  List<String> aclStrList = Splitter.on(",").omitEmptyStrings().trimResults().splitToList(aclStr);
  for (String unparcedAcl : aclStrList) {
    String[] parts = unparcedAcl.split(":");
    if (parts.length == 3) {
      acls.add(new ACL(parsePermission(parts[2]), new Id(parts[0], parts[1])));
    }
  }
  return acls;
}
 
Example #11
Source Project: big-c   Author: yncxcw   File: ZKRMStateStore.java    License: Apache License 2.0 5 votes vote down vote up
@VisibleForTesting
@Private
@Unstable
public void createWithRetries(
    final String path, final byte[] data, final List<ACL> acl,
    final CreateMode mode) throws Exception {
  doStoreMultiWithRetries(Op.create(path, data, acl, mode));
}
 
Example #12
Source Project: lucene-solr   Author: apache   File: SolrZkClient.java    License: Apache License 2.0 5 votes vote down vote up
/**
 * Returns path of created node
 */
public String create(final String path, final byte[] data,
    final CreateMode createMode, boolean retryOnConnLoss) throws KeeperException,
    InterruptedException {
  if (retryOnConnLoss) {
    return zkCmdExecutor.retryOperation(() -> keeper.create(path, data, zkACLProvider.getACLsToAdd(path),
        createMode));
  } else {
    List<ACL> acls = zkACLProvider.getACLsToAdd(path);
    return keeper.create(path, data, acls, createMode);
  }
}
 
Example #13
Source Project: big-c   Author: yncxcw   File: CuratorService.java    License: Apache License 2.0 5 votes vote down vote up
/**
 * Recursively make a path
 * @param path path to create
 * @param acl ACL for path
 * @throws IOException any problem
 */
public void zkMkParentPath(String path,
    List<ACL> acl) throws
    IOException {
  // split path into elements

  zkMkPath(RegistryPathUtils.parentOf(path),
      CreateMode.PERSISTENT, true, acl);
}
 
Example #14
Source Project: curator   Author: apache   File: CreateBuilderImpl.java    License: Apache License 2.0 5 votes vote down vote up
private String protectedPathInForeground(String adjustedPath, byte[] data, List<ACL> aclList) throws Exception
{
    try
    {
        return pathInForeground(adjustedPath, data, aclList);
    }
    catch ( Exception e)
    {
        ThreadUtils.checkInterrupted(e);
        if ( ( e instanceof KeeperException.ConnectionLossException ||
            !( e instanceof KeeperException )) && protectedMode.doProtected() )
        {
            /*
             * CURATOR-45 + CURATOR-79: we don't know if the create operation was successful or not,
             * register the znode to be sure it is deleted later.
             */
            new FindAndDeleteProtectedNodeInBackground(client, ZKPaths.getPathAndNode(adjustedPath).getPath(), protectedMode.protectedId()).execute();
            /*
             * The current UUID is scheduled to be deleted, it is not safe to use it again.
             * If this builder is used again later create a new UUID
             */
            protectedMode.resetProtectedId();
        }

        throw e;
    }
}
 
Example #15
Source Project: hadoop   Author: naver   File: RegistrySecurity.java    License: Apache License 2.0 5 votes vote down vote up
/**
 * Parse the IDs, adding a realm if needed, setting the permissions
 * @param principalList id string
 * @param realm realm to add
 * @param perms permissions
 * @return the relevant ACLs
 * @throws IOException
 */
public List<ACL> buildACLs(String principalList, String realm, int perms)
    throws IOException {
  List<String> aclPairs = splitAclPairs(principalList, realm);
  List<ACL> ids = new ArrayList<ACL>(aclPairs.size());
  for (String aclPair : aclPairs) {
    ACL newAcl = new ACL();
    newAcl.setId(parse(aclPair, realm));
    newAcl.setPerms(perms);
    ids.add(newAcl);
  }
  return ids;
}
 
Example #16
Source Project: jigsaw-payment   Author: jigsaw-projects   File: HelloClientConfig.java    License: Apache License 2.0 5 votes vote down vote up
@Bean
public ACLProvider aclProvider() {
    return new ACLProvider() {
        @Override
        public List<ACL> getDefaultAcl() {
            return ZooDefs.Ids.CREATOR_ALL_ACL;
        }

        @Override
        public List<ACL> getAclForPath(String path) {
            return ZooDefs.Ids.CREATOR_ALL_ACL;
        }
    };
}
 
Example #17
Source Project: chronus   Author: 360jinrong   File: ZookeeperManager.java    License: Apache License 2.0 5 votes vote down vote up
private void connect() throws Exception {
    RetryPolicy retryPolicy = new RetryUntilElapsed(Integer.MAX_VALUE, 10);
    String userName = properties.getProperty(keys.userName.toString());
    String zkConnectString = properties.getProperty(keys.zkConnectString.toString());
    int zkSessionTimeout = Integer.parseInt(properties.getProperty(keys.zkSessionTimeout.toString()));
    int zkConnectionTimeout = Integer.parseInt(properties.getProperty(keys.zkConnectionTimeout.toString()));
    boolean isCheckParentPath = Boolean.parseBoolean(properties.getProperty(keys.isCheckParentPath.toString(), "true"));
    String authString = userName + ":" + properties.getProperty(keys.password.toString());
    acl.clear();
    acl.add(new ACL(ZooDefs.Perms.ALL, new Id("digest", DigestAuthenticationProvider.generateDigest(authString))));
    acl.add(new ACL(ZooDefs.Perms.READ, Ids.ANYONE_ID_UNSAFE));
    log.info("----------------------------开始创建ZK连接----------------------------");
    log.info("zkConnectString:{}", zkConnectString);
    log.info("zkSessionTimeout:{}", zkSessionTimeout);
    log.info("zkConnectionTimeout:{}", zkConnectionTimeout);
    log.info("isCheckParentPath:{}", isCheckParentPath);
    log.info("userName:{}", userName);

    curator = CuratorFrameworkFactory.builder().connectString(zkConnectString)
            .sessionTimeoutMs(zkSessionTimeout)
            .connectionTimeoutMs(zkConnectionTimeout)
            .retryPolicy(retryPolicy).authorization("digest", authString.getBytes())
            .aclProvider(new ACLProvider() {
                @Override
                public List<ACL> getDefaultAcl() {
                    return ZooDefs.Ids.CREATOR_ALL_ACL;
                }

                @Override
                public List<ACL> getAclForPath(String path) {
                    return ZooDefs.Ids.CREATOR_ALL_ACL;
                }
            }).build();
    curator.start();
    log.info("----------------------------创建ZK连接成功----------------------------");
    this.isCheckParentPath = isCheckParentPath;
}
 
Example #18
Source Project: kylin-on-parquet-v2   Author: Kyligence   File: ZookeeperAclBuilder.java    License: Apache License 2.0 5 votes vote down vote up
public static List<ACL> getZKAcls() throws Exception {
    // Parse ACLs from configuration.
    String zkAclConf = KylinConfig.getInstanceFromEnv().getZKAcls();
    try {
        zkAclConf = ZKUtil.resolveConfIndirection(zkAclConf);
        return ZKUtil.parseACLs(zkAclConf);
    } catch (Exception e) {
        logger.error("Couldn't read ACLs based on 'kylin.env.zookeeper.zk-acl' in kylin.properties");
        throw e;
    }
}
 
Example #19
Source Project: strimzi-kafka-operator   Author: strimzi   File: ZkImpl.java    License: Apache License 2.0 5 votes vote down vote up
@Override
public Zk create(String path, byte[] data, List<ACL> acls, CreateMode createMode, Handler<AsyncResult<Void>> handler) {
    workerPool().executeBlocking(
        future -> {
            try {
                zookeeper.create(path, data == null ? new byte[0] : data, acls, createMode);
                future.complete();
            } catch (Throwable t) {
                future.fail(t);
            }
        },
        handler);
    return this;
}
 
Example #20
Source Project: terrapin   Author: pinterest   File: ZooKeeperManagerTest.java    License: Apache License 2.0 5 votes vote down vote up
@Test
public void testCreateClusterPaths() throws Exception {
  when(zk.create(anyString(), any(byte[].class), anyListOf(ACL.class), any(CreateMode.class)))
      .thenReturn("");
  ArgumentCaptor<String> pathCaptor = ArgumentCaptor.forClass(String.class);
  zkManager.createClusterPaths();

  verify(zk, times(3)).create(pathCaptor.capture(), any(byte[].class), anyListOf(ACL.class),
      any(CreateMode.class));
  Set<String> allPaths = Sets.newHashSet(pathCaptor.getAllValues());
  assertTrue(allPaths.contains(FILE_SET_DIR));
  assertTrue(allPaths.contains(VIEWS_DIR));
  assertTrue(allPaths.contains(LOCKS_DIR));
}
 
Example #21
Source Project: big-c   Author: yncxcw   File: ZKUtil.java    License: Apache License 2.0 5 votes vote down vote up
/**
 * Parse comma separated list of ACL entries to secure generated nodes, e.g.
 * <code>sasl:hdfs/[email protected]:cdrwa,sasl:hdfs/[email protected]:cdrwa</code>
 *
 * @return ACL list
 * @throws {@link BadAclFormatException} if an ACL is invalid
 */
public static List<ACL> parseACLs(String aclString) throws
    BadAclFormatException {
  List<ACL> acl = Lists.newArrayList();
  if (aclString == null) {
    return acl;
  }
  
  List<String> aclComps = Lists.newArrayList(
      Splitter.on(',').omitEmptyStrings().trimResults()
      .split(aclString));
  for (String a : aclComps) {
    // from ZooKeeperMain private method
    int firstColon = a.indexOf(':');
    int lastColon = a.lastIndexOf(':');
    if (firstColon == -1 || lastColon == -1 || firstColon == lastColon) {
      throw new BadAclFormatException(
          "ACL '" + a + "' not of expected form scheme:id:perm");
    }

    ACL newAcl = new ACL();
    newAcl.setId(new Id(a.substring(0, firstColon), a.substring(
        firstColon + 1, lastColon)));
    newAcl.setPerms(getPermFromString(a.substring(lastColon + 1)));
    acl.add(newAcl);
  }
  
  return acl;
}
 
Example #22
Source Project: zkcopy   Author: ksprojects   File: WriterTest.java    License: Apache License 2.0 5 votes vote down vote up
@Test
public void testWriteRemoveDeprecated() throws InterruptedException, KeeperException {
    when(mockZK.getChildren(eq("/destination/path"), anyBoolean())).thenReturn(Arrays.asList("a", "b"));
    
    Writer writer = new Writer(mockZK, "/destination", mockNode, true, true, -1, 10);
    writer.write();
    verify(mockZK, times(1)).transaction();
    verify(mockTransaction, times(1)).create(eq("/destination/path"), eq(THEDATA), anyListOf(ACL.class), any(CreateMode.class));
    verify(mockTransaction, times(1)).create(eq("/destination/path/child"), eq(THEDATA), anyListOf(ACL.class), any(CreateMode.class));
    verify(mockTransaction, times(1)).commit();
    verify(mockTransaction, times(1)).delete(eq("/destination/path/a"), anyInt());
    verify(mockTransaction, times(1)).delete(eq("/destination/path/b"), anyInt());
}
 
Example #23
Source Project: lucene-solr   Author: apache   File: VMParamsAllAndReadonlyDigestZkACLProvider.java    License: Apache License 2.0 5 votes vote down vote up
protected List<ACL> createACLsToAdd(boolean includeReadOnly) {
  String digestAllUsername = System.getProperty(zkDigestAllUsernameVMParamName);
  String digestAllPassword = System.getProperty(zkDigestAllPasswordVMParamName);
  String digestReadonlyUsername = System.getProperty(zkDigestReadonlyUsernameVMParamName);
  String digestReadonlyPassword = System.getProperty(zkDigestReadonlyPasswordVMParamName);

  return createACLsToAdd(includeReadOnly,
      digestAllUsername, digestAllPassword,
      digestReadonlyUsername, digestReadonlyPassword);
}
 
Example #24
Source Project: curator   Author: apache   File: AsyncCreateBuilderImpl.java    License: Apache License 2.0 5 votes vote down vote up
@Override
public AsyncPathAndBytesable<AsyncStage<String>> withOptions(Set<CreateOption> options, CreateMode createMode, List<ACL> aclList, Stat stat, long ttl)
{
    this.options = Objects.requireNonNull(options, "options cannot be null");
    this.aclList = aclList;
    this.createMode = Objects.requireNonNull(createMode, "createMode cannot be null");
    this.stat = stat;
    this.ttl = ttl;
    return this;
}
 
Example #25
Source Project: pulsar   Author: apache   File: FileSystemManagedLedgerOffloaderTest.java    License: Apache License 2.0 5 votes vote down vote up
private static MockZooKeeper createMockZooKeeper() throws Exception {
    MockZooKeeper zk = MockZooKeeper.newInstance(MoreExecutors.newDirectExecutorService());
    List<ACL> dummyAclList = new ArrayList<ACL>(0);

    ZkUtils.createFullPathOptimistic(zk, "/ledgers/available/192.168.1.1:" + 5000,
            "".getBytes(UTF_8), dummyAclList, CreateMode.PERSISTENT);

    zk.create("/ledgers/LAYOUT", "1\nflat:1".getBytes(UTF_8), dummyAclList,
            CreateMode.PERSISTENT);
    return zk;
}
 
Example #26
Source Project: ambari-logsearch   Author: apache   File: ACLHandler.java    License: Apache License 2.0 5 votes vote down vote up
private boolean isRefreshAclsNeeded(List<ACL> acls, List<ACL> newAcls) {
  boolean result = false;
  if (acls != null) {
    if (acls.size() != newAcls.size()) {
      return true;
    }
    result = aclDiffers(acls, newAcls);
    if (!result) {
      result = aclDiffers(newAcls, acls);
    }
  }
  return result;
}
 
Example #27
Source Project: hadoop   Author: naver   File: RegistryAdminService.java    License: Apache License 2.0 5 votes vote down vote up
/**
 * Init operation sets up the system ACLs.
 * @param conf configuration of the service
 * @throws Exception
 */
@Override
protected void serviceInit(Configuration conf) throws Exception {
  super.serviceInit(conf);
  RegistrySecurity registrySecurity = getRegistrySecurity();
  if (registrySecurity.isSecureRegistry()) {
    ACL sasl = registrySecurity.createSaslACLFromCurrentUser(ZooDefs.Perms.ALL);
    registrySecurity.addSystemACL(sasl);
    LOG.info("Registry System ACLs:",
        RegistrySecurity.aclsToString(
        registrySecurity.getSystemACLs()));
  }
}
 
Example #28
Source Project: lucene-solr   Author: apache   File: OverriddenZkACLAndCredentialsProvidersTest.java    License: Apache License 2.0 5 votes vote down vote up
public SolrZkClient getSolrZkClient(String zkServerAddress, int zkClientTimeout) {
  return new SolrZkClient(zkServerAddress, zkClientTimeout) {
    
    @Override
    protected ZkCredentialsProvider createZkCredentialsToAddAutomatically() {
      return new DefaultZkCredentialsProvider() {
        @Override
        protected Collection<ZkCredentials> createCredentials() {
          List<ZkCredentials> result = new ArrayList<>();
          if (!StringUtils.isEmpty(digestUsername) && !StringUtils.isEmpty(digestPassword)) {
            result.add(new ZkCredentials("digest",
                (digestUsername + ":" + digestPassword).getBytes(StandardCharsets.UTF_8)));
          }
          return result;
        }

      };
    }

    @Override
    public ZkACLProvider createZkACLProvider() {
      return new VMParamsAllAndReadonlyDigestZkACLProvider() {
        @Override
        protected List<ACL> createNonSecurityACLsToAdd() {
          return createACLsToAdd(true, digestUsername, digestPassword, digestReadonlyUsername, digestReadonlyPassword);
        }

        /**
         * @return Set of ACLs to return security-related znodes
         */
        @Override
        protected List<ACL> createSecurityACLsToAdd() {
          return createACLsToAdd(false, digestUsername, digestPassword, digestReadonlyUsername, digestReadonlyPassword);
        }
      };
    }
    
  };
}
 
Example #29
Source Project: ambari-logsearch   Author: apache   File: ACLHandler.java    License: Apache License 2.0 5 votes vote down vote up
private boolean aclDiffers(List<ACL> aclList1, List<ACL> aclList2) {
  for (ACL acl : aclList1) {
    for (ACL newAcl : aclList2) {
      if (acl.getId() != null && acl.getId().getId().equals(newAcl.getId().getId())
        && acl.getPerms() != newAcl.getPerms()) {
        logger.info("ACL for '{}' differs: '{}' on znode, should be '{}'",
          acl.getId().getId(), acl.getPerms(), newAcl.getPerms());
        return true;
      }
    }
  }
  return false;
}
 
Example #30
Source Project: tbschedule   Author: nmyphp   File: ZookeeperTest.java    License: Apache License 2.0 5 votes vote down vote up
@Test
public void testACL() throws Exception {
    ZooKeeper zk = new ZooKeeper("localhost:2181", 3000, new ScheduleWatcher(null));
    List<ACL> acls = new ArrayList<ACL>();
    zk.addAuthInfo("digest", "TestUser:password".getBytes());
    acls.add(new ACL(ZooDefs.Perms.ALL,
            new Id("digest", DigestAuthenticationProvider.generateDigest("TestUser:password"))));
    acls.add(new ACL(ZooDefs.Perms.READ, Ids.ANYONE_ID_UNSAFE));
    zk.create("/abc", new byte[0], acls, CreateMode.PERSISTENT);
    zk.getData("/abc", false, null);
}