/// <summary>set up security.</summary> /// <remarks> /// set up security. this must be done prior to creating /// the ZK instance, as it sets up JAAS if that has not been done already. /// </remarks> /// <returns>true if the cluster has security enabled.</returns> /// <exception cref="System.IO.IOException"/> public virtual bool SetupSecurity() { Configuration conf = GetConfig(); string jaasContext = conf.GetTrimmed(KeyRegistryZkserviceJaasContext); secureServer = StringUtils.IsNotEmpty(jaasContext); if (secureServer) { RegistrySecurity.ValidateContext(jaasContext); RegistrySecurity.BindZKToServerJAASContext(jaasContext); // policy on failed auth Runtime.SetProperty(PropZkAllowFailedSaslClients, conf.Get(KeyZkserviceAllowFailedSaslClients , "true")); //needed so that you can use sasl: strings in the registry Runtime.SetProperty(RegistryInternalConstants.ZookeeperAuthProvider + ".1", RegistryInternalConstants .SaslauthenticationProvider); string serverContext = Runtime.GetProperty(PropZkServerSaslContext); AddDiagnostics("Server JAAS context s = %s", serverContext); return(true); } else { return(false); } }
/// <summary>Create a secure instance</summary> /// <param name="name">instance name</param> /// <returns>the instance</returns> /// <exception cref="System.Exception"/> protected internal static MicroZookeeperService CreateSecureZKInstance(string name ) { string context = ZookeeperServerContext; Configuration conf = new Configuration(); FilePath testdir = new FilePath(Runtime.GetProperty("test.dir", "target")); FilePath workDir = new FilePath(testdir, name); if (!workDir.Mkdirs()) { NUnit.Framework.Assert.IsTrue(workDir.IsDirectory()); } Runtime.SetProperty(ZookeeperConfigOptions.PropZkServerMaintainConnectionDespiteSaslFailure , "false"); RegistrySecurity.ValidateContext(context); conf.Set(MicroZookeeperServiceKeys.KeyRegistryZkserviceJaasContext, context); MicroZookeeperService secureZK = new MicroZookeeperService(name); secureZK.Init(conf); Log.Info(secureZK.GetDiagnostics()); return(secureZK); }