org.apache.zookeeper.server.auth.DigestAuthenticationProvider Java Examples
The following examples show how to use
org.apache.zookeeper.server.auth.DigestAuthenticationProvider.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: TestModeledFramework.java From curator with Apache License 2.0 | 6 votes |
|
@Test
public void testAcl() throws NoSuchAlgorithmException
{
List<ACL> aclList = Collections.singletonList(new ACL(ZooDefs.Perms.WRITE, new Id("digest", DigestAuthenticationProvider.generateDigest("test:test"))));
ModelSpec<TestModel> aclModelSpec = ModelSpec.builder(modelSpec.path(), modelSpec.serializer()).withAclList(aclList).build();
ModeledFramework<TestModel> client = ModeledFramework.wrap(async, aclModelSpec);
complete(client.set(new TestModel("John", "Galt", "Galt's Gulch", 21, BigInteger.valueOf(1010101))));
complete(client.update(new TestModel("John", "Galt", "Galt's Gulch", 54, BigInteger.valueOf(88))), (__, e) -> Assert.assertNotNull(e, "Should've gotten an auth failure"));
try (CuratorFramework authCurator = CuratorFrameworkFactory.builder().connectString(server.getConnectString()).retryPolicy(new RetryOneTime(1)).authorization("digest", "test:test".getBytes()).build())
{
authCurator.start();
ModeledFramework<TestModel> authClient = ModeledFramework.wrap(AsyncCuratorFramework.wrap(authCurator), aclModelSpec);
complete(authClient.update(new TestModel("John", "Galt", "Galt's Gulch", 42, BigInteger.valueOf(66))), (__, e) -> Assert.assertNull(e, "Should've succeeded"));
}
}
Example #2
| Source File: ZKManager.java From stategen with GNU Affero General Public License v3.0 | 6 votes |
|
private void createZookeeper(final CountDownLatch connectionLatch) throws Exception {
zk = new ZooKeeper(this.properties.getProperty(keys.zkConnectString
.toString()), Integer.parseInt(this.properties
.getProperty(keys.zkSessionTimeout.toString())),
new Watcher() {
public void process(WatchedEvent event) {
sessionEvent(connectionLatch, event);
}
});
String authString = this.properties.getProperty(keys.userName.toString())
+ ":"+ this.properties.getProperty(keys.password.toString());
this.isCheckParentPath = Boolean.parseBoolean(this.properties.getProperty(keys.isCheckParentPath.toString(),"true"));
zk.addAuthInfo("digest", authString.getBytes());
acl.clear();
acl.add(new ACL(ZooDefs.Perms.ALL, new Id("digest",
DigestAuthenticationProvider.generateDigest(authString))));
acl.add(new ACL(ZooDefs.Perms.READ, Ids.ANYONE_ID_UNSAFE));
}
Example #3
| Source File: ZKUtil.java From codes-scratch-zookeeper-netty with Apache License 2.0 | 6 votes |
|
public static CuratorFramework create() {
RetryNTimes retryPolicy = new RetryNTimes(5, 5000);
String authString = Constants.ZK_USER_NAME + ":" + Constants.ZK_PASSWORD;
CuratorFramework client = CuratorFrameworkFactory.builder().connectString(Constants.ZK_CONNECT_STRING)
.retryPolicy(retryPolicy)
.connectionTimeoutMs(Constants.ZOO_KEEPER_TIMEOUT)
.sessionTimeoutMs(Constants.ZOO_KEEPER_TIMEOUT * 3)
.authorization("digest", authString.getBytes()).build();
try {
acl.clear();
acl.add(new ACL(ZooDefs.Perms.ALL,
new Id("digest", DigestAuthenticationProvider.generateDigest(authString))));
acl.add(new ACL(ZooDefs.Perms.READ, ZooDefs.Ids.ANYONE_ID_UNSAFE));
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
LOGGER.error("ZKUtil-->>create() error,", e);
}
return client;
}
Example #4
| Source File: ZKManager.java From tbschedule with Apache License 2.0 | 6 votes |
|
private void createZookeeper(final CountDownLatch connectionLatch) throws Exception {
zk = new ZooKeeper(this.properties.getProperty(keys.zkConnectString.toString()),
Integer.parseInt(this.properties.getProperty(keys.zkSessionTimeout.toString())),
new Watcher() {
@Override
public void process(WatchedEvent event) {
sessionEvent(connectionLatch, event);
}
});
String authString = this.properties.getProperty(keys.userName.toString()) + ":" + this.properties
.getProperty(keys.password.toString());
this.isCheckParentPath = Boolean
.parseBoolean(this.properties.getProperty(keys.isCheckParentPath.toString(), "true"));
zk.addAuthInfo("digest", authString.getBytes());
acl.clear();
acl.add(new ACL(ZooDefs.Perms.ALL, new Id("digest", DigestAuthenticationProvider.generateDigest(authString))));
acl.add(new ACL(ZooDefs.Perms.READ, Ids.ANYONE_ID_UNSAFE));
}
Example #5
| Source File: ZKManager.java From uncode-schedule with Apache License 2.0 | 6 votes |
|
private void createZookeeper(final CountDownLatch connectionLatch) throws Exception {
zk = new ZooKeeper(this.properties.getProperty(keys.zkConnectString
.toString()), Integer.parseInt(this.properties
.getProperty(keys.zkSessionTimeout.toString())),
new Watcher() {
public void process(WatchedEvent event) {
sessionEvent(connectionLatch, event);
}
});
String authString = this.properties.getProperty(keys.userName.toString())
+ ":" + this.properties.getProperty(keys.password.toString());
zk.addAuthInfo("digest", authString.getBytes());
acl.clear();
acl.add(new ACL(ZooDefs.Perms.ALL, new Id("digest",
DigestAuthenticationProvider.generateDigest(authString))));
acl.add(new ACL(ZooDefs.Perms.READ, Ids.ANYONE_ID_UNSAFE));
}
Example #6
| Source File: ZKRMStateStore.java From hadoop with Apache License 2.0 | 6 votes |
|
/**
* Given the {@link Configuration} and {@link ACL}s used (zkAcl) for
* ZooKeeper access, construct the {@link ACL}s for the store's root node.
* In the constructed {@link ACL}, all the users allowed by zkAcl are given
* rwa access, while the current RM has exclude create-delete access.
*
* To be called only when HA is enabled and the configuration doesn't set ACL
* for the root node.
*/
@VisibleForTesting
@Private
@Unstable
protected List<ACL> constructZkRootNodeACL(
Configuration conf, List<ACL> sourceACLs) throws NoSuchAlgorithmException {
List<ACL> zkRootNodeAcl = new ArrayList<ACL>();
for (ACL acl : sourceACLs) {
zkRootNodeAcl.add(new ACL(
ZKUtil.removeSpecificPerms(acl.getPerms(), CREATE_DELETE_PERMS),
acl.getId()));
}
zkRootNodeUsername = HAUtil.getConfValueForRMInstance(
YarnConfiguration.RM_ADDRESS,
YarnConfiguration.DEFAULT_RM_ADDRESS, conf);
Id rmId = new Id(zkRootNodeAuthScheme,
DigestAuthenticationProvider.generateDigest(
zkRootNodeUsername + ":" + zkRootNodePassword));
zkRootNodeAcl.add(new ACL(CREATE_DELETE_PERMS, rmId));
return zkRootNodeAcl;
}
Example #7
| Source File: ZKManager.java From uncode-schedule with GNU General Public License v2.0 | 6 votes |
|
private void createZookeeper(final CountDownLatch connectionLatch) throws Exception {
zk = new ZooKeeper(this.properties.getProperty(keys.zkConnectString
.toString()), Integer.parseInt(this.properties
.getProperty(keys.zkSessionTimeout.toString())),
new Watcher() {
public void process(WatchedEvent event) {
sessionEvent(connectionLatch, event);
}
});
String authString = this.properties.getProperty(keys.userName.toString())
+ ":"+ this.properties.getProperty(keys.password.toString());
zk.addAuthInfo("digest", authString.getBytes());
acl.clear();
acl.add(new ACL(ZooDefs.Perms.ALL, new Id("digest",
DigestAuthenticationProvider.generateDigest(authString))));
acl.add(new ACL(ZooDefs.Perms.READ, Ids.ANYONE_ID_UNSAFE));
}
Example #8
| Source File: ZookeeperUtil.java From javabase with Apache License 2.0 | 6 votes |
|
/**
*
* @return
*/
public List<ACL> getCreateNodeAcls() {
List<ACL> listAcls = new ArrayList<ACL>(3);
try {
Id id = new Id(PropertiesDynLoading.authScheme,
DigestAuthenticationProvider.generateDigest(PropertiesDynLoading.accessKey));
ACL acl = new ACL(Perms.CREATE, id);
listAcls.add(acl);
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
return Ids.OPEN_ACL_UNSAFE;
}
return listAcls;
}
Example #9
| Source File: ZKRMStateStore.java From big-c with Apache License 2.0 | 6 votes |
|
/**
* Given the {@link Configuration} and {@link ACL}s used (zkAcl) for
* ZooKeeper access, construct the {@link ACL}s for the store's root node.
* In the constructed {@link ACL}, all the users allowed by zkAcl are given
* rwa access, while the current RM has exclude create-delete access.
*
* To be called only when HA is enabled and the configuration doesn't set ACL
* for the root node.
*/
@VisibleForTesting
@Private
@Unstable
protected List<ACL> constructZkRootNodeACL(
Configuration conf, List<ACL> sourceACLs) throws NoSuchAlgorithmException {
List<ACL> zkRootNodeAcl = new ArrayList<ACL>();
for (ACL acl : sourceACLs) {
zkRootNodeAcl.add(new ACL(
ZKUtil.removeSpecificPerms(acl.getPerms(), CREATE_DELETE_PERMS),
acl.getId()));
}
zkRootNodeUsername = HAUtil.getConfValueForRMInstance(
YarnConfiguration.RM_ADDRESS,
YarnConfiguration.DEFAULT_RM_ADDRESS, conf);
Id rmId = new Id(zkRootNodeAuthScheme,
DigestAuthenticationProvider.generateDigest(
zkRootNodeUsername + ":" + zkRootNodePassword));
zkRootNodeAcl.add(new ACL(CREATE_DELETE_PERMS, rmId));
return zkRootNodeAcl;
}
Example #10
| Source File: ZookeeperUtil.java From javabase with Apache License 2.0 | 5 votes |
|
public List<ACL> getAdminAcls() {
List<ACL> listAcls = new ArrayList<ACL>(3);
try {
Id id = new Id(PropertiesDynLoading.authScheme,
DigestAuthenticationProvider.generateDigest(PropertiesDynLoading.accessKey));
ACL acl = new ACL(Perms.ALL, id);
listAcls.add(acl);
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
return Ids.OPEN_ACL_UNSAFE;
}
return listAcls;
}
Example #11
| Source File: TestZkAclsWithHadoopAuth.java From lucene-solr with Apache License 2.0 | 5 votes |
|
private static String digest (String userName, String passwd) {
try {
return DigestAuthenticationProvider.generateDigest(userName+":"+passwd);
} catch (NoSuchAlgorithmException ex) {
throw new RuntimeException(ex);
}
}
Example #12
| Source File: VMParamsAllAndReadonlyDigestZkACLProvider.java From lucene-solr with Apache License 2.0 | 5 votes |
|
/**
* Note: only used for tests
*/
protected List<ACL> createACLsToAdd(boolean includeReadOnly,
String digestAllUsername, String digestAllPassword,
String digestReadonlyUsername, String digestReadonlyPassword) {
try {
List<ACL> result = new ArrayList<ACL>();
// Not to have to provide too much credentials and ACL information to the process it is assumed that you want "ALL"-acls
// added to the user you are using to connect to ZK (if you are using VMParamsSingleSetCredentialsDigestZkCredentialsProvider)
if (!StringUtils.isEmpty(digestAllUsername) && !StringUtils.isEmpty(digestAllPassword)) {
result.add(new ACL(ZooDefs.Perms.ALL, new Id("digest", DigestAuthenticationProvider.generateDigest(digestAllUsername + ":" + digestAllPassword))));
}
if (includeReadOnly) {
// Besides that support for adding additional "READONLY"-acls for another user
if (!StringUtils.isEmpty(digestReadonlyUsername) && !StringUtils.isEmpty(digestReadonlyPassword)) {
result.add(new ACL(ZooDefs.Perms.READ, new Id("digest", DigestAuthenticationProvider.generateDigest(digestReadonlyUsername + ":" + digestReadonlyPassword))));
}
}
if (result.isEmpty()) {
result = ZooDefs.Ids.OPEN_ACL_UNSAFE;
}
return result;
} catch (NoSuchAlgorithmException e) {
throw new RuntimeException(e);
}
}
Example #13
| Source File: RegistrySecurity.java From big-c with Apache License 2.0 | 5 votes |
|
/**
* Generate a base-64 encoded digest of the idPasswordPair pair
* @param idPasswordPair id:password
* @return a string that can be used for authentication
*/
public String digest(String idPasswordPair) throws IOException {
if (StringUtils.isEmpty(idPasswordPair) || !isValid(idPasswordPair)) {
throw new IOException("Invalid id:password: " + idPasswordPair);
}
try {
return DigestAuthenticationProvider.generateDigest(idPasswordPair);
} catch (NoSuchAlgorithmException e) {
// unlikely since it is standard to the JVM, but maybe JCE restrictions
// could trigger it
throw new IOException(e.toString(), e);
}
}
Example #14
| Source File: SafeZclient.java From javabase with Apache License 2.0 | 5 votes |
|
/**
* 授权访问
* Zookeeper对权限的控制是节点级别的,而且不继承,即对父节点设置权限,其子节点不继承父节点的权限
* Zookeeper提供了几种认证方式
* world:有个单一的ID,anyone,表示任何人。
* auth:不使用任何ID,表示任何通过验证的用户(是通过ZK验证的用户?连接到此ZK服务器的用户?)。
* digest:使用 用户名:密码 字符串生成MD5哈希值作为ACL标识符ID。权限的验证通过直接发送用户名密码字符串的方式完成,
* ip:使用客户端主机ip地址作为一个ACL标识符,ACL表达式是以 addr/bits 这种格式表示的。ZK服务器会将addr的前bits位与客户端地址的前bits位来进行匹配验证权限。
* @param zooKeeper
*/
private static List<ACL> getACL(ZkClient zooKeeper) throws Exception {
// 配置两个用户admin有读写权限,gao有读的权限
String userOne = "admin:admin";
String userTwo = "gao:gao";
// zooKeeper.addAuthInfo("digest",userOne.getBytes("UTF-8"));
Id idOne = new Id("digest", DigestAuthenticationProvider.generateDigest(userOne));
Id idTwo = new Id("digest", DigestAuthenticationProvider.generateDigest(userTwo));
// 读
ACL acl = new ACL(ZooDefs.Perms.ALL, idOne);
// 写
ACL aclRead = new ACL(ZooDefs.Perms.READ, idTwo);
List<ACL> acls = Arrays.asList(acl, aclRead);
return acls;
}
Example #15
| Source File: ZookeeperTest.java From uncode-schedule with GNU General Public License v2.0 | 5 votes |
|
@Test
public void testCreateTask() throws Exception {
ZooKeeper zk = new ZooKeeper("localhost:2181", 3000, null);
List<ACL> acls = new ArrayList<ACL>();
zk.addAuthInfo("digest", "ScheduleAdmin:password".getBytes());
acls.add(new ACL(ZooDefs.Perms.ALL, new Id("digest",
DigestAuthenticationProvider.generateDigest("ScheduleAdmin:password"))));
acls.add(new ACL(ZooDefs.Perms.READ, Ids.ANYONE_ID_UNSAFE));
zk.create("/uncode/schedule/task/taskObj#print", new byte[0], acls, CreateMode.PERSISTENT);
zk.getData("/uncode/schedule/task/taskObj#print", false, null);
}
Example #16
| Source File: RegistrySecurity.java From hadoop with Apache License 2.0 | 5 votes |
|
/**
* Generate a base-64 encoded digest of the idPasswordPair pair
* @param idPasswordPair id:password
* @return a string that can be used for authentication
*/
public String digest(String idPasswordPair) throws IOException {
if (StringUtils.isEmpty(idPasswordPair) || !isValid(idPasswordPair)) {
throw new IOException("Invalid id:password: " + idPasswordPair);
}
try {
return DigestAuthenticationProvider.generateDigest(idPasswordPair);
} catch (NoSuchAlgorithmException e) {
// unlikely since it is standard to the JVM, but maybe JCE restrictions
// could trigger it
throw new IOException(e.toString(), e);
}
}
Example #17
| Source File: ZookeeperTest.java From tbschedule with Apache License 2.0 | 5 votes |
|
@Test
public void testACL() throws Exception {
ZooKeeper zk = new ZooKeeper("localhost:2181", 3000, new ScheduleWatcher(null));
List<ACL> acls = new ArrayList<ACL>();
zk.addAuthInfo("digest", "TestUser:password".getBytes());
acls.add(new ACL(ZooDefs.Perms.ALL,
new Id("digest", DigestAuthenticationProvider.generateDigest("TestUser:password"))));
acls.add(new ACL(ZooDefs.Perms.READ, Ids.ANYONE_ID_UNSAFE));
zk.create("/abc", new byte[0], acls, CreateMode.PERSISTENT);
zk.getData("/abc", false, null);
}
Example #18
| Source File: ZookeeperManager.java From chronus with Apache License 2.0 | 5 votes |
|
private void connect() throws Exception {
RetryPolicy retryPolicy = new RetryUntilElapsed(Integer.MAX_VALUE, 10);
String userName = properties.getProperty(keys.userName.toString());
String zkConnectString = properties.getProperty(keys.zkConnectString.toString());
int zkSessionTimeout = Integer.parseInt(properties.getProperty(keys.zkSessionTimeout.toString()));
int zkConnectionTimeout = Integer.parseInt(properties.getProperty(keys.zkConnectionTimeout.toString()));
boolean isCheckParentPath = Boolean.parseBoolean(properties.getProperty(keys.isCheckParentPath.toString(), "true"));
String authString = userName + ":" + properties.getProperty(keys.password.toString());
acl.clear();
acl.add(new ACL(ZooDefs.Perms.ALL, new Id("digest", DigestAuthenticationProvider.generateDigest(authString))));
acl.add(new ACL(ZooDefs.Perms.READ, Ids.ANYONE_ID_UNSAFE));
log.info("----------------------------开始创建ZK连接----------------------------");
log.info("zkConnectString:{}", zkConnectString);
log.info("zkSessionTimeout:{}", zkSessionTimeout);
log.info("zkConnectionTimeout:{}", zkConnectionTimeout);
log.info("isCheckParentPath:{}", isCheckParentPath);
log.info("userName:{}", userName);
curator = CuratorFrameworkFactory.builder().connectString(zkConnectString)
.sessionTimeoutMs(zkSessionTimeout)
.connectionTimeoutMs(zkConnectionTimeout)
.retryPolicy(retryPolicy).authorization("digest", authString.getBytes())
.aclProvider(new ACLProvider() {
@Override
public List<ACL> getDefaultAcl() {
return ZooDefs.Ids.CREATOR_ALL_ACL;
}
@Override
public List<ACL> getAclForPath(String path) {
return ZooDefs.Ids.CREATOR_ALL_ACL;
}
}).build();
curator.start();
log.info("----------------------------创建ZK连接成功----------------------------");
this.isCheckParentPath = isCheckParentPath;
}
Example #19
| Source File: ZKClientTest.java From twill with Apache License 2.0 | 4 votes |
|
@Test
public void testACL() throws IOException, ExecutionException, InterruptedException, NoSuchAlgorithmException {
InMemoryZKServer zkServer = InMemoryZKServer.builder().setDataDir(tmpFolder.newFolder()).setTickTime(1000).build();
zkServer.startAndWait();
try {
String userPass = "user:pass";
String digest = DigestAuthenticationProvider.generateDigest(userPass);
// Creates two zkclients
ZKClientService zkClient = ZKClientService.Builder
.of(zkServer.getConnectionStr())
.addAuthInfo("digest", userPass.getBytes())
.build();
zkClient.startAndWait();
ZKClientService noAuthClient = ZKClientService.Builder.of(zkServer.getConnectionStr()).build();
noAuthClient.startAndWait();
// Create a node that is readable by all client, but admin for the creator
String path = "/testacl";
zkClient.create(path, "test".getBytes(), CreateMode.PERSISTENT,
ImmutableList.of(
new ACL(ZooDefs.Perms.READ, ZooDefs.Ids.ANYONE_ID_UNSAFE),
new ACL(ZooDefs.Perms.ALL, ZooDefs.Ids.AUTH_IDS)
)).get();
// Verify the ACL
ACLData aclData = zkClient.getACL(path).get();
Assert.assertEquals(2, aclData.getACL().size());
ACL acl = aclData.getACL().get(1);
Assert.assertEquals(ZooDefs.Perms.ALL, acl.getPerms());
Assert.assertEquals("digest", acl.getId().getScheme());
Assert.assertEquals(digest, acl.getId().getId());
Assert.assertArrayEquals("test".getBytes(), noAuthClient.getData(path).get().getData());
// When tries to write using the no-auth zk client, it should fail.
try {
noAuthClient.setData(path, "test2".getBytes()).get();
Assert.fail();
} catch (ExecutionException e) {
Assert.assertTrue(e.getCause() instanceof KeeperException.NoAuthException);
}
// Change ACL to make it open for all
zkClient.setACL(path, ImmutableList.of(new ACL(ZooDefs.Perms.WRITE, ZooDefs.Ids.ANYONE_ID_UNSAFE))).get();
// Write again with the non-auth client, now should succeed.
noAuthClient.setData(path, "test2".getBytes()).get();
noAuthClient.stopAndWait();
zkClient.stopAndWait();
} finally {
zkServer.stopAndWait();
}
}
Example #20
| Source File: ZookeeperDataSourceTest.java From Sentinel-Dashboard-Nacos with Apache License 2.0 | 4 votes |
|
@Test
public void testZooKeeperDataSourceAuthorization() throws Exception {
TestingServer server = new TestingServer(21812);
server.start();
final String remoteAddress = server.getConnectString();
final String groupId = "sentinel-zk-ds-demo";
final String dataId = "flow-HK";
final String path = "/" + groupId + "/" + dataId;
final String scheme = "digest";
final String auth = "root:123456";
AuthInfo authInfo = new AuthInfo(scheme, auth.getBytes());
List<AuthInfo> authInfoList = Collections.singletonList(authInfo);
CuratorFramework zkClient = CuratorFrameworkFactory.builder().
connectString(remoteAddress).
retryPolicy(new ExponentialBackoffRetry(3, 100)).
authorization(authInfoList).
build();
zkClient.start();
Stat stat = zkClient.checkExists().forPath(path);
if (stat == null) {
ACL acl = new ACL(ZooDefs.Perms.ALL, new Id(scheme, DigestAuthenticationProvider.generateDigest(auth)));
zkClient.create().creatingParentContainersIfNeeded().withACL(Collections.singletonList(acl)).forPath(path, null);
}
ReadableDataSource<String, List<FlowRule>> flowRuleDataSource = new ZookeeperDataSource<List<FlowRule>>(remoteAddress,
authInfoList, groupId, dataId,
new Converter<String, List<FlowRule>>() {
@Override
public List<FlowRule> convert(String source) {
return JSON.parseObject(source, new TypeReference<List<FlowRule>>() {
});
}
});
FlowRuleManager.register2Property(flowRuleDataSource.getProperty());
final String resourceName = "HK";
publishThenTestFor(zkClient, path, resourceName, 10);
publishThenTestFor(zkClient, path, resourceName, 15);
zkClient.close();
server.stop();
}
Example #21
| Source File: TestZKDelegationTokenSecretManager.java From big-c with Apache License 2.0 | 4 votes |
|
@Test
public void testACLs() throws Exception {
DelegationTokenManager tm1;
String connectString = zkServer.getConnectString();
Configuration conf = getSecretConf(connectString);
RetryPolicy retryPolicy = new ExponentialBackoffRetry(1000, 3);
String userPass = "myuser:mypass";
final ACL digestACL = new ACL(ZooDefs.Perms.ALL, new Id("digest",
DigestAuthenticationProvider.generateDigest(userPass)));
ACLProvider digestAclProvider = new ACLProvider() {
@Override
public List<ACL> getAclForPath(String path) { return getDefaultAcl(); }
@Override
public List<ACL> getDefaultAcl() {
List<ACL> ret = new ArrayList<ACL>();
ret.add(digestACL);
return ret;
}
};
CuratorFramework curatorFramework =
CuratorFrameworkFactory.builder()
.connectString(connectString)
.retryPolicy(retryPolicy)
.aclProvider(digestAclProvider)
.authorization("digest", userPass.getBytes("UTF-8"))
.build();
curatorFramework.start();
ZKDelegationTokenSecretManager.setCurator(curatorFramework);
tm1 = new DelegationTokenManager(conf, new Text("bla"));
tm1.init();
// check ACL
String workingPath = conf.get(ZKDelegationTokenSecretManager.ZK_DTSM_ZNODE_WORKING_PATH);
verifyACL(curatorFramework, "/" + workingPath, digestACL);
tm1.destroy();
ZKDelegationTokenSecretManager.setCurator(null);
curatorFramework.close();
}
Example #22
| Source File: TestZKDelegationTokenSecretManager.java From hadoop with Apache License 2.0 | 4 votes |
|
@Test
public void testACLs() throws Exception {
DelegationTokenManager tm1;
String connectString = zkServer.getConnectString();
Configuration conf = getSecretConf(connectString);
RetryPolicy retryPolicy = new ExponentialBackoffRetry(1000, 3);
String userPass = "myuser:mypass";
final ACL digestACL = new ACL(ZooDefs.Perms.ALL, new Id("digest",
DigestAuthenticationProvider.generateDigest(userPass)));
ACLProvider digestAclProvider = new ACLProvider() {
@Override
public List<ACL> getAclForPath(String path) { return getDefaultAcl(); }
@Override
public List<ACL> getDefaultAcl() {
List<ACL> ret = new ArrayList<ACL>();
ret.add(digestACL);
return ret;
}
};
CuratorFramework curatorFramework =
CuratorFrameworkFactory.builder()
.connectString(connectString)
.retryPolicy(retryPolicy)
.aclProvider(digestAclProvider)
.authorization("digest", userPass.getBytes("UTF-8"))
.build();
curatorFramework.start();
ZKDelegationTokenSecretManager.setCurator(curatorFramework);
tm1 = new DelegationTokenManager(conf, new Text("bla"));
tm1.init();
// check ACL
String workingPath = conf.get(ZKDelegationTokenSecretManager.ZK_DTSM_ZNODE_WORKING_PATH);
verifyACL(curatorFramework, "/" + workingPath, digestACL);
tm1.destroy();
ZKDelegationTokenSecretManager.setCurator(null);
curatorFramework.close();
}
Example #23
| Source File: SolrZkClientTest.java From lucene-solr with Apache License 2.0 | 4 votes |
|
@Override
public void setUp() throws Exception {
super.setUp();
configureCluster(1)
.addConfig("_default", new File(ExternalPaths.DEFAULT_CONFIGSET).toPath())
.configure();
solrClient = getCloudSolrClient(cluster.getZkServer().getZkAddress());
final String SCHEME = "digest";
final String AUTH = "user:pass";
Path zkDir = createTempDir();
log.info("ZooKeeper dataDir:{}", zkDir);
zkServer = new ZkTestServer(zkDir);
zkServer.run();
try (SolrZkClient client = new SolrZkClient(zkServer.getZkHost(), AbstractZkTestCase.TIMEOUT)) {
// Set up chroot
client.makePath("/solr", false, true);
}
defaultClient = new SolrZkClient(zkServer.getZkAddress(), AbstractZkTestCase.TIMEOUT);
defaultClient.makePath(PATH, true);
aclClient = new SolrZkClient(zkServer.getZkAddress(), AbstractZkTestCase.TIMEOUT) {
@Override
protected ZkACLProvider createZkACLProvider() {
return new DefaultZkACLProvider() {
@Override
protected List<ACL> createGlobalACLsToAdd() {
try {
Id id = new Id(SCHEME, DigestAuthenticationProvider.generateDigest(AUTH));
return Collections.singletonList(new ACL(ZooDefs.Perms.ALL, id));
} catch (NoSuchAlgorithmException e) {
throw new RuntimeException(e);
}
}
};
}
};
credentialsClient = new SolrZkClient(zkServer.getZkAddress(), AbstractZkTestCase.TIMEOUT) {
@Override
protected ZkCredentialsProvider createZkCredentialsToAddAutomatically() {
return new DefaultZkCredentialsProvider() {
@Override
protected Collection<ZkCredentials> createCredentials() {
return Collections.singleton(new ZkCredentials(SCHEME, AUTH.getBytes(StandardCharsets.UTF_8)));
}
};
}
};
}
Example #24
| Source File: ZookeeperDataSourceTest.java From Sentinel with Apache License 2.0 | 4 votes |
|
@Test
public void testZooKeeperDataSourceAuthorization() throws Exception {
TestingServer server = new TestingServer(21812);
server.start();
final String remoteAddress = server.getConnectString();
final String groupId = "sentinel-zk-ds-demo";
final String dataId = "flow-HK";
final String path = "/" + groupId + "/" + dataId;
final String scheme = "digest";
final String auth = "root:123456";
AuthInfo authInfo = new AuthInfo(scheme, auth.getBytes());
List<AuthInfo> authInfoList = Collections.singletonList(authInfo);
CuratorFramework zkClient = CuratorFrameworkFactory.builder().
connectString(remoteAddress).
retryPolicy(new ExponentialBackoffRetry(3, 100)).
authorization(authInfoList).
build();
zkClient.start();
Stat stat = zkClient.checkExists().forPath(path);
if (stat == null) {
ACL acl = new ACL(ZooDefs.Perms.ALL, new Id(scheme, DigestAuthenticationProvider.generateDigest(auth)));
zkClient.create().creatingParentContainersIfNeeded().withACL(Collections.singletonList(acl)).forPath(path, null);
}
ReadableDataSource<String, List<FlowRule>> flowRuleDataSource = new ZookeeperDataSource<List<FlowRule>>(remoteAddress,
authInfoList, groupId, dataId,
new Converter<String, List<FlowRule>>() {
@Override
public List<FlowRule> convert(String source) {
return JSON.parseObject(source, new TypeReference<List<FlowRule>>() {
});
}
});
FlowRuleManager.register2Property(flowRuleDataSource.getProperty());
final String resourceName = "HK";
publishThenTestFor(zkClient, path, resourceName, 10);
publishThenTestFor(zkClient, path, resourceName, 15);
zkClient.close();
server.stop();
}
