From user-return-12507-archive-asf-public=cust-asf.ponee.io@zookeeper.apache.org Thu Jan 9 21:02:37 2020 Return-Path: X-Original-To: archive-asf-public@cust-asf.ponee.io Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [207.244.88.153]) by mx-eu-01.ponee.io (Postfix) with SMTP id ADA5418063F for ; Thu, 9 Jan 2020 22:02:36 +0100 (CET) Received: (qmail 52852 invoked by uid 500); 9 Jan 2020 21:02:35 -0000 Mailing-List: contact user-help@zookeeper.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: user@zookeeper.apache.org Delivered-To: mailing list user@zookeeper.apache.org Received: (qmail 52837 invoked by uid 99); 9 Jan 2020 21:02:34 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd4-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 09 Jan 2020 21:02:34 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd4-us-west.apache.org (ASF Mail Server at spamd4-us-west.apache.org) with ESMTP id 92BB2C05D2 for ; Thu, 9 Jan 2020 21:02:33 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd4-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 0.501 X-Spam-Level: X-Spam-Status: No, score=0.501 tagged_above=-999 required=6.31 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, JMQ_SPF_NEUTRAL=0.5, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=disabled Authentication-Results: spamd4-us-west.apache.org (amavisd-new); dkim=pass (1024-bit key) header.d=g001.emailsrvr.com Received: from mx1-ec2-va.apache.org ([10.40.0.8]) by localhost (spamd4-us-west.apache.org [10.40.0.11]) (amavisd-new, port 10024) with ESMTP id lD7lPXhsuTb0 for ; Thu, 9 Jan 2020 21:02:31 +0000 (UTC) Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=108.166.43.81; helo=smtp81.ord1c.emailsrvr.com; envelope-from=ddiederen@sinenomine.net; receiver= Received: from smtp81.ord1c.emailsrvr.com (smtp81.ord1c.emailsrvr.com [108.166.43.81]) by mx1-ec2-va.apache.org (ASF Mail Server at mx1-ec2-va.apache.org) with ESMTPS id 8CC2CBC564 for ; Thu, 9 Jan 2020 21:02:31 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=g001.emailsrvr.com; s=20190322-9u7zjiwi; t=1578603750; bh=31OASm97sgpwKjPEXCb2//+e8XGA3cCRmIF+WNl5f+0=; h=From:To:Subject:Date:From; b=NKQb1VV8ETZjkpk+lJ6doVgxooVbBTjXm5aaNk0uUdWxHUBNmVw45gOmdjAZ+8a6n Gzt7H2sTbXvmGj58WJXXcy+NPeWyJyTbs010gNGyqQOoXT6n58gi5bcIHinZ345Wal CP1P2y2/zMGRP3S/IL4b4UsdBq3OuxNDRZUaqNHY= X-Auth-ID: ddiederen@sinenomine.net Received: by smtp19.relay.ord1c.emailsrvr.com (Authenticated sender: ddiederen-AT-sinenomine.net) with ESMTPSA id E1259A011C; Thu, 9 Jan 2020 16:02:29 -0500 (EST) X-Sender-Id: ddiederen@sinenomine.net Received: from localhost (ppp-88-217-123-86.dynamic.mnet-online.de [88.217.123.86]) (using TLSv1.2 with cipher AES256-GCM-SHA384) by 0.0.0.0:465 (trex/5.7.12); Thu, 09 Jan 2020 16:02:30 -0500 From: Damien Diederen To: Enrico Olivelli Cc: UserZooKeeper , Arpit Jain , =?utf-8?B?U3phbGF5LUJla8WRIE3DoXTDqQ==?= Subject: Re: Zookeeper and curator SASL authentication Organization: Sine Nomine Associates References: <87h814n37k.fsf@sinenomine.net> <87blrcmow9.fsf@sinenomine.net> OpenPGP: url=http://crosstwine.com/dd/gpg_key.txt; id=63B7C58080BB03255C13D0C176AF37151F37F9E7 Date: Thu, 09 Jan 2020 22:02:28 +0100 In-Reply-To: (Enrico Olivelli's message of "Thu, 9 Jan 2020 20:42:10 +0100") Message-ID: <877e20mjh7.fsf@sinenomine.net> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hi Enrico, > There is a method to force JAAS to reload the system property. > > Something like Configuration.getConfiguration().refresh() Great to know! Thanks! > You have to call that method after changing the system property Cheers, -D > Il gio 9 gen 2020, 20:05 Damien Diederen ha > scritto: > >> >> Hi Arpit, M=C3=A1t=C3=A9, >> >> Arpit wrote: >> >> > The solution is to pass JAAS file >> > with -Djava.security.auth.login.config=3D/path/to/jaas.conf. >> >> Okay=E2=80=94good. >> >> > Using System.setProperty does not work for me. >> >> Ah, I see. And I'm not surprised; I think M=C3=A1t=C3=A9 is on the righ= t track: >> >> >> I also faced this exception not long ago. I think it is an edge case, >> most >> >> probably you have something else, but still... maybe it helps: >> >> >> >> I tried to write a unit test which dynamically generated multiple >> >> jaas.conf files. Then I was setting the >> >> java.security.auth.login.config system property to the config file I >> needed >> >> in the given testcase, and when I tried to establish a ZooKeeper >> connection >> >> in the unit test, I also got the same exception that you got. >> >> >> >> The problem was, that the security configuration file I referred in t= he >> >> java.security.auth.login.config system property file was read only on= ce, >> >> then stored in memory. And it haven't got reloaded, even if the file = (or >> >> its path in the system property) changed. >> >> My understanding is that the property is read very early after "VM boot" >> (the first time any class tries to access the java.security.Provider): >> the resource it points to is parsed at that point, and the property >> "never" checked again. >> >> (It *may* be possible to flush the "Spi" or something, but it's clearly >> not the kind of usage it was designed for.) >> >> >> Maybe the best in this case is to >> >> specify separate JAAS config sections for each tests and use a single >> >> JAAS.conf file per JVM. >> >> That's probably the easiest if the set is enumerable. >> >> "Real dynamism" might require overriding the "Spi" or "Provider," but >> that's probably overkill for a few tests. >> >> (Now that I think of it=E2=80=A6 our tests are already run under the JMo= ckit >> agent, so live-patching JAAS methods using mockit.MockUp might be >> another option :) >> >> Anyway. It looks like setting the property externally worked for Arpit. >> >> Cheers, -D >>