CODEWITHSUNDEEP
javaauthenticationapache-zookeeperdigest-authentication
Jayyrus
Jayyrus

Reputation: 13051

How to create zookeeper auth mechanism?

i'm trying to create an acl for a node:

    ZooKeeper client = new ZooKeeper("host:port/rootNode", 3000, null);
    ACL acl = new ACL(Perms.CREATE,new Id("digest","user:pass"));
    client.create("/testNode",new String("test").getBytes(), Arrays.asList(acl), CreateMode.PERSISTENT);
    client.close();

Then i try to access to that node and create a node under "testNode":

    ZooKeeper client = new ZooKeeper(" host:port/rootNode", 3000, null);
    client.addAuthInfo("digest", new String("user:pass").getBytes());       
    Stat stat;
    try {
        stat = client.exists("/testNode", false);
        if(stat!=null){
            client.create("/testNode/clientTest", new String("clienttest").getBytes(),Ids.OPEN_ACL_UNSAFE, CreateMode.EPHEMERAL);
        }
    } catch (KeeperException e) {
        e.printStackTrace();
    }
    client.close();

but it gives me:

    org.apache.zookeeper.KeeperException$NoAuthException: KeeperErrorCode = NoAuth for /testNode/clientTest

when i'm wrong?

Thanks!

Upvotes: 1

Views: 1543

Answers (1)

du369
du369

Reputation: 821

The document says:

digest uses a username:password string to generate MD5 hash which is then used as an ACL ID identity. Authentication is done by sending the username:password in clear text. When used in the ACL the expression will be the username:base64 encoded SHA1 password digest.

So, when creating the node, the ACL expression can not be just user:pass, it must be encoded. Do this:

String s = Base64.getEncoder().encodeToString(MessageDigest.getInstance("SHA1").digest("user:pass".getBytes()));
ACL acl = new ACL(ZooDefs.Perms.ALL, new Id("digest","user:" + s));

Btw, the document is kind of wrong. Because according to that, you should digest("pass"). But that won't work, you must hash the whole string digest("user:pass")

Upvotes: 1

Related Questions