Return-Path: X-Original-To: apmail-lucene-dev-archive@www.apache.org Delivered-To: apmail-lucene-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 0676A17697 for ; Wed, 16 Sep 2015 07:16:47 +0000 (UTC) Received: (qmail 57562 invoked by uid 500); 16 Sep 2015 07:16:46 -0000 Delivered-To: apmail-lucene-dev-archive@lucene.apache.org Received: (qmail 57499 invoked by uid 500); 16 Sep 2015 07:16:46 -0000 Mailing-List: contact dev-help@lucene.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@lucene.apache.org Delivered-To: mailing list dev@lucene.apache.org Received: (qmail 57487 invoked by uid 99); 16 Sep 2015 07:16:46 -0000 Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 16 Sep 2015 07:16:46 +0000 Date: Wed, 16 Sep 2015 07:16:46 +0000 (UTC) From: "Uwe Schindler (JIRA)" To: dev@lucene.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Commented] (SOLR-8052) Kerberos auth plugin does not work with Java 9 Jigsaw MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/SOLR-8052?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14747055#comment-14747055 ] Uwe Schindler commented on SOLR-8052: ------------------------------------- Hi Anshum, it might be related to something else, I have just seen that this is related to "sun.security.krb5" (see Javadocs: "This class maintains key-value pairs of Kerberos configurable constants from configuration file or from user specified system properties") and "MiniKDC" (Key Districbution Center", which is also related to Kerberos). If you know better, could you please just correct the issue description and summary to correctly say what's wrong. This was just manual "text mining" on keywords based on the stack trace. It might also be good to find out if this is just a test issue or a general problem. Maybe it is only that this uses MiniKDC in tests but not in production. But the underlying issue is MiniKDC, so somebody who knows the project more could inform them about the issue. > Kerberos auth plugin does not work with Java 9 Jigsaw > ----------------------------------------------------- > > Key: SOLR-8052 > URL: https://issues.apache.org/jira/browse/SOLR-8052 > Project: Solr > Issue Type: Bug > Components: Authentication > Affects Versions: 5.3 > Reporter: Uwe Schindler > > As described in my status update yesterday, there are some problems in dependencies shipped with Solr that don't work with Java 9 Jigsaw builds. > org.apache.solr.cloud.SaslZkACLProviderTest.testSaslZkACLProvider > {noformat} > [junit4] > Throwable #1: java.lang.RuntimeException: java.lang.IllegalAccessException: Class org.apache.hadoop.minikdc.MiniKdc can not access a member of class sun.security.krb5.Config (module java.security.jgss) with modifiers "public static", module java.security.jgss does not export sun.security.krb5 to > [junit4] > at org.apache.solr.cloud.SaslZkACLProviderTest$SaslZkTestServer.run(SaslZkACLProviderTest.java:211) > [junit4] > at org.apache.solr.cloud.SaslZkACLProviderTest.setUp(SaslZkACLProviderTest.java:81) > [junit4] > at java.lang.Thread.run(java.base@9.0/Thread.java:746) > [junit4] > Caused by: java.lang.IllegalAccessException: Class org.apache.hadoop.minikdc.MiniKdc can not access a member of class sun.security.krb5.Config (module java.security.jgss) with modifiers "public static", module java.security.jgss does not export sun.security.krb5 to > [junit4] > at java.lang.reflect.AccessibleObject.slowCheckMemberAccess(java.base@9.0/AccessibleObject.java:384) > [junit4] > at java.lang.reflect.AccessibleObject.checkAccess(java.base@9.0/AccessibleObject.java:376) > [junit4] > at org.apache.hadoop.minikdc.MiniKdc.initKDCServer(MiniKdc.java:478) > [junit4] > at org.apache.hadoop.minikdc.MiniKdc.start(MiniKdc.java:320) > [junit4] > at org.apache.solr.cloud.SaslZkACLProviderTest$SaslZkTestServer.run(SaslZkACLProviderTest.java:204) > [junit4] > ... 38 moreThrowable #2: java.lang.NullPointerException > [junit4] > at org.apache.solr.cloud.ZkTestServer$ZKServerMain.shutdown(ZkTestServer.java:334) > [junit4] > at org.apache.solr.cloud.ZkTestServer.shutdown(ZkTestServer.java:526) > [junit4] > at org.apache.solr.cloud.SaslZkACLProviderTest$SaslZkTestServer.shutdown(SaslZkACLProviderTest.java:218) > [junit4] > at org.apache.solr.cloud.SaslZkACLProviderTest.tearDown(SaslZkACLProviderTest.java:116) > [junit4] > at java.lang.Thread.run(java.base@9.0/Thread.java:746) > {noformat} > This is really bad, bad, bad! All security related stuff should never ever be reflected on! > So we have to open issue in MiniKdc project so they remove the "hacks". Elasticsearch had > similar problems with Amazon's AWS API. The worked around with a funny hack in their SecurityPolicy > (https://github.com/elastic/elasticsearch/pull/13538). But as Solr does not run with SecurityManager > in production, there is no way to do that. > We should report issue on the MiniKdc project, so they fix their code and remove the really bad reflection on Java's internal classes. > FYI, my [conclusion|http://mail-archives.apache.org/mod_mbox/lucene-dev/201509.mbox/%3C014801d0ee23%245c8f5df0%2415ae19d0%24%40thetaphi.de%3E] from yesterday. -- This message was sent by Atlassian JIRA (v6.3.4#6332) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org For additional commands, e-mail: dev-help@lucene.apache.org