/// <summary>set up security.</summary>
/// <remarks>
/// set up security. this must be done prior to creating
/// the ZK instance, as it sets up JAAS if that has not been done already.
/// </remarks>
/// <returns>true if the cluster has security enabled.</returns>
/// <exception cref="System.IO.IOException"/>
public virtual bool SetupSecurity()
{
Configuration conf = GetConfig();
string jaasContext = conf.GetTrimmed(KeyRegistryZkserviceJaasContext);
secureServer = StringUtils.IsNotEmpty(jaasContext);
if (secureServer)
{
RegistrySecurity.ValidateContext(jaasContext);
RegistrySecurity.BindZKToServerJAASContext(jaasContext);
// policy on failed auth
Runtime.SetProperty(PropZkAllowFailedSaslClients, conf.Get(KeyZkserviceAllowFailedSaslClients
, "true"));
//needed so that you can use sasl: strings in the registry
Runtime.SetProperty(RegistryInternalConstants.ZookeeperAuthProvider + ".1", RegistryInternalConstants
.SaslauthenticationProvider);
string serverContext = Runtime.GetProperty(PropZkServerSaslContext);
AddDiagnostics("Server JAAS context s = %s", serverContext);
return(true);
}
else
{
return(false);
}
}
/// <summary>Create a secure instance</summary>
/// <param name="name">instance name</param>
/// <returns>the instance</returns>
/// <exception cref="System.Exception"/>
protected internal static MicroZookeeperService CreateSecureZKInstance(string name
)
{
string context = ZookeeperServerContext;
Configuration conf = new Configuration();
FilePath testdir = new FilePath(Runtime.GetProperty("test.dir", "target"));
FilePath workDir = new FilePath(testdir, name);
if (!workDir.Mkdirs())
{
NUnit.Framework.Assert.IsTrue(workDir.IsDirectory());
}
Runtime.SetProperty(ZookeeperConfigOptions.PropZkServerMaintainConnectionDespiteSaslFailure
, "false");
RegistrySecurity.ValidateContext(context);
conf.Set(MicroZookeeperServiceKeys.KeyRegistryZkserviceJaasContext, context);
MicroZookeeperService secureZK = new MicroZookeeperService(name);
secureZK.Init(conf);
Log.Info(secureZK.GetDiagnostics());
return(secureZK);
}
