/// <summary>set up security.</summary>
/// <remarks>
/// set up security. this must be done prior to creating
/// the ZK instance, as it sets up JAAS if that has not been done already.
/// </remarks>
/// <returns>true if the cluster has security enabled.</returns>
/// <exception cref="System.IO.IOException"/>
public virtual bool SetupSecurity()
{
Configuration conf = GetConfig();
string jaasContext = conf.GetTrimmed(KeyRegistryZkserviceJaasContext);
secureServer = StringUtils.IsNotEmpty(jaasContext);
if (secureServer)
{
RegistrySecurity.ValidateContext(jaasContext);
RegistrySecurity.BindZKToServerJAASContext(jaasContext);
// policy on failed auth
Runtime.SetProperty(PropZkAllowFailedSaslClients, conf.Get(KeyZkserviceAllowFailedSaslClients
, "true"));
//needed so that you can use sasl: strings in the registry
Runtime.SetProperty(RegistryInternalConstants.ZookeeperAuthProvider + ".1", RegistryInternalConstants
.SaslauthenticationProvider);
string serverContext = Runtime.GetProperty(PropZkServerSaslContext);
AddDiagnostics("Server JAAS context s = %s", serverContext);
return(true);
}
else
{
return(false);
}
}
public virtual void TestLowlevelZKSaslLogin()
{
RegistrySecurity.BindZKToServerJAASContext(ZookeeperServerContext);
string serverSection = Runtime.GetProperty(ZooKeeperSaslServer.LoginContextNameKey
, ZooKeeperSaslServer.DefaultLoginContextName);
NUnit.Framework.Assert.AreEqual(ZookeeperServerContext, serverSection);
AppConfigurationEntry[] entries;
entries = Configuration.GetConfiguration().GetAppConfigurationEntry(serverSection
);
NUnit.Framework.Assert.IsNotNull("null entries", entries);
SaslServerCallbackHandler saslServerCallbackHandler = new SaslServerCallbackHandler
(Configuration.GetConfiguration());
Org.Apache.Zookeeper.Login login = new Org.Apache.Zookeeper.Login(serverSection,
saslServerCallbackHandler);
try
{
login.StartThreadIfNeeded();
}
finally
{
login.Shutdown();
}
}
