org.apache.zookeeper.data.ACL类的使用及代码示例
本文整理了Java中org.apache.zookeeper.data.ACL类的一些代码示例,展示了ACL类的具体用法。这些代码示例主要来源于Github/Stackoverflow/Maven等平台,是从一些精选项目中提取出来的代码,具有较强的参考意义,能在一定程度帮忙到你。ACL类的具体详情如下:
包路径:org.apache.zookeeper.data.ACL
类名称:ACL
ACL介绍
暂无
代码示例
代码示例来源:origin: apache/zookeeper
/**
* parse string into list of ACL
* @param aclString
* @return
*/
public static List<ACL> parse(String aclString) {
List<ACL> acl;
String acls[] = aclString.split(",");
acl = new ArrayList<ACL>();
for (String a : acls) {
int firstColon = a.indexOf(':');
int lastColon = a.lastIndexOf(':');
if (firstColon == -1 || lastColon == -1 || firstColon == lastColon) {
System.err.println(a + " does not have the form scheme:id:perm");
continue;
}
ACL newAcl = new ACL();
newAcl.setId(new Id(a.substring(0, firstColon), a.substring(
firstColon + 1, lastColon)));
newAcl.setPerms(getPermFromString(a.substring(lastColon + 1)));
acl.add(newAcl);
}
return acl;
}代码示例来源:origin: apache/zookeeper
if (authId.getScheme().equals("super")) {
return;
Id id = a.getId();
if ((a.getPerms() & perm) != 0) {
if (id.getScheme().equals("world")
&& id.getId().equals("anyone")) {
return;代码示例来源:origin: apache/hbase
private boolean checkACLForSuperUsers(String[] superUsers, List<ACL> acls) {
for (String user : superUsers) {
boolean hasAccess = false;
// TODO: Validate super group members also when ZK supports setting node ACL for groups.
if (!AuthUtil.isGroupPrincipal(user)) {
for (ACL acl : acls) {
if (user.equals(acl.getId().getId())) {
if (acl.getPerms() == Perms.ALL) {
hasAccess = true;
} else {
if (LOG.isDebugEnabled()) {
LOG.debug(String.format(
"superuser '%s' does not have correct permissions: have 0x%x, want 0x%x",
acl.getId().getId(), acl.getPerms(), Perms.ALL));
}
}
break;
}
}
if (!hasAccess) {
return false;
}
}
}
return true;
}代码示例来源:origin: apache/hive
private void checkAndSetAcls() throws Exception {
if (!UserGroupInformation.isSecurityEnabled()) return;
// We are trying to check ACLs on the "workers" directory, which noone except us should be
// able to write to. Higher-level directories shouldn't matter - we don't read them.
String pathToCheck = workersPath;
List<ACL> acls = zooKeeperClient.getACL().forPath(pathToCheck);
if (acls == null || acls.isEmpty()) {
// Can there be no ACLs? There's some access (to get ACLs), so assume it means free for all.
LOG.warn("No ACLs on " + pathToCheck + "; setting up ACLs. " + disableMessage);
setUpAcls(pathToCheck);
return;
}
// This could be brittle.
assert userNameFromPrincipal != null;
Id currentUser = new Id("sasl", userNameFromPrincipal);
for (ACL acl : acls) {
if ((acl.getPerms() & ~ZooDefs.Perms.READ) == 0 || currentUser.equals(acl.getId())) {
continue; // Read permission/no permissions, or the expected user.
}
LOG.warn("The ACL " + acl + " is unnacceptable for " + pathToCheck
+ "; setting up ACLs. " + disableMessage);
setUpAcls(pathToCheck);
return;
}
}代码示例来源:origin: com.github.jiayuhan-it/hadoop-common
RetryPolicy retryPolicy = new ExponentialBackoffRetry(1000, 3);
String userPass = "myuser:mypass";
final ACL digestACL = new ACL(ZooDefs.Perms.ALL, new Id("digest",
DigestAuthenticationProvider.generateDigest(userPass)));
ACLProvider digestAclProvider = new ACLProvider() {
.authorization("digest", userPass.getBytes("UTF-8"))
.build();
curatorFramework.start();
ZKDelegationTokenSecretManager.setCurator(curatorFramework);
tm1 = new DelegationTokenManager(conf, new Text("bla"));
curatorFramework.close();代码示例来源:origin: apache/oozie
private void createClient() throws Exception {
// Connect to the ZooKeeper server
RetryPolicy retryPolicy = ZKUtils.getRetryPolicy();
String zkConnectionString = ConfigurationService.get(ZK_CONNECTION_STRING);
String zkNamespace = getZKNameSpace();
int zkConnectionTimeout = ConfigurationService.getInt(ZK_CONNECTION_TIMEOUT);
int zkSessionTimeout = ConfigurationService.getInt(ZK_SESSION_TIMEOUT, 300);
ACLProvider aclProvider;
if (Services.get().getConf().getBoolean(ZK_SECURE, false)) {
log.info("Connecting to ZooKeeper with SASL/Kerberos and using 'sasl' ACLs");
setJaasConfiguration();
System.setProperty(ZooKeeperSaslClient.LOGIN_CONTEXT_NAME_KEY, "Client");
System.setProperty("zookeeper.authProvider.1", "org.apache.zookeeper.server.auth.SASLAuthenticationProvider");
saslACL = Collections.singletonList(new ACL(Perms.ALL, new Id("sasl", getServicePrincipal())));
aclProvider = new SASLOwnerACLProvider();
} else {
log.info("Connecting to ZooKeeper without authentication");
aclProvider = new DefaultACLProvider(); // open to everyone
}
client = CuratorFrameworkFactory.builder()
.namespace(zkNamespace)
.connectString(zkConnectionString)
.retryPolicy(retryPolicy)
.aclProvider(aclProvider)
.connectionTimeoutMs(zkConnectionTimeout * 1000) // in ms
.sessionTimeoutMs(zkSessionTimeout * 1000) //in ms
.build();
client.start();
client.getConnectionStateListenable().addListener(new ZKConnectionListener());
}代码示例来源:origin: apache/atlas
ACL worldReadPermissionACL = new ACL(ZooDefs.Perms.READ, new Id("world", "anyone"));
acls.add(worldReadPermissionACL);
Stat serverInfo = client.checkExists().forPath(getZnodePath(zookeeperProperties));
if (serverInfo == null) {
client.create().
withMode(CreateMode.EPHEMERAL).
withACL(acls).
forPath(getZnodePath(zookeeperProperties));
client.setData().forPath(getZnodePath(zookeeperProperties),
atlasServerAddress.getBytes(Charset.forName("UTF-8")));
} catch (Exception e) {代码示例来源:origin: org.apache.hadoop/hadoop-common
private SASLOwnerACLProvider(String principal) {
this.saslACL = Collections.singletonList(
new ACL(Perms.ALL, new Id("sasl", principal)));
}代码示例来源:origin: apache/incubator-sentry
private void checkAndSetACLs() throws Exception {
if (zkSecure && !aclChecked) {
// If znodes were previously created without security enabled, and now it is, we need to go through all existing znodes
// and set the ACLs for them. This is done just once at the startup
// We can't get the namespace znode through curator; have to go through zk client
startCuratorFramework();
String namespace = "/" + curatorFramework.getNamespace();
if (curatorFramework.getZookeeperClient().getZooKeeper().exists(namespace, null) != null) {
List<ACL> acls = curatorFramework.getZookeeperClient().getZooKeeper().getACL(namespace, new Stat());
if (acls.isEmpty() || !acls.get(0).getId().getScheme().equals("sasl")) {
LOGGER.info("'sasl' ACLs not set; setting...");
List<String> children = curatorFramework.getZookeeperClient().getZooKeeper().getChildren(namespace, null);
for (String child : children) {
checkAndSetACLs("/" + child);
}
curatorFramework.getZookeeperClient().getZooKeeper().setACL(namespace, saslACL, -1);
}
}
aclChecked = true;
}
}代码示例来源:origin: BriData/DBus
/**
* createNodeWithACL
* Create a node under ACL mode
* @param path
* @param payload
* @throws Exception
*/
public void createNodeWithACL(String path, byte[] payload) throws Exception {
ACL acl = new ACL(ZooDefs.Perms.ALL, ZooDefs.Ids.AUTH_IDS);
List<ACL> aclList = Lists.newArrayList(acl);
try {
client.create().withACL(aclList).forPath(path, payload);
} catch (Exception e) {
logger.error("Create security file failed.");
e.printStackTrace();
}
}代码示例来源:origin: spotify/helios
@Override
public List<ACL> getAclForPath(final String path) {
// id -> permissions
final Map<Id, Integer> matching = Maps.newHashMap();
for (final Rule rule : rules) {
if (rule.matches(path)) {
final int existingPerms = matching.containsKey(rule.id) ? matching.get(rule.id) : 0;
matching.put(rule.id, rule.perms | existingPerms);
}
}
if (matching.isEmpty()) {
return null;
}
final List<ACL> acls = Lists.newArrayList();
for (final Map.Entry<Id, Integer> e : matching.entrySet()) {
acls.add(new ACL(e.getValue(), e.getKey()));
}
return acls;
}代码示例来源:origin: apache/zookeeper
for (int j = 100; j < 200; j++) {
path = "/" + j;
ACL acl = new ACL();
acl.setPerms(0);
Id id = new Id();
id.setId("1.1.1."+j);
id.setScheme("ip");
acl.setId(id);
List<ACL> list = new ArrayList<ACL>();
list.add(acl);
for (int j = 200; j < 205; j++) {
path = "/" + j;
ACL acl = new ACL();
acl.setPerms(0);
Id id = new Id();
id.setId("1.1.1."+j);
id.setScheme("ip");
acl.setId(id);
ArrayList<ACL> list = new ArrayList<ACL>();
list.add(acl);代码示例来源:origin: com.cloudera.llama/llama
private List<ACL> createAclsForExclusiveReadAccess() throws LlamaException {
List<ACL> acls = new ArrayList<ACL>();
for (ACL acl : conf.getZkAcls()) {
acls.add(new ACL(
ZKUtil.removeSpecificPerms(acl.getPerms(), ZooDefs.Perms.READ),
acl.getId()));
}
Id llamaId;
try {
llamaId =
new Id(authScheme, DigestAuthenticationProvider.generateDigest(
fencingUsername + ":" + fencingPassword));
} catch (NoSuchAlgorithmException e) {
throw new LlamaException(ErrorCode.INTERNAL_ERROR,
"Unable to create username:password digest for ZK");
}
acls.add(new ACL(ZooDefs.Perms.READ, llamaId));
return acls;
}代码示例来源:origin: org.apache.hadoop/hadoop-yarn-registry
/**
* Parse the IDs, adding a realm if needed, setting the permissions
* @param principalList id string
* @param realm realm to add
* @param perms permissions
* @return the relevant ACLs
* @throws IOException
*/
public List<ACL> buildACLs(String principalList, String realm, int perms)
throws IOException {
List<String> aclPairs = splitAclPairs(principalList, realm);
List<ACL> ids = new ArrayList<ACL>(aclPairs.size());
for (String aclPair : aclPairs) {
ACL newAcl = new ACL();
newAcl.setId(parse(aclPair, realm));
newAcl.setPerms(perms);
ids.add(newAcl);
}
return ids;
}代码示例来源:origin: apache/knox
@Override
public void setACL(String path, List<EntryACL> entryACLs) {
// Translate the abstract ACLs into ZooKeeper ACLs
List<ACL> delegateACLs = new ArrayList<>();
for (EntryACL entryACL : entryACLs) {
String scheme = entryACL.getType();
String id = entryACL.getId();
int permissions = 0;
if (entryACL.canWrite()) {
permissions = ZooDefs.Perms.ALL;
} else if (entryACL.canRead()){
permissions = ZooDefs.Perms.READ;
}
delegateACLs.add(new ACL(permissions, new Id(scheme, id)));
}
try {
// Set the ACLs for the path
delegate.setACL().withACL(delegateACLs).forPath(path);
} catch (Exception e) {
log.errorSettingEntryACL(path, e);
}
}代码示例来源:origin: apache/zookeeper
@Override
public boolean exec() throws CliException {
String path = args[1];
Stat stat = new Stat();
List<ACL> acl;
try {
acl = zk.getACL(path, stat);
} catch (IllegalArgumentException ex) {
throw new MalformedPathException(ex.getMessage());
} catch (KeeperException|InterruptedException ex) {
throw new CliWrapperException(ex);
}
for (ACL a : acl) {
out.println(a.getId() + ": "
+ getPermString(a.getPerms()));
}
if (cl.hasOption("s")) {
new StatPrinter(out).print(stat);
}
return false;
}代码示例来源:origin: org.apache.hadoop/hadoop-yarn-registry
@Test
public void testBuildAclsRealmed() throws Throwable {
List<ACL> acls = registrySecurity.buildACLs(
SASL_YARN_EXAMPLE_COM +
", " +
SASL_MAPRED_EXAMPLE_COM,
"",
ZooDefs.Perms.ALL);
assertEquals(YARN_EXAMPLE_COM, acls.get(0).getId().getId());
assertEquals(MAPRED_EXAMPLE_COM, acls.get(1).getId().getId());
}代码示例来源:origin: apache/zookeeper
public synchronized void deserialize(InputArchive ia) throws IOException {
clear();
int i = ia.readInt("map");
while (i > 0) {
Long val = ia.readLong("long");
if (aclIndex < val) {
aclIndex = val;
}
List<ACL> aclList = new ArrayList<ACL>();
Index j = ia.startVector("acls");
if (j == null) {
throw new RuntimeException("Incorrent format of InputArchive when deserialize DataTree - missing acls");
}
while (!j.done()) {
ACL acl = new ACL();
acl.deserialize(ia, "acl");
aclList.add(acl);
j.incr();
}
longKeyMap.put(val, aclList);
aclKeyMap.put(aclList, val);
referenceCounter.put(val, new AtomicLongWithEquals(0));
i--;
}
}代码示例来源:origin: apache/hive
private static void checkAcls(CuratorFramework zkClient, Id user, String path) {
List<ACL> acls = null;
try {
acls = zkClient.getACL().forPath(path);
} catch (Exception ex) {
throw new RuntimeException("Error during the ACL check. " + DISABLE_MESSAGE, ex);
}
if (acls == null || acls.isEmpty()) {
// There's some access (to get ACLs), so assume it means free for all.
throw new SecurityException("No ACLs on " + path + ". " + DISABLE_MESSAGE);
}
for (ACL acl : acls) {
if (!user.equals(acl.getId())) {
throw new SecurityException("The ACL " + acl + " is unnacceptable for " + path
+ "; only " + user + " is allowed. " + DISABLE_MESSAGE);
}
}
}代码示例来源:origin: apache/zookeeper
public String toString(List<ACL> acls) {
if (acls == null) {
return "";
}
StringBuilder result = new StringBuilder();
for(ACL acl : acls) {
result.append(acl.getPerms()).append("::");
}
return result.toString();
}内容来源于网络,如有侵权,请联系作者删除!
