if (authId.getScheme().equals("super")) { return; Id id = a.getId(); if ((a.getPerms() & perm) != 0) { if (id.getScheme().equals("world") && id.getId().equals("anyone")) { return; .getScheme()); if (ap != null) { for (Id authId : ids) { if (authId.getScheme().equals(id.getScheme()) && ap.matches(new ServerAuthenticationProvider.ServerObjs(zks, cnxn), new ServerAuthenticationProvider.MatchValues(path, authId.getId(), id.getId(), perm, setAcls))) {
if (authId.getScheme().equals("super")) { return; Id id = a.getId(); if ((a.getPerms() & perm) != 0) { if (id.getScheme().equals("world") && id.getId().equals("anyone")) { return; .getScheme()); if (ap != null) { for (Id authId : ids) { if (authId.getScheme().equals(id.getScheme()) && ap.matches(authId.getId(), id.getId())) { return;
if (id == null || id.getScheme() == null) { throw new KeeperException.InvalidACLException(path); if (id.getScheme().equals("world") && id.getId().equals("anyone")) { rv.add(a); } else if (id.getScheme().equals("auth")) { for (Id cid : authInfo) { ServerAuthenticationProvider ap = ProviderRegistry.getServerProvider(cid.getScheme()); if (ap == null) { LOG.error("Missing AuthenticationProvider for " + cid.getScheme()); } else if (ap.isAuthenticated()) { authIdValid = true; ServerAuthenticationProvider ap = ProviderRegistry.getServerProvider(id.getScheme()); if (ap == null || !ap.isValid(id.getId())) { throw new KeeperException.InvalidACLException(path);
} else if ("sasl".equals(id.getScheme())) { String name = id.getId();
authInfo.getId(), authInfo.getScheme()); return KeeperException.Code.OK;
ACL a = it.next(); Id id = a.getId(); if (id.getScheme().equals("world") && id.getId().equals("anyone")) { } else if (id.getScheme().equals("auth")) { for (Id cid : authInfo) { AuthenticationProvider ap = ProviderRegistry.getProvider(cid.getScheme()); if (ap == null) { LOG.error("Missing AuthenticationProvider for " + cid.getScheme()); } else if (ap.isAuthenticated()) { authIdValid = true; .getScheme()); if (ap == null) { return false;
@Test public void testSuperAuth() { X509AuthenticationProvider provider = createProvider(superCert); MockServerCnxn cnxn = new MockServerCnxn(); cnxn.clientChain = new X509Certificate[] { superCert }; Assert.assertEquals(KeeperException.Code.OK, provider.handleAuthentication(cnxn, null)); Assert.assertEquals("super", cnxn.getAuthInfo().get(0).getScheme()); }
boolean foundHBaseOwnerAcl = false; for(int i = 0; i < 2; i++) { if (acls.get(i).getId().getScheme().equals("world") == true) { assertEquals("anyone", acls.get(0).getId().getId()); assertEquals(ZooDefs.Perms.READ, acls.get(0).getPerms()); foundWorldReadableAcl = true; } else { if (acls.get(i).getId().getScheme().equals("sasl") == true) { assertEquals("hbase", acls.get(1).getId().getId()); assertEquals("sasl", acls.get(1).getId().getScheme()); foundHBaseOwnerAcl = true; } else { // error: should not get here: test fails.
boolean foundHBaseOwnerAcl = false; for(int i = 0; i < 2; i++) { if (acls.get(i).getId().getScheme().equals("world") == true) { assertEquals("anyone", acls.get(0).getId().getId()); assertEquals(ZooDefs.Perms.READ, acls.get(0).getPerms()); foundWorldReadableAcl = true; } else { if (acls.get(i).getId().getScheme().equals("sasl") == true) { assertEquals("hbase", acls.get(1).getId().getId()); assertEquals("sasl", acls.get(1).getId().getScheme()); foundHBaseOwnerAcl = true; } else { // error: should not get here: test fails.
/** * Finally, we check the ACLs of a node outside of the /hbase hierarchy and * verify that its ACL is simply 'hbase:Perms.ALL'. */ @Test public void testOutsideHBaseNodeACL() throws Exception { if (!secureZKAvailable) { return; } ZKUtil.createWithParents(zkw, "/testACLNode"); List<ACL> acls = zkw.getRecoverableZooKeeper().getZooKeeper() .getACL("/testACLNode", new Stat()); assertEquals(1, acls.size()); assertEquals("sasl", acls.get(0).getId().getScheme()); assertEquals("hbase", acls.get(0).getId().getId()); assertEquals(ZooDefs.Perms.ALL, acls.get(0).getPerms()); }
boolean foundHBaseOwnerAcl = false; for(int i = 0; i < 2; i++) { if (acls.get(i).getId().getScheme().equals("world") == true) { assertEquals("anyone", acls.get(0).getId().getId()); assertEquals(ZooDefs.Perms.READ, acls.get(0).getPerms()); if (acls.get(i).getId().getScheme().equals("sasl") == true) { assertEquals("hbase", acls.get(1).getId().getId()); assertEquals("sasl", acls.get(1).getId().getScheme()); foundHBaseOwnerAcl = true; } else { // error: should not get here: test fails.
/** * Create a node and check its ACL. When authentication is enabled on * ZooKeeper, all nodes (except /hbase/root-region-server, /hbase/master * and /hbase/hbaseid) should be created so that only the hbase server user * (master or region server user) that created them can access them, and * this user should have all permissions on this node. For * /hbase/root-region-server, /hbase/master, and /hbase/hbaseid the * permissions should be as above, but should also be world-readable. First * we check the general case of /hbase nodes in the following test, and * then check the subset of world-readable nodes in the three tests after * that. */ @Test public void testHBaseRootZNodeACL() throws Exception { if (!secureZKAvailable) { return; } List<ACL> acls = zkw.getRecoverableZooKeeper().getZooKeeper() .getACL("/hbase", new Stat()); assertEquals(1, acls.size()); assertEquals("sasl", acls.get(0).getId().getScheme()); assertEquals("hbase", acls.get(0).getId().getId()); assertEquals(ZooDefs.Perms.ALL, acls.get(0).getPerms()); }
Id actualId = actualAcl.getId(); if (actualAcl.getPerms() == expectedAcl.getPerms() && actualId.getScheme().equals("digest") && actualId.getId().startsWith("accumulo:")) { initialized.set(true);
/** * 获得节点ACL信息 * @param path * @return * @throws Exception */ @Override public Map<String, Object> getACL(String path) throws Exception { ACL acl = client.getACL().forPath(path).get(0); Id id = acl.getId(); HashMap<String, Object> map = new HashMap<>(); map.put("perms",acl.getPerms()); map.put("id",id.getId()); map.put("scheme",id.getScheme()); return map; }
ZooKeeperACLAdapter(ACL acl) { this.permissions = acl.getPerms(); this.type = acl.getId().getScheme(); this.id = acl.getId().getId(); }
private static boolean verifyZKACL(String id, String scheme, int perm, List<ACL> acls) { for (ACL acl : acls) { if (acl.getId().getScheme().equals(scheme) && acl.getId().getId().startsWith(id) && acl.getPerms() == perm) { return true; } } return false; }
private static boolean verifyZKACL(String id, String scheme, int perm, List<ACL> acls) { for (ACL acl : acls) { if (acl.getId().getScheme().equals(scheme) && acl.getId().getId().startsWith(id) && acl.getPerms() == perm) { return true; } } return false; }
/** * Finally, we check the ACLs of a node outside of the /hbase hierarchy and * verify that its ACL is simply 'hbase:Perms.ALL'. */ @Test public void testOutsideHBaseNodeACL() throws Exception { if (!secureZKAvailable) { return; } ZKUtil.createWithParents(zkw, "/testACLNode"); List<ACL> acls = zkw.getRecoverableZooKeeper().getZooKeeper() .getACL("/testACLNode", new Stat()); assertEquals(1, acls.size()); assertEquals("sasl", acls.get(0).getId().getScheme()); assertEquals("hbase", acls.get(0).getId().getId()); assertEquals(ZooDefs.Perms.ALL, acls.get(0).getPerms()); }
@Test public void testGoodACLs() { List<ACL> result = ZKUtil.parseACLs( "sasl:hdfs/host1@MY.DOMAIN:cdrwa, sasl:hdfs/host2@MY.DOMAIN:ca"); ACL acl0 = result.get(0); assertEquals(Perms.CREATE | Perms.DELETE | Perms.READ | Perms.WRITE | Perms.ADMIN, acl0.getPerms()); assertEquals("sasl", acl0.getId().getScheme()); assertEquals("hdfs/host1@MY.DOMAIN", acl0.getId().getId()); ACL acl1 = result.get(1); assertEquals(Perms.CREATE | Perms.ADMIN, acl1.getPerms()); assertEquals("sasl", acl1.getId().getScheme()); assertEquals("hdfs/host2@MY.DOMAIN", acl1.getId().getId()); }
@Test public void testGoodACLs() { List<ACL> result = ZKUtil.parseACLs( "sasl:hdfs/host1@MY.DOMAIN:cdrwa, sasl:hdfs/host2@MY.DOMAIN:ca"); ACL acl0 = result.get(0); assertEquals(Perms.CREATE | Perms.DELETE | Perms.READ | Perms.WRITE | Perms.ADMIN, acl0.getPerms()); assertEquals("sasl", acl0.getId().getScheme()); assertEquals("hdfs/host1@MY.DOMAIN", acl0.getId().getId()); ACL acl1 = result.get(1); assertEquals(Perms.CREATE | Perms.ADMIN, acl1.getPerms()); assertEquals("sasl", acl1.getId().getScheme()); assertEquals("hdfs/host2@MY.DOMAIN", acl1.getId().getId()); }