org.apache.zookeeper.data.ACL类的使用及代码示例

x33g5p2x  于11个月前 转载在 其他  
字(11.9k)|赞(0)|评价(0)|浏览(62)

本文整理了Java中org.apache.zookeeper.data.ACL类的一些代码示例,展示了ACL类的具体用法。这些代码示例主要来源于Github/Stackoverflow/Maven等平台,是从一些精选项目中提取出来的代码,具有较强的参考意义,能在一定程度帮忙到你。ACL类的具体详情如下:
包路径:org.apache.zookeeper.data.ACL
类名称:ACL

ACL介绍

暂无

代码示例

代码示例来源:origin: apache/zookeeper

/**
 * parse string into list of ACL
 * @param aclString
 * @return 
 */
public static List<ACL> parse(String aclString) {
  List<ACL> acl;
  String acls[] = aclString.split(",");
  acl = new ArrayList<ACL>();
  for (String a : acls) {
    int firstColon = a.indexOf(':');
    int lastColon = a.lastIndexOf(':');
    if (firstColon == -1 || lastColon == -1 || firstColon == lastColon) {
      System.err.println(a + " does not have the form scheme:id:perm");
      continue;
    }
    ACL newAcl = new ACL();
    newAcl.setId(new Id(a.substring(0, firstColon), a.substring(
        firstColon + 1, lastColon)));
    newAcl.setPerms(getPermFromString(a.substring(lastColon + 1)));
    acl.add(newAcl);
  }
  return acl;
}

代码示例来源:origin: apache/zookeeper

if (authId.getScheme().equals("super")) {
  return;
Id id = a.getId();
if ((a.getPerms() & perm) != 0) {
  if (id.getScheme().equals("world")
      && id.getId().equals("anyone")) {
    return;

代码示例来源:origin: apache/hbase

private boolean checkACLForSuperUsers(String[] superUsers, List<ACL> acls) {
 for (String user : superUsers) {
  boolean hasAccess = false;
  // TODO: Validate super group members also when ZK supports setting node ACL for groups.
  if (!AuthUtil.isGroupPrincipal(user)) {
   for (ACL acl : acls) {
    if (user.equals(acl.getId().getId())) {
     if (acl.getPerms() == Perms.ALL) {
      hasAccess = true;
     } else {
      if (LOG.isDebugEnabled()) {
       LOG.debug(String.format(
        "superuser '%s' does not have correct permissions: have 0x%x, want 0x%x",
        acl.getId().getId(), acl.getPerms(), Perms.ALL));
      }
     }
     break;
    }
   }
   if (!hasAccess) {
    return false;
   }
  }
 }
 return true;
}

代码示例来源:origin: apache/hive

private void checkAndSetAcls() throws Exception {
 if (!UserGroupInformation.isSecurityEnabled()) return;
 // We are trying to check ACLs on the "workers" directory, which noone except us should be
 // able to write to. Higher-level directories shouldn't matter - we don't read them.
 String pathToCheck = workersPath;
 List<ACL> acls = zooKeeperClient.getACL().forPath(pathToCheck);
 if (acls == null || acls.isEmpty()) {
  // Can there be no ACLs? There's some access (to get ACLs), so assume it means free for all.
  LOG.warn("No ACLs on "  + pathToCheck + "; setting up ACLs. " + disableMessage);
  setUpAcls(pathToCheck);
  return;
 }
 // This could be brittle.
 assert userNameFromPrincipal != null;
 Id currentUser = new Id("sasl", userNameFromPrincipal);
 for (ACL acl : acls) {
  if ((acl.getPerms() & ~ZooDefs.Perms.READ) == 0 || currentUser.equals(acl.getId())) {
   continue; // Read permission/no permissions, or the expected user.
  }
  LOG.warn("The ACL " + acl + " is unnacceptable for " + pathToCheck
   + "; setting up ACLs. " + disableMessage);
  setUpAcls(pathToCheck);
  return;
 }
}

代码示例来源:origin: com.github.jiayuhan-it/hadoop-common

RetryPolicy retryPolicy = new ExponentialBackoffRetry(1000, 3);
String userPass = "myuser:mypass";
final ACL digestACL = new ACL(ZooDefs.Perms.ALL, new Id("digest",
 DigestAuthenticationProvider.generateDigest(userPass)));
ACLProvider digestAclProvider = new ACLProvider() {
  .authorization("digest", userPass.getBytes("UTF-8"))
  .build();
curatorFramework.start();
ZKDelegationTokenSecretManager.setCurator(curatorFramework);
tm1 = new DelegationTokenManager(conf, new Text("bla"));
curatorFramework.close();

代码示例来源:origin: apache/oozie

private void createClient() throws Exception {
  // Connect to the ZooKeeper server
  RetryPolicy retryPolicy = ZKUtils.getRetryPolicy();
  String zkConnectionString = ConfigurationService.get(ZK_CONNECTION_STRING);
  String zkNamespace = getZKNameSpace();
  int zkConnectionTimeout = ConfigurationService.getInt(ZK_CONNECTION_TIMEOUT);
  int zkSessionTimeout = ConfigurationService.getInt(ZK_SESSION_TIMEOUT, 300);
  ACLProvider aclProvider;
  if (Services.get().getConf().getBoolean(ZK_SECURE, false)) {
    log.info("Connecting to ZooKeeper with SASL/Kerberos and using 'sasl' ACLs");
    setJaasConfiguration();
    System.setProperty(ZooKeeperSaslClient.LOGIN_CONTEXT_NAME_KEY, "Client");
    System.setProperty("zookeeper.authProvider.1", "org.apache.zookeeper.server.auth.SASLAuthenticationProvider");
    saslACL = Collections.singletonList(new ACL(Perms.ALL, new Id("sasl", getServicePrincipal())));
    aclProvider = new SASLOwnerACLProvider();
  } else {
    log.info("Connecting to ZooKeeper without authentication");
    aclProvider = new DefaultACLProvider();     // open to everyone
  }
  client = CuratorFrameworkFactory.builder()
                    .namespace(zkNamespace)
                    .connectString(zkConnectionString)
                    .retryPolicy(retryPolicy)
                    .aclProvider(aclProvider)
                    .connectionTimeoutMs(zkConnectionTimeout * 1000) // in ms
                    .sessionTimeoutMs(zkSessionTimeout * 1000) //in ms
                    .build();
  client.start();
  client.getConnectionStateListenable().addListener(new ZKConnectionListener());
}

代码示例来源:origin: apache/atlas

ACL worldReadPermissionACL = new ACL(ZooDefs.Perms.READ, new Id("world", "anyone"));
    acls.add(worldReadPermissionACL);
  Stat serverInfo = client.checkExists().forPath(getZnodePath(zookeeperProperties));
  if (serverInfo == null) {
    client.create().
        withMode(CreateMode.EPHEMERAL).
        withACL(acls).
        forPath(getZnodePath(zookeeperProperties));
  client.setData().forPath(getZnodePath(zookeeperProperties),
      atlasServerAddress.getBytes(Charset.forName("UTF-8")));
} catch (Exception e) {

代码示例来源:origin: org.apache.hadoop/hadoop-common

private SASLOwnerACLProvider(String principal) {
 this.saslACL = Collections.singletonList(
   new ACL(Perms.ALL, new Id("sasl", principal)));
}

代码示例来源:origin: apache/incubator-sentry

private void checkAndSetACLs() throws Exception {
 if (zkSecure && !aclChecked) {
  // If znodes were previously created without security enabled, and now it is, we need to go through all existing znodes
  // and set the ACLs for them. This is done just once at the startup
  // We can't get the namespace znode through curator; have to go through zk client
  startCuratorFramework();
  String namespace = "/" + curatorFramework.getNamespace();
  if (curatorFramework.getZookeeperClient().getZooKeeper().exists(namespace, null) != null) {
   List<ACL> acls = curatorFramework.getZookeeperClient().getZooKeeper().getACL(namespace, new Stat());
   if (acls.isEmpty() || !acls.get(0).getId().getScheme().equals("sasl")) {
    LOGGER.info("'sasl' ACLs not set; setting...");
    List<String> children = curatorFramework.getZookeeperClient().getZooKeeper().getChildren(namespace, null);
    for (String child : children) {
     checkAndSetACLs("/" + child);
    }
    curatorFramework.getZookeeperClient().getZooKeeper().setACL(namespace, saslACL, -1);
   }
  }
  aclChecked = true;
 }
}

代码示例来源:origin: BriData/DBus

/**
 * createNodeWithACL
 * Create a node under ACL mode
 * @param path
 * @param payload
 * @throws Exception
 */
public void createNodeWithACL(String path, byte[] payload) throws Exception {
  ACL acl = new ACL(ZooDefs.Perms.ALL, ZooDefs.Ids.AUTH_IDS);
  List<ACL> aclList = Lists.newArrayList(acl);
  try {
    client.create().withACL(aclList).forPath(path, payload);
  } catch (Exception e) {
    logger.error("Create security file failed.");
    e.printStackTrace();
  }
}

代码示例来源:origin: spotify/helios

@Override
public List<ACL> getAclForPath(final String path) {
 // id -> permissions
 final Map<Id, Integer> matching = Maps.newHashMap();
 for (final Rule rule : rules) {
  if (rule.matches(path)) {
   final int existingPerms = matching.containsKey(rule.id) ? matching.get(rule.id) : 0;
   matching.put(rule.id, rule.perms | existingPerms);
  }
 }
 if (matching.isEmpty()) {
  return null;
 }
 final List<ACL> acls = Lists.newArrayList();
 for (final Map.Entry<Id, Integer> e : matching.entrySet()) {
  acls.add(new ACL(e.getValue(), e.getKey()));
 }
 return acls;
}

代码示例来源:origin: apache/zookeeper

for (int j = 100; j < 200; j++) {
  path = "/" + j;
  ACL acl = new ACL();
  acl.setPerms(0);
  Id id = new Id();
  id.setId("1.1.1."+j);
  id.setScheme("ip");
  acl.setId(id);
  List<ACL> list = new ArrayList<ACL>();
  list.add(acl);
for (int j = 200; j < 205; j++) {
  path = "/" + j;
  ACL acl = new ACL();
  acl.setPerms(0);
  Id id = new Id();
  id.setId("1.1.1."+j);
  id.setScheme("ip");
  acl.setId(id);
  ArrayList<ACL> list = new ArrayList<ACL>();
  list.add(acl);

代码示例来源:origin: com.cloudera.llama/llama

private List<ACL> createAclsForExclusiveReadAccess() throws LlamaException {
 List<ACL> acls = new ArrayList<ACL>();
 for (ACL acl : conf.getZkAcls()) {
  acls.add(new ACL(
    ZKUtil.removeSpecificPerms(acl.getPerms(), ZooDefs.Perms.READ),
    acl.getId()));
 }
 Id llamaId;
 try {
  llamaId =
    new Id(authScheme, DigestAuthenticationProvider.generateDigest(
      fencingUsername + ":" + fencingPassword));
 } catch (NoSuchAlgorithmException e) {
  throw new LlamaException(ErrorCode.INTERNAL_ERROR,
    "Unable to create username:password digest for ZK");
 }
 acls.add(new ACL(ZooDefs.Perms.READ, llamaId));
 return acls;
}

代码示例来源:origin: org.apache.hadoop/hadoop-yarn-registry

/**
 * Parse the IDs, adding a realm if needed, setting the permissions
 * @param principalList id string
 * @param realm realm to add
 * @param perms permissions
 * @return the relevant ACLs
 * @throws IOException
 */
public List<ACL> buildACLs(String principalList, String realm, int perms)
  throws IOException {
 List<String> aclPairs = splitAclPairs(principalList, realm);
 List<ACL> ids = new ArrayList<ACL>(aclPairs.size());
 for (String aclPair : aclPairs) {
  ACL newAcl = new ACL();
  newAcl.setId(parse(aclPair, realm));
  newAcl.setPerms(perms);
  ids.add(newAcl);
 }
 return ids;
}

代码示例来源:origin: apache/knox

@Override
public void setACL(String path, List<EntryACL> entryACLs) {
  // Translate the abstract ACLs into ZooKeeper ACLs
  List<ACL> delegateACLs = new ArrayList<>();
  for (EntryACL entryACL : entryACLs) {
    String scheme = entryACL.getType();
    String id = entryACL.getId();
    int permissions = 0;
    if (entryACL.canWrite()) {
      permissions = ZooDefs.Perms.ALL;
    } else if (entryACL.canRead()){
      permissions = ZooDefs.Perms.READ;
    }
    delegateACLs.add(new ACL(permissions, new Id(scheme, id)));
  }
  try {
    // Set the ACLs for the path
    delegate.setACL().withACL(delegateACLs).forPath(path);
  } catch (Exception e) {
    log.errorSettingEntryACL(path, e);
  }
}

代码示例来源:origin: apache/zookeeper

@Override
public boolean exec() throws CliException {
  String path = args[1];
  Stat stat = new Stat();
  List<ACL> acl;
  try {
    acl = zk.getACL(path, stat);
  } catch (IllegalArgumentException ex) {
    throw new MalformedPathException(ex.getMessage());
  } catch (KeeperException|InterruptedException ex) {
    throw new CliWrapperException(ex);
  }
  for (ACL a : acl) {
    out.println(a.getId() + ": "
          + getPermString(a.getPerms()));
  }
  if (cl.hasOption("s")) {
    new StatPrinter(out).print(stat);
  }
  return false;
}

代码示例来源:origin: org.apache.hadoop/hadoop-yarn-registry

@Test
public void testBuildAclsRealmed() throws Throwable {
 List<ACL> acls = registrySecurity.buildACLs(
   SASL_YARN_EXAMPLE_COM +
   ", " +
   SASL_MAPRED_EXAMPLE_COM,
   "",
   ZooDefs.Perms.ALL);
 assertEquals(YARN_EXAMPLE_COM, acls.get(0).getId().getId());
 assertEquals(MAPRED_EXAMPLE_COM, acls.get(1).getId().getId());
}

代码示例来源:origin: apache/zookeeper

public synchronized void deserialize(InputArchive ia) throws IOException {
  clear();
  int i = ia.readInt("map");
  while (i > 0) {
    Long val = ia.readLong("long");
    if (aclIndex < val) {
      aclIndex = val;
    }
    List<ACL> aclList = new ArrayList<ACL>();
    Index j = ia.startVector("acls");
    if (j == null) {
      throw new RuntimeException("Incorrent format of InputArchive when deserialize DataTree - missing acls");
    }
    while (!j.done()) {
      ACL acl = new ACL();
      acl.deserialize(ia, "acl");
      aclList.add(acl);
      j.incr();
    }
    longKeyMap.put(val, aclList);
    aclKeyMap.put(aclList, val);
    referenceCounter.put(val, new AtomicLongWithEquals(0));
    i--;
  }
}

代码示例来源:origin: apache/hive

private static void checkAcls(CuratorFramework zkClient, Id user, String path) {
 List<ACL> acls = null;
 try {
  acls = zkClient.getACL().forPath(path);
 } catch (Exception ex) {
  throw new RuntimeException("Error during the ACL check. " + DISABLE_MESSAGE, ex);
 }
 if (acls == null || acls.isEmpty()) {
  // There's some access (to get ACLs), so assume it means free for all.
  throw new SecurityException("No ACLs on "  + path + ". " + DISABLE_MESSAGE);
 }
 for (ACL acl : acls) {
  if (!user.equals(acl.getId())) {
   throw new SecurityException("The ACL " + acl + " is unnacceptable for " + path
     + "; only " + user + " is allowed. " + DISABLE_MESSAGE);
  }
 }
}

代码示例来源:origin: apache/zookeeper

public String toString(List<ACL> acls) {
  if (acls == null) {
    return "";
  }
  StringBuilder result = new StringBuilder();
  for(ACL acl : acls) {
    result.append(acl.getPerms()).append("::");
  }
  return result.toString();
}

相关文章