/// <summary>set up security.</summary> /// <remarks> /// set up security. this must be done prior to creating /// the ZK instance, as it sets up JAAS if that has not been done already. /// </remarks> /// <returns>true if the cluster has security enabled.</returns> /// <exception cref="System.IO.IOException"/> public virtual bool SetupSecurity() { Configuration conf = GetConfig(); string jaasContext = conf.GetTrimmed(KeyRegistryZkserviceJaasContext); secureServer = StringUtils.IsNotEmpty(jaasContext); if (secureServer) { RegistrySecurity.ValidateContext(jaasContext); RegistrySecurity.BindZKToServerJAASContext(jaasContext); // policy on failed auth Runtime.SetProperty(PropZkAllowFailedSaslClients, conf.Get(KeyZkserviceAllowFailedSaslClients , "true")); //needed so that you can use sasl: strings in the registry Runtime.SetProperty(RegistryInternalConstants.ZookeeperAuthProvider + ".1", RegistryInternalConstants .SaslauthenticationProvider); string serverContext = Runtime.GetProperty(PropZkServerSaslContext); AddDiagnostics("Server JAAS context s = %s", serverContext); return(true); } else { return(false); } }
public virtual void TestLowlevelZKSaslLogin() { RegistrySecurity.BindZKToServerJAASContext(ZookeeperServerContext); string serverSection = Runtime.GetProperty(ZooKeeperSaslServer.LoginContextNameKey , ZooKeeperSaslServer.DefaultLoginContextName); NUnit.Framework.Assert.AreEqual(ZookeeperServerContext, serverSection); AppConfigurationEntry[] entries; entries = Configuration.GetConfiguration().GetAppConfigurationEntry(serverSection ); NUnit.Framework.Assert.IsNotNull("null entries", entries); SaslServerCallbackHandler saslServerCallbackHandler = new SaslServerCallbackHandler (Configuration.GetConfiguration()); Org.Apache.Zookeeper.Login login = new Org.Apache.Zookeeper.Login(serverSection, saslServerCallbackHandler); try { login.StartThreadIfNeeded(); } finally { login.Shutdown(); } }