org.apache.zookeeper.data.Id类的使用及代码示例
本文整理了Java中org.apache.zookeeper.data.Id类的一些代码示例,展示了Id类的具体用法。这些代码示例主要来源于Github/Stackoverflow/Maven等平台,是从一些精选项目中提取出来的代码,具有较强的参考意义,能在一定程度帮忙到你。Id类的具体详情如下:
包路径:org.apache.zookeeper.data.Id
类名称:Id
Id介绍
暂无
代码示例
代码示例来源:origin: org.apache.hadoop/hadoop-common
private SASLOwnerACLProvider(String principal) {
this.saslACL = Collections.singletonList(
new ACL(Perms.ALL, new Id("sasl", principal)));
}代码示例来源:origin: apache/zookeeper
if (authId.getScheme().equals("super")) {
return;
Id id = a.getId();
if ((a.getPerms() & perm) != 0) {
if (id.getScheme().equals("world")
&& id.getId().equals("anyone")) {
return;
.getScheme());
if (ap != null) {
for (Id authId : ids) {
if (authId.getScheme().equals(id.getScheme())
&& ap.matches(new ServerAuthenticationProvider.ServerObjs(zks, cnxn),
new ServerAuthenticationProvider.MatchValues(path, authId.getId(), id.getId(), perm, setAcls))) {
return;代码示例来源:origin: apache/hive
private void checkAndSetAcls() throws Exception {
if (!UserGroupInformation.isSecurityEnabled()) return;
// We are trying to check ACLs on the "workers" directory, which noone except us should be
// able to write to. Higher-level directories shouldn't matter - we don't read them.
String pathToCheck = workersPath;
List<ACL> acls = zooKeeperClient.getACL().forPath(pathToCheck);
if (acls == null || acls.isEmpty()) {
// Can there be no ACLs? There's some access (to get ACLs), so assume it means free for all.
LOG.warn("No ACLs on " + pathToCheck + "; setting up ACLs. " + disableMessage);
setUpAcls(pathToCheck);
return;
}
// This could be brittle.
assert userNameFromPrincipal != null;
Id currentUser = new Id("sasl", userNameFromPrincipal);
for (ACL acl : acls) {
if ((acl.getPerms() & ~ZooDefs.Perms.READ) == 0 || currentUser.equals(acl.getId())) {
continue; // Read permission/no permissions, or the expected user.
}
LOG.warn("The ACL " + acl + " is unnacceptable for " + pathToCheck
+ "; setting up ACLs. " + disableMessage);
setUpAcls(pathToCheck);
return;
}
}代码示例来源:origin: apache/hbase
public static boolean isSuperUserId(String[] superUsers, Id id) {
for (String user : superUsers) {
// TODO: Validate super group members also when ZK supports setting node ACL for groups.
if (!AuthUtil.isGroupPrincipal(user) && new Id("sasl", user).equals(id)) {
return true;
}
}
return false;
}代码示例来源:origin: apache/zookeeper
cnxn.addAuthInfo(new Id("super", clientId));
LOG.info("Authenticated Id '{}' as super user", clientId);
Id authInfo = new Id(getScheme(), clientId);
cnxn.addAuthInfo(authInfo);
authInfo.getId(), authInfo.getScheme());
return KeeperException.Code.OK;代码示例来源:origin: apache/zookeeper
/**
* parse string into list of ACL
* @param aclString
* @return
*/
public static List<ACL> parse(String aclString) {
List<ACL> acl;
String acls[] = aclString.split(",");
acl = new ArrayList<ACL>();
for (String a : acls) {
int firstColon = a.indexOf(':');
int lastColon = a.lastIndexOf(':');
if (firstColon == -1 || lastColon == -1 || firstColon == lastColon) {
System.err.println(a + " does not have the form scheme:id:perm");
continue;
}
ACL newAcl = new ACL();
newAcl.setId(new Id(a.substring(0, firstColon), a.substring(
firstColon + 1, lastColon)));
newAcl.setPerms(getPermFromString(a.substring(lastColon + 1)));
acl.add(newAcl);
}
return acl;
}代码示例来源:origin: apache/zookeeper
public NIOServerCnxn(ZooKeeperServer zk, SocketChannel sock,
SelectionKey sk, NIOServerCnxnFactory factory,
SelectorThread selectorThread) throws IOException {
super(zk);
this.sock = sock;
this.sk = sk;
this.factory = factory;
this.selectorThread = selectorThread;
if (this.factory.login != null) {
this.zooKeeperSaslServer = new ZooKeeperSaslServer(factory.login);
}
sock.socket().setTcpNoDelay(true);
/* set socket linger to false, so that socket close does not block */
sock.socket().setSoLinger(false, -1);
InetAddress addr = ((InetSocketAddress) sock.socket()
.getRemoteSocketAddress()).getAddress();
addAuthInfo(new Id("ip", addr.getHostAddress()));
this.sessionTimeout = factory.sessionlessCnxnTimeout;
}代码示例来源:origin: apache/zookeeper
for (int j = 100; j < 200; j++) {
path = "/" + j;
ACL acl = new ACL();
acl.setPerms(0);
Id id = new Id();
id.setId("1.1.1."+j);
id.setScheme("ip");
acl.setId(id);
List<ACL> list = new ArrayList<ACL>();
list.add(acl);
ACL acl = new ACL();
acl.setPerms(0);
Id id = new Id();
id.setId("1.1.1."+j);
id.setScheme("ip");
acl.setId(id);
ArrayList<ACL> list = new ArrayList<ACL>();代码示例来源:origin: boundary/zoocreeper
if (Ids.ANYONE_ID_UNSAFE.getScheme().equals(scheme) && Ids.ANYONE_ID_UNSAFE.getId().equals(id)) {
zkId = Ids.ANYONE_ID_UNSAFE;
} else {
zkId = new Id(scheme, id);
return new ACL(perms, zkId);代码示例来源:origin: apache/hbase
private boolean checkACLForSuperUsers(String[] superUsers, List<ACL> acls) {
for (String user : superUsers) {
boolean hasAccess = false;
// TODO: Validate super group members also when ZK supports setting node ACL for groups.
if (!AuthUtil.isGroupPrincipal(user)) {
for (ACL acl : acls) {
if (user.equals(acl.getId().getId())) {
if (acl.getPerms() == Perms.ALL) {
hasAccess = true;
} else {
if (LOG.isDebugEnabled()) {
LOG.debug(String.format(
"superuser '%s' does not have correct permissions: have 0x%x, want 0x%x",
acl.getId().getId(), acl.getPerms(), Perms.ALL));
}
}
break;
}
}
if (!hasAccess) {
return false;
}
}
}
return true;
}代码示例来源:origin: strimzi/strimzi-kafka-operator
public AclBuilder(List<ACL> acls) {
for (ACL acl: acls) {
String scheme = acl.getId().getScheme();
switch (scheme) {
case "world":
world = acl;
break;
case "auth":
auth = acl;
break;
case "digest":
String[] username = acl.getId().getId().split(":", 2);
getDigests().put(username[0], acl);
break;
case "host":
getHosts().put(acl.getId().getId(), acl);
break;
case "ip":
getIps().put(acl.getId().getId(), acl);
break;
default:
throw new IllegalArgumentException("Unsupported scheme " + scheme);
}
}
}代码示例来源:origin: apache/sentry
private void checkAndSetACLs() throws Exception {
if (zkSecure && aclUnChecked) {
// If znodes were previously created without security enabled, and now it is, we need to go
// through all existing znodes and set the ACLs for them. This is done just once at the startup
// We can't get the namespace znode through curator; have to go through zk client
String newNamespace = "/" + curatorFramework.getNamespace();
if (curatorFramework.getZookeeperClient().getZooKeeper().exists(newNamespace, null) != null) {
List<ACL> acls = curatorFramework.getZookeeperClient().getZooKeeper().getACL(newNamespace, new Stat());
if (acls.isEmpty() || !acls.get(0).getId().getScheme().equals("sasl")) {
LOGGER.info("'sasl' ACLs not set; setting...");
List<String> children = curatorFramework.getZookeeperClient().getZooKeeper().getChildren(newNamespace,
null);
for (String child : children) {
this.checkAndSetACLs("/" + child);
}
curatorFramework.getZookeeperClient().getZooKeeper().setACL(newNamespace, saslACL, -1);
}
}
aclUnChecked = false;
}
}代码示例来源:origin: org.apache.hadoop/hadoop-yarn-registry
@Test
public void testBuildAclsRealmed() throws Throwable {
List<ACL> acls = registrySecurity.buildACLs(
SASL_YARN_EXAMPLE_COM +
", " +
SASL_MAPRED_EXAMPLE_COM,
"",
ZooDefs.Perms.ALL);
assertEquals(YARN_EXAMPLE_COM, acls.get(0).getId().getId());
assertEquals(MAPRED_EXAMPLE_COM, acls.get(1).getId().getId());
}代码示例来源:origin: org.apache.hadoop/hadoop-yarn-registry
/**
* Convert an ID to a string, stripping out all but the first few characters
* of any digest auth hash for security reasons
* @param id ID
* @return a string description of a Zookeeper ID
*/
public static String idToString(Id id) {
String s;
if (id.getScheme().equals(SCHEME_DIGEST)) {
String ids = id.getId();
int colon = ids.indexOf(':');
if (colon > 0) {
ids = ids.substring(colon + 3);
}
s = SCHEME_DIGEST + ": " + ids;
} else {
s = id.toString();
}
return s;
}代码示例来源:origin: apache/hive
private static void checkAcls(CuratorFramework zkClient, Id user, String path) {
List<ACL> acls = null;
try {
acls = zkClient.getACL().forPath(path);
} catch (Exception ex) {
throw new RuntimeException("Error during the ACL check. " + DISABLE_MESSAGE, ex);
}
if (acls == null || acls.isEmpty()) {
// There's some access (to get ACLs), so assume it means free for all.
throw new SecurityException("No ACLs on " + path + ". " + DISABLE_MESSAGE);
}
for (ACL acl : acls) {
if (!user.equals(acl.getId())) {
throw new SecurityException("The ACL " + acl + " is unnacceptable for " + path
+ "; only " + user + " is allowed. " + DISABLE_MESSAGE);
}
}
}代码示例来源:origin: apache/zookeeper
@Test
public void testSuperAuth() {
X509AuthenticationProvider provider = createProvider(superCert);
MockServerCnxn cnxn = new MockServerCnxn();
cnxn.clientChain = new X509Certificate[] { superCert };
Assert.assertEquals(KeeperException.Code.OK, provider.handleAuthentication(cnxn, null));
Assert.assertEquals("super", cnxn.getAuthInfo().get(0).getScheme());
}代码示例来源:origin: apache/zookeeper
public boolean equals(Object peer_) {
if (!(peer_ instanceof ACL)) {
return false;
}
if (peer_ == this) {
return true;
}
ACL peer = (ACL) peer_;
boolean ret = false;
ret = (perms==peer.perms);
if (!ret) return ret;
ret = id.equals(peer.id);
if (!ret) return ret;
return ret;
}
public int hashCode() {代码示例来源:origin: org.apache.zookeeper/zookeeper
private static List<ACL> parseACLs(String aclString) {
List<ACL> acl;
String acls[] = aclString.split(",");
acl = new ArrayList<ACL>();
for (String a : acls) {
int firstColon = a.indexOf(':');
int lastColon = a.lastIndexOf(':');
if (firstColon == -1 || lastColon == -1 || firstColon == lastColon) {
System.err
.println(a + " does not have the form scheme:id:perm");
continue;
}
ACL newAcl = new ACL();
newAcl.setId(new Id(a.substring(0, firstColon), a.substring(
firstColon + 1, lastColon)));
newAcl.setPerms(getPermFromString(a.substring(lastColon + 1)));
acl.add(newAcl);
}
return acl;
}
}代码示例来源:origin: apache/zookeeper
public KeeperException.Code
handleAuthentication(ServerCnxn cnxn, byte[] authData)
{
String id = new String(authData);
try {
String digest = generateDigest(id);
if (digest.equals(superDigest)) {
cnxn.addAuthInfo(new Id("super", ""));
}
cnxn.addAuthInfo(new Id(getScheme(), digest));
return KeeperException.Code.OK;
} catch (NoSuchAlgorithmException e) {
LOG.error("Missing algorithm",e);
}
return KeeperException.Code.AUTHFAILED;
}代码示例来源:origin: com.aliyun.hbase/alihbase-client
private boolean checkACLForSuperUsers(String[] superUsers, List<ACL> acls) {
for (String user : superUsers) {
boolean hasAccess = false;
// TODO: Validate super group members also when ZK supports setting node ACL for groups.
if (!user.startsWith("@")) {
for (ACL acl : acls) {
if (user.equals(acl.getId().getId())) {
if (acl.getPerms() == Perms.ALL) {
hasAccess = true;
} else {
if (LOG.isDebugEnabled()) {
LOG.debug(String.format(
"superuser '%s' does not have correct permissions: have 0x%x, want 0x%x",
acl.getId().getId(), acl.getPerms(), Perms.ALL));
}
}
break;
}
}
if (!hasAccess) {
return false;
}
}
}
return true;
}内容来源于网络,如有侵权,请联系作者删除!
