Hi all,
I am currently trying to understand how ACL works..
I am trying to run the following case (this is just an extract from my
client)
authentSession = new ZooKeeper(host, 100000, watcher);
authentSession.addAuthInfo("digest", "user:technique".getBytes());
String path = "/purClient_" + uid;
authentSession.create(path, "ValueOfNode".getBytes(), getACLs(),
CreateMode.PERSISTENT);
System.out.println("**********************************************************************************");
System.out.println("[authentSession] CREATE NODE " + path + " with " +
getACLs());
System.out.println("**********************************************************************************");
Thread.currentThread().sleep(3000);
Stat stat1 = new Stat();
authentSession.addAuthInfo("digest", "user:technique".getBytes());
byte[] data1 = authentSession.getData(path, watcher, stat1);
System.out.println("**********************************************************************************");
System.out.println("[anonymSession] READ NODE " + path + " - " + new
String(data1));
System.out.println("**********************************************************************************");
...
the method getACLs() is
private static List<ACL> getACLs() {
Id id = new Id("digest", "user:technique");
List<ACL> aclLst = new ArrayList<ACL>();
aclLst.add(new ACL(Perms.READ, id));
//aclLst.add(new ACL(Perms.ALL, id));
// everybody has read access
// aclLst.add(new ACL(Perms.READ, Ids.ANYONE_ID_UNSAFE));
return aclLst;
1/ So, if I understood well, the node created by authentSession cannot be
accessed except by the user [user:technique]
right?
2/ when I run it
2.1 here is what I got from the client side :
=2014-02-27 17:15:19,535 - DEBUG
[main-SendThread(host-2.local:2181):ClientCnxn$SendThread [ at ] 815][] - Reading
reply sessionid:0x44473f695450006, packet:: clientPath:null serverPath:null
finished:false header:: 1,1 replyHeader:: 1,163208757305,0 request::
'/purClient_70d334b0-69e2-48cd-a293-7a2ecbb700f5,#56616c75654f664e6f6465,v{s{1,s{'digest,'user:technique}}},0
response:: '/purClient_70d334b0-69e2-48cd-a293-7a2ecbb700f5
**********************************************************************************
[authentSession] CREATE NODE
/purClient_70d334b0-69e2-48cd-a293-7a2ecbb700f5 with
[1,s{'digest,'user:technique}
**********************************************************************************
=2014-02-27 17:15:22,557 - DEBUG
[main-SendThread(host-2.local:2181):ClientCnxn$SendThread [ at ] 730][] - Got auth
sessionid:0x44473f695450006
=2014-02-27 17:15:22,566 - DEBUG
[main-SendThread(host-2.local:2181):ClientCnxn$SendThread [ at ] 815][] - Reading
reply sessionid:0x44473f695450006, packet:: clientPath:null serverPath:null
finished:false header:: 2,4 replyHeader:: 2,163208757305,-102 request::
'/purClient_70d334b0-69e2-48cd-a293-7a2ecbb700f5,T response::
org.apache.zookeeper.KeeperException$NoAuthException: KeeperErrorCode =
NoAuth for /purClient_70d334b0-69e2-48cd-a293-7a2ecbb700f5
at
org.apache.zookeeper.KeeperException.create(KeeperException.java:113)
at
org.apache.zookeeper.KeeperException.create(KeeperException.java:51)
at org.apache.zookeeper.ZooKeeper.getData(ZooKeeper.java:1151)
at murex.middleware.zookeeper.acl.AclTests.main(AclTests.java:48)
so the node is well created but I cannot execute getData() on it (using the
same ZookeeperClient instance)
2.2 here is what I got from the zookeeper server log (I zoom on the
getData() call - identified by the time 17:18:28)
2014-02-27 17:18:25,549 [myid:4] - DEBUG
[CommitProcessor:4:FinalRequestProcessor [ at ] 160] - sessionid:0x44473f695450007
type:create cxid:0x1 zxid:0x260000003c txntype:1
reqpath:/purClient_5c65f927-f47a-4c57-a58b-e5c6aebd2502
2014-02-27 17:18:28,581 [myid:4] - INFO [NIOServerCxn.Factory:
0.0.0.0/0.0.0.0:2181:ZooKeeperServer [ at ] 863] - got auth packet /
192.168.56.102:54421
2014-02-27 17:18:28,584 [myid:4] - DEBUG [NIOServerCxn.Factory:
0.0.0.0/0.0.0.0:2181:ZooKeeperServer [ at ] 894] - Authentication succeeded for
scheme: digest
2014-02-27 17:18:28,585 [myid:4] - INFO [NIOServerCxn.Factory:
0.0.0.0/0.0.0.0:2181:ZooKeeperServer [ at ] 897] - auth success /
192.168.56.102:54421
2014-02-27 17:18:28,594 [myid:4] - TRACE
[FollowerRequestProcessor:4:ZooTrace [ at ] 90] - :Fsessionid:0x44473f695450007
type:getData cxid:0x2 zxid:0xfffffffffffffffe txntype:unknown
reqpath:/purClient_5c65f927-f47a-4c57-a58b-e5c6aebd2502
2014-02-27 17:18:28,594 [myid:4] - DEBUG
[FollowerRequestProcessor:4:CommitProcessor [ at ] 171] - Processing request::
sessionid:0x44473f695450007 type:getData cxid:0x2 zxid:0xfffffffffffffffe
txntype:unknown reqpath:/purClient_5c65f927-f47a-4c57-a58b-e5c6aebd2502
2014-02-27 17:18:28,594 [myid:4] - DEBUG
[CommitProcessor:4:FinalRequestProcessor [ at ] 88] - Processing request::
sessionid:0x44473f695450007 type:getData cxid:0x2 zxid:0xfffffffffffffffe
txntype:unknown reqpath:/purClient_5c65f927-f47a-4c57-a58b-e5c6aebd2502
2014-02-27 17:18:28,595 [myid:4] - TRACE [CommitProcessor:4:ZooTrace [ at ] 90] -
:Esessionid:0x44473f695450007 type:getData cxid:0x2 zxid:0xfffffffffffffffe
txntype:unknown reqpath:/purClient_5c65f927-f47a-4c57-a58b-e5c6aebd2502
2014-02-27 17:18:28,595 [myid:4] - DEBUG
[CommitProcessor:4:FinalRequestProcessor [ at ] 160] - sessionid:0x44473f695450007
type:getData cxid:0x2 zxid:0xfffffffffffffffe txntype:unknown
reqpath:/purClient_5c65f927-f47a-4c57-a58b-e5c6aebd2502
2014-02-27 17:18:28,653 [myid:4] - TRACE
[FollowerRequestProcessor:4:ZooTrace [ at ] 90] - :Fsessionid:0x44473f695450007
type:closeSession cxid:0x3 zxid:0xfffffffffffffffe txntype:unknown
reqpath:n/a
2014-02-27 17:18:28,653 [myid:4] - DEBUG
[FollowerRequestProcessor:4:CommitProcessor [ at ] 171] - Processing request::
sessionid:0x44473f695450007 type:closeSession cxid:0x3
zxid:0xfffffffffffffffe txntype:unknown reqpath:n/a
2014-02-27 17:18:28,658 [myid:4] - DEBUG
[QuorumPeer[myid=4]/0:0:0:0:0:0:0:0:2181:CommitProcessor [ at ] 161] - Committing
request:: sessionid:0x44473f695450007 type:closeSession cxid:0x3
zxid:0x260000003d txntype:-11 reqpath:n/a
2014-02-27 17:18:28,658 [myid:4] - DEBUG
[CommitProcessor:4:FinalRequestProcessor [ at ] 88] - Processing request::
sessionid:0x44473f695450007 type:closeSession cxid:0x3 zxid:0x260000003d
txntype:-11 reqpath:n/a
2014-02-27 17:18:28,658 [myid:4] - TRACE [CommitProcessor:4:ZooTrace [ at ] 90] -
:Esessionid:0x44473f695450007 type:closeSession cxid:0x3 zxid:0x260000003d
txntype:-11 reqpath:n/a
2014-02-27 17:18:28,658 [myid:4] - DEBUG
[CommitProcessor:4:FinalRequestProcessor [ at ] 160] - sessionid:0x44473f695450007
type:closeSession cxid:0x3 zxid:0x260000003d txntype:-11 reqpath:n/a
2014-02-27 17:18:28,658 [myid:4] - TRACE
[CommitProcessor:4:NIOServerCnxn [ at ] 170] - Add a buffer to outgoingBuffers, sk
sun.nio.ch.SelectionKeyImpl [ at ] 1cde83a is valid: true
2014-02-27 17:18:28,659 [myid:4] - INFO [NIOServerCxn.Factory:
0.0.0.0/0.0.0.0:2181:NIOServerCnxn [ at ] 1001] - Closed socket connection for
client
So from a server perspective, the getData() request is ok....
Any ideas / comments are welcomed.
Regards.
I am currently trying to understand how ACL works..
I am trying to run the following case (this is just an extract from my
client)
authentSession = new ZooKeeper(host, 100000, watcher);
authentSession.addAuthInfo("digest", "user:technique".getBytes());
String path = "/purClient_" + uid;
authentSession.create(path, "ValueOfNode".getBytes(), getACLs(),
CreateMode.PERSISTENT);
System.out.println("**********************************************************************************");
System.out.println("[authentSession] CREATE NODE " + path + " with " +
getACLs());
System.out.println("**********************************************************************************");
Thread.currentThread().sleep(3000);
Stat stat1 = new Stat();
authentSession.addAuthInfo("digest", "user:technique".getBytes());
byte[] data1 = authentSession.getData(path, watcher, stat1);
System.out.println("**********************************************************************************");
System.out.println("[anonymSession] READ NODE " + path + " - " + new
String(data1));
System.out.println("**********************************************************************************");
...
the method getACLs() is
private static List<ACL> getACLs() {
Id id = new Id("digest", "user:technique");
List<ACL> aclLst = new ArrayList<ACL>();
aclLst.add(new ACL(Perms.READ, id));
//aclLst.add(new ACL(Perms.ALL, id));
// everybody has read access
// aclLst.add(new ACL(Perms.READ, Ids.ANYONE_ID_UNSAFE));
return aclLst;
1/ So, if I understood well, the node created by authentSession cannot be
accessed except by the user [user:technique]
right?
2/ when I run it
2.1 here is what I got from the client side :
=2014-02-27 17:15:19,535 - DEBUG
[main-SendThread(host-2.local:2181):ClientCnxn$SendThread [ at ] 815][] - Reading
reply sessionid:0x44473f695450006, packet:: clientPath:null serverPath:null
finished:false header:: 1,1 replyHeader:: 1,163208757305,0 request::
'/purClient_70d334b0-69e2-48cd-a293-7a2ecbb700f5,#56616c75654f664e6f6465,v{s{1,s{'digest,'user:technique}}},0
response:: '/purClient_70d334b0-69e2-48cd-a293-7a2ecbb700f5
**********************************************************************************
[authentSession] CREATE NODE
/purClient_70d334b0-69e2-48cd-a293-7a2ecbb700f5 with
[1,s{'digest,'user:technique}
**********************************************************************************
=2014-02-27 17:15:22,557 - DEBUG
[main-SendThread(host-2.local:2181):ClientCnxn$SendThread [ at ] 730][] - Got auth
sessionid:0x44473f695450006
=2014-02-27 17:15:22,566 - DEBUG
[main-SendThread(host-2.local:2181):ClientCnxn$SendThread [ at ] 815][] - Reading
reply sessionid:0x44473f695450006, packet:: clientPath:null serverPath:null
finished:false header:: 2,4 replyHeader:: 2,163208757305,-102 request::
'/purClient_70d334b0-69e2-48cd-a293-7a2ecbb700f5,T response::
org.apache.zookeeper.KeeperException$NoAuthException: KeeperErrorCode =
NoAuth for /purClient_70d334b0-69e2-48cd-a293-7a2ecbb700f5
at
org.apache.zookeeper.KeeperException.create(KeeperException.java:113)
at
org.apache.zookeeper.KeeperException.create(KeeperException.java:51)
at org.apache.zookeeper.ZooKeeper.getData(ZooKeeper.java:1151)
at murex.middleware.zookeeper.acl.AclTests.main(AclTests.java:48)
so the node is well created but I cannot execute getData() on it (using the
same ZookeeperClient instance)
2.2 here is what I got from the zookeeper server log (I zoom on the
getData() call - identified by the time 17:18:28)
2014-02-27 17:18:25,549 [myid:4] - DEBUG
[CommitProcessor:4:FinalRequestProcessor [ at ] 160] - sessionid:0x44473f695450007
type:create cxid:0x1 zxid:0x260000003c txntype:1
reqpath:/purClient_5c65f927-f47a-4c57-a58b-e5c6aebd2502
2014-02-27 17:18:28,581 [myid:4] - INFO [NIOServerCxn.Factory:
0.0.0.0/0.0.0.0:2181:ZooKeeperServer [ at ] 863] - got auth packet /
192.168.56.102:54421
2014-02-27 17:18:28,584 [myid:4] - DEBUG [NIOServerCxn.Factory:
0.0.0.0/0.0.0.0:2181:ZooKeeperServer [ at ] 894] - Authentication succeeded for
scheme: digest
2014-02-27 17:18:28,585 [myid:4] - INFO [NIOServerCxn.Factory:
0.0.0.0/0.0.0.0:2181:ZooKeeperServer [ at ] 897] - auth success /
192.168.56.102:54421
2014-02-27 17:18:28,594 [myid:4] - TRACE
[FollowerRequestProcessor:4:ZooTrace [ at ] 90] - :Fsessionid:0x44473f695450007
type:getData cxid:0x2 zxid:0xfffffffffffffffe txntype:unknown
reqpath:/purClient_5c65f927-f47a-4c57-a58b-e5c6aebd2502
2014-02-27 17:18:28,594 [myid:4] - DEBUG
[FollowerRequestProcessor:4:CommitProcessor [ at ] 171] - Processing request::
sessionid:0x44473f695450007 type:getData cxid:0x2 zxid:0xfffffffffffffffe
txntype:unknown reqpath:/purClient_5c65f927-f47a-4c57-a58b-e5c6aebd2502
2014-02-27 17:18:28,594 [myid:4] - DEBUG
[CommitProcessor:4:FinalRequestProcessor [ at ] 88] - Processing request::
sessionid:0x44473f695450007 type:getData cxid:0x2 zxid:0xfffffffffffffffe
txntype:unknown reqpath:/purClient_5c65f927-f47a-4c57-a58b-e5c6aebd2502
2014-02-27 17:18:28,595 [myid:4] - TRACE [CommitProcessor:4:ZooTrace [ at ] 90] -
:Esessionid:0x44473f695450007 type:getData cxid:0x2 zxid:0xfffffffffffffffe
txntype:unknown reqpath:/purClient_5c65f927-f47a-4c57-a58b-e5c6aebd2502
2014-02-27 17:18:28,595 [myid:4] - DEBUG
[CommitProcessor:4:FinalRequestProcessor [ at ] 160] - sessionid:0x44473f695450007
type:getData cxid:0x2 zxid:0xfffffffffffffffe txntype:unknown
reqpath:/purClient_5c65f927-f47a-4c57-a58b-e5c6aebd2502
2014-02-27 17:18:28,653 [myid:4] - TRACE
[FollowerRequestProcessor:4:ZooTrace [ at ] 90] - :Fsessionid:0x44473f695450007
type:closeSession cxid:0x3 zxid:0xfffffffffffffffe txntype:unknown
reqpath:n/a
2014-02-27 17:18:28,653 [myid:4] - DEBUG
[FollowerRequestProcessor:4:CommitProcessor [ at ] 171] - Processing request::
sessionid:0x44473f695450007 type:closeSession cxid:0x3
zxid:0xfffffffffffffffe txntype:unknown reqpath:n/a
2014-02-27 17:18:28,658 [myid:4] - DEBUG
[QuorumPeer[myid=4]/0:0:0:0:0:0:0:0:2181:CommitProcessor [ at ] 161] - Committing
request:: sessionid:0x44473f695450007 type:closeSession cxid:0x3
zxid:0x260000003d txntype:-11 reqpath:n/a
2014-02-27 17:18:28,658 [myid:4] - DEBUG
[CommitProcessor:4:FinalRequestProcessor [ at ] 88] - Processing request::
sessionid:0x44473f695450007 type:closeSession cxid:0x3 zxid:0x260000003d
txntype:-11 reqpath:n/a
2014-02-27 17:18:28,658 [myid:4] - TRACE [CommitProcessor:4:ZooTrace [ at ] 90] -
:Esessionid:0x44473f695450007 type:closeSession cxid:0x3 zxid:0x260000003d
txntype:-11 reqpath:n/a
2014-02-27 17:18:28,658 [myid:4] - DEBUG
[CommitProcessor:4:FinalRequestProcessor [ at ] 160] - sessionid:0x44473f695450007
type:closeSession cxid:0x3 zxid:0x260000003d txntype:-11 reqpath:n/a
2014-02-27 17:18:28,658 [myid:4] - TRACE
[CommitProcessor:4:NIOServerCnxn [ at ] 170] - Add a buffer to outgoingBuffers, sk
sun.nio.ch.SelectionKeyImpl [ at ] 1cde83a is valid: true
2014-02-27 17:18:28,659 [myid:4] - INFO [NIOServerCxn.Factory:
0.0.0.0/0.0.0.0:2181:NIOServerCnxn [ at ] 1001] - Closed socket connection for
client
So from a server perspective, the getData() request is ok....
Any ideas / comments are welcomed.
Regards.