Comments (15)
Might you be able to put together a test (or instructions) on how to reproduce this?
from curator.
Are you calling authorization() in the CuratorFrameworkFactory builder?
from curator.
Hi,
I can't use .authorization( because the Zookeeper implementation prevents the setting of the sasl scheme.
See SASLAuthenticationProvider:24 :
public KeeperException.Code
handleAuthentication(ServerCnxn cnxn, byte[] authData)
{
// Should never call this: SASL authentication is negotiated at session initiation.
// TODO: consider substituting current implementation of direct ClientCnxn manipulation with
// a call to this method (SASLAuthenticationProvider:handleAuthentication()) at session initiation.
return KeeperException.Code.AUTHFAILED;
}
Also I've used the Zookeeper Client too and it works.
I'm writing some notes to post how to reproduce it.
from curator.
Hi,
Following the guide on https://cwiki.apache.org/ZOOKEEPER/zookeeper-and-sasl.html
I've setup the Zookeeper Server to use SASL along with java security:
into the server conf/zoo.cfg:
authProvider.1=org.apache.zookeeper.server.auth.SASLAuthenticationProvider
jaasLoginRenew=3600000
Then place somewhere a file jaas.conf with the following content (I'm using DIGEST-MD5 authentication):
Server {
org.apache.zookeeper.server.auth.DigestLoginModule required
user_super="adminsecret"
user_bob="bobsecret";
};
and into conf/java.env set the path to the jaas.conf
SERVER_JVMFLAGS="-Djava.security.auth.login.config=/path/to/server/jaas/file.conf"
(those settings are for the sh scripts. For windows the SERVER_JVMFLAGS should be set into the zkEnv.cmd and then the variable passed into the zkServer.cmd just after the CLASSPATH var at the java call.
After that you can start up the ZK server.
For the client side, create a new file jaas_client.conf with
Client {
org.apache.zookeeper.server.auth.DigestLoginModule required
username="bob"
password="bobsecret";
};
Now Use a Zookeeper client to do any operation against the server. Before creating the client do:
System.setProperty("java.security.auth.login.config","/path/to/server/jaas/file.conf");
and then create the zk client.
In the server log you will see:
[NIOServerCxn.Factory:0.0.0.0/0.0.0.0:2183:SaslServerCallbackHandler@130] - Setting authorizedID: bob
[NIOServerCxn.Factory:0.0.0.0/0.0.0.0:2183:ZooKeeperServer@934] - adding SASL authorization for authorizationID: bob
This happens with Curator as well but after that the ConnectionLoss on the client side.
from curator.
Have you ever tried to use Curator with an authentication mechanism that involves using a jaas.conf file?
Which authentication mechanism have you tried?
from curator.
I tried the example as described above and everything seems to work correctly. Here's the code I used:
Timing timing = new Timing();
System.setProperty("java.security.auth.login.config","/path/to/jaas.conf");
CuratorFramework client = CuratorFrameworkFactory.newClient("localhost:2181", timing.session(), timing.connection(), new RetryOneTime(1));
client.start();
client.checkExists().forPath("/hey");
log.debug("about to sleep");
Thread.sleep(100000);
The client sleeps and the server says "Successfully authenticated client: authenticationID=bob; authorizationID=bob".
from curator.
Maybe you aren't setting a long enough connection timeout?
from curator.
Hi,
Can you add a watcher while the client adds a node? I don't receive any event.
Settting the corretc ACL I'm able to create the node but I cannot receive from another client the events.
Also I cannot make work a ServiceDiscovery (which works without sasl):
System.setProperty("java.security.auth.login.config","/path/to/jaas.conf");
ServiceDiscovery discovery = ServiceDiscoveryBuilder
.builder(String.class).basePath(root).client(client).build();
try {
discovery.start();
Collection<String> names = discovery.queryForNames();
It hangs on discovery.queryForNames();
The same works if I use the digest schema since in that case I can add to the client
.authorization("digest", "username:pwd".getBytes()
Thank you.
from curator.
I just tried it with ServiceDiscovery and queryForNames() and it works fine. I have a strong feeling that your connection and/or session timeouts are too low.
from curator.
Which settings did you use?
I've even set
CuratorFramework client = CuratorFrameworkFactory.newClient("localhost:2181", 100000, 100000, new RetryOneTime(1));
but still no luck.
Are you talking about another session/connection timeout?
from curator.
Ok, some updates. It seems related to the number of operations I execute with the same client.
Indeed even the discovery works if it's the only one thing a do with a client just created.
Can you try the below code? I've extended your example to do more operations.
Example:
Timing timing = new Timing();
System.setProperty("java.security.auth.login.config","/path/to/jaas.conf");
CuratorFramework client = CuratorFrameworkFactory.newClient("localhost:2182", timing.session(), timing.connection(), new RetryOneTime(1));
client.start();
client.checkExists().forPath("/hey");
client.create().withMode(CreateMode.EPHEMERAL).withACL(Ids.CREATOR_ALL_ACL).forPath("/hey", new byte[0]);
client.create().withMode(CreateMode.EPHEMERAL).withACL(Ids.CREATOR_ALL_ACL).forPath("/again", new byte[0]);
Exception in thread "main" org.apache.zookeeper.KeeperException$ConnectionLossException: KeeperErrorCode = ConnectionLoss
at com.netflix.curator.ConnectionState.getZooKeeper(ConnectionState.java:84)
at com.netflix.curator.CuratorZookeeperClient.getZooKeeper(CuratorZookeeperClient.java:90)
at com.netflix.curator.framework.imps.CuratorFrameworkImpl.getZooKeeper(CuratorFrameworkImpl.java:381)
at com.netflix.curator.framework.imps.CreateBuilderImpl$6.call(CreateBuilderImpl.java:356)
at com.netflix.curator.framework.imps.CreateBuilderImpl$6.call(CreateBuilderImpl.java:336)
at com.netflix.curator.RetryLoop.callWithRetry(RetryLoop.java:85)
at com.netflix.curator.framework.imps.CreateBuilderImpl.pathInForeground(CreateBuilderImpl.java:332)
at com.netflix.curator.framework.imps.CreateBuilderImpl.forPath(CreateBuilderImpl.java:294)
at com.netflix.curator.framework.imps.CreateBuilderImpl$2.forPath(CreateBuilderImpl.java:149)
at com.netflix.curator.framework.imps.CreateBuilderImpl$2.forPath(CreateBuilderImpl.java:115)
from curator.
Persistence pays off! I've found the problem. The curator event processor wasn't handling the SaslAuthenticated event. It was treating it as a disconnection. I really appreciate your help on this. I'll try to build new JARs today or tomorrow.
from curator.
Many Thanks!
from curator.
Which version this fix is in? Thanks.
from curator.
1.1.8/1.0.9 - April 17, 2012
from curator.
Related Issues (20)
- java.nio.channels.CancelledKeyException HOT 1
- java.lang.NoSuchMethodError: com.google.common.cache.CacheBuilder.build HOT 4
- adding nodes to zookeeper from local properties through archaius HOT 1
- InterProcessMutex is not releasing when called inside a future's onSuccess function. HOT 1
- Curator's Watch triggered two times for the same notification HOT 3
- Curator integration with Exhibitor-values to be provided for ExhibitorEnsembleProvider arguments HOT 1
- What's the plan for releasing changes to this? HOT 3
- org.apache.zookeeper.KeeperException$NodeExistsException: KeeperErrorCode = NodeExists HOT 3
- curator use this.client.create().creatingParentsIfNeeded().withMode(CreateMode.PERSISTENT).forPath(path, data); but I find zk didnot have this node. HOT 2
- Link in wiki is broken HOT 1
- Examples Link in Table of Contents leads to 404 HOT 2
- NoSuchMethodError exception HOT 2
- Curator connecting to a secured SASL zookeeper HOT 1
- Background operation retry gave up HOT 1
- ..
- The result of event.getPath() in BackgroundCallback confused me
- Missing method declaration addAuthInfo
- TestingServer cannot start, it always throw FailedServerStartException
- curator 5.3 connect docker zookeeper cluster
- the parent node never delete cause thousands of parent node
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from curator.