类org.apache.zookeeper.ZooDefs.Perms源码实例Demo

下面列出了怎么用org.apache.zookeeper.ZooDefs.Perms的API类实例代码及写法,或者点击链接到github查看源代码。

源代码1 项目: javabase   文件: ZookeeperUtil.java
/**
 *
 * @return
 */
public List<ACL> getCreateNodeAcls() {
    List<ACL> listAcls = new ArrayList<ACL>(3);
    try {
        Id id = new Id(PropertiesDynLoading.authScheme,
                DigestAuthenticationProvider.generateDigest(PropertiesDynLoading.accessKey));
        ACL acl = new ACL(Perms.CREATE, id);
        listAcls.add(acl);

    } catch (NoSuchAlgorithmException e) {

        e.printStackTrace();
        return Ids.OPEN_ACL_UNSAFE;
    }
    return listAcls;
}
 
源代码2 项目: hbase   文件: ZKWatcher.java
private boolean checkACLForSuperUsers(String[] superUsers, List<ACL> acls) {
  for (String user : superUsers) {
    boolean hasAccess = false;
    // TODO: Validate super group members also when ZK supports setting node ACL for groups.
    if (!AuthUtil.isGroupPrincipal(user)) {
      for (ACL acl : acls) {
        if (user.equals(acl.getId().getId())) {
          if (acl.getPerms() == Perms.ALL) {
            hasAccess = true;
          } else {
            if (LOG.isDebugEnabled()) {
              LOG.debug(String.format(
                "superuser '%s' does not have correct permissions: have 0x%x, want 0x%x",
                acl.getId().getId(), acl.getPerms(), Perms.ALL));
            }
          }
          break;
        }
      }
      if (!hasAccess) {
        return false;
      }
    }
  }
  return true;
}
 
源代码3 项目: hadoop   文件: TestZKUtil.java
@Test
public void testRemoveSpecificPerms() {
  int perms = Perms.ALL;
  int remove = Perms.CREATE;
  int newPerms = ZKUtil.removeSpecificPerms(perms, remove);
  assertEquals("Removal failed", 0, newPerms & Perms.CREATE);
}
 
源代码4 项目: hadoop   文件: TestZKUtil.java
@Test
public void testGoodACLs() {
  List<ACL> result = ZKUtil.parseACLs(
      "sasl:hdfs/[email protected]:cdrwa, sasl:hdfs/[email protected]:ca");
  ACL acl0 = result.get(0);
  assertEquals(Perms.CREATE | Perms.DELETE | Perms.READ |
      Perms.WRITE | Perms.ADMIN, acl0.getPerms());
  assertEquals("sasl", acl0.getId().getScheme());
  assertEquals("hdfs/[email protected]", acl0.getId().getId());
  
  ACL acl1 = result.get(1);
  assertEquals(Perms.CREATE | Perms.ADMIN, acl1.getPerms());
  assertEquals("sasl", acl1.getId().getScheme());
  assertEquals("hdfs/[email protected]", acl1.getId().getId());
}
 
源代码5 项目: javabase   文件: ZookeeperUtil.java
public List<ACL> getAdminAcls() {
    List<ACL> listAcls = new ArrayList<ACL>(3);
    try {
        Id id = new Id(PropertiesDynLoading.authScheme,
                DigestAuthenticationProvider.generateDigest(PropertiesDynLoading.accessKey));
        ACL acl = new ACL(Perms.ALL, id);
        listAcls.add(acl);

    } catch (NoSuchAlgorithmException e) {

        e.printStackTrace();
        return Ids.OPEN_ACL_UNSAFE;
    }
    return listAcls;
}
 
源代码6 项目: big-c   文件: TestZKUtil.java
@Test
public void testRemoveSpecificPerms() {
  int perms = Perms.ALL;
  int remove = Perms.CREATE;
  int newPerms = ZKUtil.removeSpecificPerms(perms, remove);
  assertEquals("Removal failed", 0, newPerms & Perms.CREATE);
}
 
源代码7 项目: big-c   文件: TestZKUtil.java
@Test
public void testGoodACLs() {
  List<ACL> result = ZKUtil.parseACLs(
      "sasl:hdfs/[email protected]:cdrwa, sasl:hdfs/[email protected]:ca");
  ACL acl0 = result.get(0);
  assertEquals(Perms.CREATE | Perms.DELETE | Perms.READ |
      Perms.WRITE | Perms.ADMIN, acl0.getPerms());
  assertEquals("sasl", acl0.getId().getScheme());
  assertEquals("hdfs/[email protected]", acl0.getId().getId());
  
  ACL acl1 = result.get(1);
  assertEquals(Perms.CREATE | Perms.ADMIN, acl1.getPerms());
  assertEquals("sasl", acl1.getId().getScheme());
  assertEquals("hdfs/[email protected]", acl1.getId().getId());
}
 
源代码8 项目: hbase   文件: IntegrationTestZKAndFSPermissions.java
private void assertZnodePerms(RecoverableZooKeeper zk, String znode,
    boolean expectedWorldReadable) throws KeeperException, InterruptedException {
  Stat stat = new Stat();
  List<ACL> acls;
  try {
    acls = zk.getZooKeeper().getACL(znode, stat);
  } catch (NoNodeException ex) {
    LOG.debug("Caught exception for missing znode", ex);
    // the znode is deleted. Probably it was a temporary znode (like RIT).
    return;
  }
  String[] superUsers = superUser == null ? null : superUser.split(",");

  LOG.info("Checking ACLs for znode znode:" + znode + " acls:" + acls);

  for (ACL acl : acls) {
    int perms = acl.getPerms();
    Id id = acl.getId();
    // We should only set at most 3 possible ACL for 3 Ids. One for everyone, one for superuser
    // and one for the hbase user
    if (Ids.ANYONE_ID_UNSAFE.equals(id)) {
      // everyone should be set only if we are expecting this znode to be world readable
      assertTrue(expectedWorldReadable);
      // assert that anyone can only read
      assertEquals(perms, Perms.READ);
    } else if (superUsers != null && ZKWatcher.isSuperUserId(superUsers, id)) {
      // assert that super user has all the permissions
      assertEquals(perms, Perms.ALL);
    } else if (new Id("sasl", masterPrincipal).equals(id)) {
      // hbase.master.kerberos.principal?
      assertEquals(perms, Perms.ALL);
    } else {
      fail("An ACL is found which is not expected for the znode:" + znode + " , ACL:" + acl);
    }
  }
}
 
源代码9 项目: hbase   文件: TestZKUtilNoServer.java
@Test
public void testSecuritySingleSuperuser() throws IOException {
  Configuration conf = HBaseConfiguration.create();
  conf.set(Superusers.SUPERUSER_CONF_KEY, "user1");
  String node = "/hbase/testSecuritySingleSuperuser";
  ZKWatcher watcher = new ZKWatcher(conf, node, null, false);
  List<ACL> aclList = ZKUtil.createACL(watcher, node, true);
  assertEquals(2, aclList.size()); // 1+1, since ACL will be set for the creator by default
  assertTrue(aclList.contains(new ACL(Perms.ALL, new Id("sasl", "user1"))));
  assertTrue(aclList.contains(Ids.CREATOR_ALL_ACL.iterator().next()));
}
 
源代码10 项目: hbase   文件: TestZKUtilNoServer.java
@Test
public void testCreateACL() throws IOException {
  Configuration conf = HBaseConfiguration.create();
  conf.set(Superusers.SUPERUSER_CONF_KEY, "user1,@group1,user2,@group2,user3");
  String node = "/hbase/testCreateACL";
  ZKWatcher watcher = new ZKWatcher(conf, node, null, false);
  List<ACL> aclList = ZKUtil.createACL(watcher, node, true);
  assertEquals(4, aclList.size()); // 3+1, since ACL will be set for the creator by default
  assertFalse(aclList.contains(new ACL(Perms.ALL, new Id("sasl", "@group1"))));
  assertFalse(aclList.contains(new ACL(Perms.ALL, new Id("sasl", "@group2"))));
  assertTrue(aclList.contains(new ACL(Perms.ALL, new Id("sasl", "user1"))));
  assertTrue(aclList.contains(new ACL(Perms.ALL, new Id("sasl", "user2"))));
  assertTrue(aclList.contains(new ACL(Perms.ALL, new Id("sasl", "user3"))));
}
 
源代码11 项目: hbase   文件: TestZKUtilNoServer.java
@Test
public void testCreateACLWithSameUser() throws IOException {
  Configuration conf = HBaseConfiguration.create();
  conf.set(Superusers.SUPERUSER_CONF_KEY, "user4,@group1,user5,user6");
  UserGroupInformation.setLoginUser(UserGroupInformation.createRemoteUser("user4"));
  String node = "/hbase/testCreateACL";
  ZKWatcher watcher = new ZKWatcher(conf, node, null, false);
  List<ACL> aclList = ZKUtil.createACL(watcher, node, true);
  assertEquals(3, aclList.size()); // 3, since service user the same as one of superuser
  assertFalse(aclList.contains(new ACL(Perms.ALL, new Id("sasl", "@group1"))));
  assertTrue(aclList.contains(new ACL(Perms.ALL, new Id("auth", ""))));
  assertTrue(aclList.contains(new ACL(Perms.ALL, new Id("sasl", "user5"))));
  assertTrue(aclList.contains(new ACL(Perms.ALL, new Id("sasl", "user6"))));
}
 
源代码12 项目: hadoop   文件: ZKDelegationTokenSecretManager.java
private SASLOwnerACLProvider(String principal) {
  this.saslACL = Collections.singletonList(
      new ACL(Perms.ALL, new Id("sasl", principal)));
}
 
源代码13 项目: hadoop   文件: ZKSignerSecretProvider.java
private SASLOwnerACLProvider(String principal) {
  this.saslACL = Collections.singletonList(
          new ACL(Perms.ALL, new Id("sasl", principal)));
}
 
源代码14 项目: big-c   文件: ZKDelegationTokenSecretManager.java
private SASLOwnerACLProvider(String principal) {
  this.saslACL = Collections.singletonList(
      new ACL(Perms.ALL, new Id("sasl", principal)));
}
 
源代码15 项目: big-c   文件: ZKSignerSecretProvider.java
private SASLOwnerACLProvider(String principal) {
  this.saslACL = Collections.singletonList(
          new ACL(Perms.ALL, new Id("sasl", principal)));
}
 
源代码16 项目: hbase   文件: ZKWatcher.java
/**
 * Checks whether the ACLs returned from the base znode (/hbase) is set for secure setup.
 * @param acls acls from zookeeper
 * @return whether ACLs are set for the base znode
 * @throws IOException if getting the current user fails
 */
private boolean isBaseZnodeAclSetup(List<ACL> acls) throws IOException {
  if (LOG.isDebugEnabled()) {
    LOG.debug("Checking znode ACLs");
  }
  String[] superUsers = conf.getStrings(Superusers.SUPERUSER_CONF_KEY);
  // Check whether ACL set for all superusers
  if (superUsers != null && !checkACLForSuperUsers(superUsers, acls)) {
    return false;
  }

  // this assumes that current authenticated user is the same as zookeeper client user
  // configured via JAAS
  String hbaseUser = UserGroupInformation.getCurrentUser().getShortUserName();

  if (acls.isEmpty()) {
    if (LOG.isDebugEnabled()) {
      LOG.debug("ACL is empty");
    }
    return false;
  }

  for (ACL acl : acls) {
    int perms = acl.getPerms();
    Id id = acl.getId();
    // We should only set at most 3 possible ACLs for 3 Ids. One for everyone, one for superuser
    // and one for the hbase user
    if (Ids.ANYONE_ID_UNSAFE.equals(id)) {
      if (perms != Perms.READ) {
        if (LOG.isDebugEnabled()) {
          LOG.debug(String.format("permissions for '%s' are not correct: have 0x%x, want 0x%x",
            id, perms, Perms.READ));
        }
        return false;
      }
    } else if (superUsers != null && isSuperUserId(superUsers, id)) {
      if (perms != Perms.ALL) {
        if (LOG.isDebugEnabled()) {
          LOG.debug(String.format("permissions for '%s' are not correct: have 0x%x, want 0x%x",
            id, perms, Perms.ALL));
        }
        return false;
      }
    } else if ("sasl".equals(id.getScheme())) {
      String name = id.getId();
      // If ZooKeeper recorded the Kerberos full name in the ACL, use only the shortname
      Matcher match = NAME_PATTERN.matcher(name);
      if (match.matches()) {
        name = match.group(1);
      }
      if (name.equals(hbaseUser)) {
        if (perms != Perms.ALL) {
          if (LOG.isDebugEnabled()) {
            LOG.debug(String.format("permissions for '%s' are not correct: have 0x%x, want 0x%x",
              id, perms, Perms.ALL));
          }
          return false;
        }
      } else {
        if (LOG.isDebugEnabled()) {
          LOG.debug("Unexpected shortname in SASL ACL: {}", id);
        }
        return false;
      }
    } else {
      if (LOG.isDebugEnabled()) {
        LOG.debug("unexpected ACL id '{}'", id);
      }
      return false;
    }
  }
  return true;
}
 
源代码17 项目: hbase   文件: ZKUtil.java
public static ArrayList<ACL> createACL(ZKWatcher zkw, String node,
                                       boolean isSecureZooKeeper) {
  if (!node.startsWith(zkw.getZNodePaths().baseZNode)) {
    return Ids.OPEN_ACL_UNSAFE;
  }
  if (isSecureZooKeeper) {
    ArrayList<ACL> acls = new ArrayList<>();
    // add permission to hbase supper user
    String[] superUsers = zkw.getConfiguration().getStrings(Superusers.SUPERUSER_CONF_KEY);
    String hbaseUser = null;
    try {
      hbaseUser = UserGroupInformation.getCurrentUser().getShortUserName();
    } catch (IOException e) {
      LOG.debug("Could not acquire current User.", e);
    }
    if (superUsers != null) {
      List<String> groups = new ArrayList<>();
      for (String user : superUsers) {
        if (AuthUtil.isGroupPrincipal(user)) {
          // TODO: Set node ACL for groups when ZK supports this feature
          groups.add(user);
        } else {
          if(!user.equals(hbaseUser)) {
            acls.add(new ACL(Perms.ALL, new Id("sasl", user)));
          }
        }
      }
      if (!groups.isEmpty()) {
        LOG.warn("Znode ACL setting for group {} is skipped, ZooKeeper doesn't support this " +
          "feature presently.", groups);
      }
    }
    // Certain znodes are accessed directly by the client,
    // so they must be readable by non-authenticated clients
    if (zkw.getZNodePaths().isClientReadable(node)) {
      acls.addAll(Ids.CREATOR_ALL_ACL);
      acls.addAll(Ids.READ_ACL_UNSAFE);
    } else {
      acls.addAll(Ids.CREATOR_ALL_ACL);
    }
    return acls;
  } else {
    return Ids.OPEN_ACL_UNSAFE;
  }
}
 
 类所在包
 类方法
 同包方法