コード例 #1
0
 /**
  * This method checks out the acl making sure it isn't null or empty, it has valid schemes and
  * ids, and expanding any relative ids that depend on the requestor's authentication information.
  *
  * @param authInfo list of ACL IDs associated with the client connection
  * @param acl list of ACLs being assigned to the node (create or setACL operation)
  * @return
  */
 private boolean fixupACL(List<Id> authInfo, List<ACL> acl) {
   if (skipACL) {
     return true;
   }
   if (acl == null || acl.size() == 0) {
     return false;
   }
   Iterator<ACL> it = acl.iterator();
   LinkedList<ACL> toAdd = null;
   while (it.hasNext()) {
     ACL a = it.next();
     Id id = a.getId();
     if (id.getScheme().equals("world") && id.getId().equals("anyone")) {
       // wide open
     } else if (id.getScheme().equals("auth")) {
       // This is the "auth" id, so we have to expand it to the
       // authenticated ids of the requestor
       it.remove();
       if (toAdd == null) {
         toAdd = new LinkedList<ACL>();
       }
       boolean authIdValid = false;
       for (Id cid : authInfo) {
         AuthenticationProvider ap = ProviderRegistry.getProvider(cid.getScheme());
         if (ap == null) {
           LOG.error("Missing AuthenticationProvider for " + cid.getScheme());
         } else if (ap.isAuthenticated()) {
           authIdValid = true;
           toAdd.add(new ACL(a.getPerms(), cid));
         }
       }
       if (!authIdValid) {
         return false;
       }
     } else {
       AuthenticationProvider ap = ProviderRegistry.getProvider(id.getScheme());
       if (ap == null) {
         return false;
       }
       if (!ap.isValid(id.getId())) {
         return false;
       }
     }
   }
   if (toAdd != null) {
     for (ACL a : toAdd) {
       acl.add(a);
     }
   }
   return acl.size() > 0;
 }
コード例 #2
0
 static void checkACL(ZooKeeperServer zks, List<ACL> acl, int perm, List<Id> ids)
     throws KeeperException.NoAuthException {
   if (skipACL) {
     return;
   }
   if (acl == null || acl.size() == 0) {
     return;
   }
   for (Id authId : ids) {
     if (authId.getScheme().equals("super")) {
       return;
     }
   }
   for (ACL a : acl) {
     Id id = a.getId();
     if ((a.getPerms() & perm) != 0) {
       if (id.getScheme().equals("world") && id.getId().equals("anyone")) {
         return;
       }
       AuthenticationProvider ap = ProviderRegistry.getProvider(id.getScheme());
       if (ap != null) {
         for (Id authId : ids) {
           if (authId.getScheme().equals(id.getScheme())
               && ap.matches(authId.getId(), id.getId())) {
             return;
           }
         }
       }
     }
   }
   throw new KeeperException.NoAuthException();
 }