lucene-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Uwe Schindler (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (SOLR-8052) Kerberos auth plugin does not work with Java 9 Jigsaw
Date Wed, 16 Sep 2015 07:16:46 GMT

    [ https://issues.apache.org/jira/browse/SOLR-8052?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14747055#comment-14747055
] 

Uwe Schindler commented on SOLR-8052:
-------------------------------------

Hi Anshum,

it might be related to something else, I have just seen that this is related to "sun.security.krb5"
(see Javadocs: "This class maintains key-value pairs of Kerberos configurable constants from
configuration file or from user specified system properties") and "MiniKDC" (Key Districbution
Center", which is also related to Kerberos).

If you know better, could you please just correct the issue description and summary to correctly
say what's wrong. This was just manual "text mining" on keywords based on the stack trace.

It might also be good to find out if this is just a test issue or a general problem. Maybe
it is only that this uses MiniKDC in tests but not in production. But the underlying issue
is MiniKDC, so somebody who knows the project more could inform them about the issue.

> Kerberos auth plugin does not work with Java 9 Jigsaw
> -----------------------------------------------------
>
>                 Key: SOLR-8052
>                 URL: https://issues.apache.org/jira/browse/SOLR-8052
>             Project: Solr
>          Issue Type: Bug
>          Components: Authentication
>    Affects Versions: 5.3
>            Reporter: Uwe Schindler
>
> As described in my status update yesterday, there are some problems in dependencies shipped
with Solr that don't work with Java 9 Jigsaw builds.
> org.apache.solr.cloud.SaslZkACLProviderTest.testSaslZkACLProvider
> {noformat}
>    [junit4]    > Throwable #1: java.lang.RuntimeException: java.lang.IllegalAccessException:
Class org.apache.hadoop.minikdc.MiniKdc can not access a member of class sun.security.krb5.Config
(module java.security.jgss) with modifiers "public static", module java.security.jgss does
not export sun.security.krb5 to <unnamed module @6d2a209c>
>    [junit4]    >        at org.apache.solr.cloud.SaslZkACLProviderTest$SaslZkTestServer.run(SaslZkACLProviderTest.java:211)
>    [junit4]    >        at org.apache.solr.cloud.SaslZkACLProviderTest.setUp(SaslZkACLProviderTest.java:81)
>    [junit4]    >        at java.lang.Thread.run(java.base@9.0/Thread.java:746)
>    [junit4]    > Caused by: java.lang.IllegalAccessException: Class org.apache.hadoop.minikdc.MiniKdc
can not access a member of class sun.security.krb5.Config (module java.security.jgss) with
modifiers "public static", module java.security.jgss does not export sun.security.krb5 to
<unnamed module @6d2a209c>
>    [junit4]    >        at java.lang.reflect.AccessibleObject.slowCheckMemberAccess(java.base@9.0/AccessibleObject.java:384)
>    [junit4]    >        at java.lang.reflect.AccessibleObject.checkAccess(java.base@9.0/AccessibleObject.java:376)
>    [junit4]    >        at org.apache.hadoop.minikdc.MiniKdc.initKDCServer(MiniKdc.java:478)
>    [junit4]    >        at org.apache.hadoop.minikdc.MiniKdc.start(MiniKdc.java:320)
>    [junit4]    >        at org.apache.solr.cloud.SaslZkACLProviderTest$SaslZkTestServer.run(SaslZkACLProviderTest.java:204)
>    [junit4]    >        ... 38 moreThrowable #2: java.lang.NullPointerException
>    [junit4]    >        at org.apache.solr.cloud.ZkTestServer$ZKServerMain.shutdown(ZkTestServer.java:334)
>    [junit4]    >        at org.apache.solr.cloud.ZkTestServer.shutdown(ZkTestServer.java:526)
>    [junit4]    >        at org.apache.solr.cloud.SaslZkACLProviderTest$SaslZkTestServer.shutdown(SaslZkACLProviderTest.java:218)
>    [junit4]    >        at org.apache.solr.cloud.SaslZkACLProviderTest.tearDown(SaslZkACLProviderTest.java:116)
>    [junit4]    >        at java.lang.Thread.run(java.base@9.0/Thread.java:746)
> {noformat}
> This is really bad, bad, bad! All security related stuff should never ever be reflected
on!
> So we have to open issue in MiniKdc project so they remove the "hacks". Elasticsearch
had
> similar problems with Amazon's AWS API. The worked around with a funny hack in their
SecurityPolicy
> (https://github.com/elastic/elasticsearch/pull/13538). But as Solr does not run with
SecurityManager
> in production, there is no way to do that. 
> We should report issue on the MiniKdc project, so they fix their code and remove the
really bad reflection on Java's internal classes.
> FYI, my [conclusion|http://mail-archives.apache.org/mod_mbox/lucene-dev/201509.mbox/%3C014801d0ee23%245c8f5df0%2415ae19d0%24%40thetaphi.de%3E]
from yesterday.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org


Mime
View raw message