You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@zookeeper.apache.org by ca...@apache.org on 2013/09/29 22:24:03 UTC
svn commit: r1527398 - in /zookeeper/trunk/src/java:
main/org/apache/zookeeper/server/auth/SASLAuthenticationProvider.java
test/org/apache/zookeeper/test/SaslAuthDesignatedClientTest.java
Author: camille
Date: Sun Sep 29 20:24:03 2013
New Revision: 1527398
URL: http://svn.apache.org/r1527398
Log:
ZOOKEEPER-1759. Adding ability to allow READ operations for authenticated users,
versus keeping ACLs wide open for READ. (Yuliya Feldman via camille)
Modified:
zookeeper/trunk/src/java/main/org/apache/zookeeper/server/auth/SASLAuthenticationProvider.java
zookeeper/trunk/src/java/test/org/apache/zookeeper/test/SaslAuthDesignatedClientTest.java
Modified: zookeeper/trunk/src/java/main/org/apache/zookeeper/server/auth/SASLAuthenticationProvider.java
URL: http://svn.apache.org/viewvc/zookeeper/trunk/src/java/main/org/apache/zookeeper/server/auth/SASLAuthenticationProvider.java?rev=1527398&r1=1527397&r2=1527398&view=diff
==============================================================================
--- zookeeper/trunk/src/java/main/org/apache/zookeeper/server/auth/SASLAuthenticationProvider.java (original)
+++ zookeeper/trunk/src/java/main/org/apache/zookeeper/server/auth/SASLAuthenticationProvider.java Sun Sep 29 20:24:03 2013
@@ -46,7 +46,7 @@ public class SASLAuthenticationProvider
if ((id.equals("super") || id.equals(aclExpr))) {
return true;
}
- String readAccessUser = System.getProperty("zookeeper.readUser");
+ String readAccessUser = System.getProperty("zookeeper.letAnySaslUserDoX");
if ( readAccessUser != null && aclExpr.equals(readAccessUser)) {
return true;
}
Modified: zookeeper/trunk/src/java/test/org/apache/zookeeper/test/SaslAuthDesignatedClientTest.java
URL: http://svn.apache.org/viewvc/zookeeper/trunk/src/java/test/org/apache/zookeeper/test/SaslAuthDesignatedClientTest.java?rev=1527398&r1=1527397&r2=1527398&view=diff
==============================================================================
--- zookeeper/trunk/src/java/test/org/apache/zookeeper/test/SaslAuthDesignatedClientTest.java (original)
+++ zookeeper/trunk/src/java/test/org/apache/zookeeper/test/SaslAuthDesignatedClientTest.java Sun Sep 29 20:24:03 2013
@@ -107,7 +107,7 @@ public class SaslAuthDesignatedClientTes
@Test
public void testReadAccessUser() throws Exception {
- System.setProperty("zookeeper.readUser","anyone");
+ System.setProperty("zookeeper.letAnySaslUserDoX","anyone");
ZooKeeper zk = createClient();
List<ACL> aclList = new ArrayList<ACL>();
ACL acl = new ACL(Perms.ADMIN | Perms.CREATE | Perms.WRITE | Perms.DELETE, new Id("sasl", "fakeuser"));
@@ -146,13 +146,18 @@ public class SaslAuthDesignatedClientTes
// disable Client Sasl
System.setProperty(ZooKeeperSaslClient.ENABLE_CLIENT_SASL_KEY, "false");
- zk = createClient();
try {
- zk.getData("/abc", null, null);
- Assert.fail("Should not be able to read data when not authenticated");
- } catch (KeeperException.NoAuthException e) {
- // success
+ zk = createClient();
+ try {
+ zk.getData("/abc", null, null);
+ Assert.fail("Should not be able to read data when not authenticated");
+ } catch (KeeperException.NoAuthException e) {
+ // success
+ }
+ zk.close();
+ } finally {
+ // enable Client Sasl
+ System.setProperty(ZooKeeperSaslClient.ENABLE_CLIENT_SASL_KEY, "true");
}
- zk.close();
}
}