[
https://issues.apache.org/jira/browse/SOLR-8052?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14747055#comment-14747055
]
Uwe Schindler commented on SOLR-8052:
-------------------------------------
Hi Anshum,
it might be related to something else, I have just seen that this is related to
"sun.security.krb5" (see Javadocs: "This class maintains key-value pairs of
Kerberos configurable constants from configuration file or from user specified
system properties") and "MiniKDC" (Key Districbution Center", which is also
related to Kerberos).
If you know better, could you please just correct the issue description and
summary to correctly say what's wrong. This was just manual "text mining" on
keywords based on the stack trace.
It might also be good to find out if this is just a test issue or a general
problem. Maybe it is only that this uses MiniKDC in tests but not in
production. But the underlying issue is MiniKDC, so somebody who knows the
project more could inform them about the issue.
> Kerberos auth plugin does not work with Java 9 Jigsaw
> -----------------------------------------------------
>
> Key: SOLR-8052
> URL: https://issues.apache.org/jira/browse/SOLR-8052
> Project: Solr
> Issue Type: Bug
> Components: Authentication
> Affects Versions: 5.3
> Reporter: Uwe Schindler
>
> As described in my status update yesterday, there are some problems in
> dependencies shipped with Solr that don't work with Java 9 Jigsaw builds.
> org.apache.solr.cloud.SaslZkACLProviderTest.testSaslZkACLProvider
> {noformat}
> [junit4] > Throwable #1: java.lang.RuntimeException:
> java.lang.IllegalAccessException: Class org.apache.hadoop.minikdc.MiniKdc can
> not access a member of class sun.security.krb5.Config (module
> java.security.jgss) with modifiers "public static", module java.security.jgss
> does not export sun.security.krb5 to <unnamed module @6d2a209c>
> [junit4] > at
> org.apache.solr.cloud.SaslZkACLProviderTest$SaslZkTestServer.run(SaslZkACLProviderTest.java:211)
> [junit4] > at
> org.apache.solr.cloud.SaslZkACLProviderTest.setUp(SaslZkACLProviderTest.java:81)
> [junit4] > at java.lang.Thread.run([email protected]/Thread.java:746)
> [junit4] > Caused by: java.lang.IllegalAccessException: Class
> org.apache.hadoop.minikdc.MiniKdc can not access a member of class
> sun.security.krb5.Config (module java.security.jgss) with modifiers "public
> static", module java.security.jgss does not export sun.security.krb5 to
> <unnamed module @6d2a209c>
> [junit4] > at
> java.lang.reflect.AccessibleObject.slowCheckMemberAccess([email protected]/AccessibleObject.java:384)
> [junit4] > at
> java.lang.reflect.AccessibleObject.checkAccess([email protected]/AccessibleObject.java:376)
> [junit4] > at
> org.apache.hadoop.minikdc.MiniKdc.initKDCServer(MiniKdc.java:478)
> [junit4] > at
> org.apache.hadoop.minikdc.MiniKdc.start(MiniKdc.java:320)
> [junit4] > at
> org.apache.solr.cloud.SaslZkACLProviderTest$SaslZkTestServer.run(SaslZkACLProviderTest.java:204)
> [junit4] > ... 38 moreThrowable #2:
> java.lang.NullPointerException
> [junit4] > at
> org.apache.solr.cloud.ZkTestServer$ZKServerMain.shutdown(ZkTestServer.java:334)
> [junit4] > at
> org.apache.solr.cloud.ZkTestServer.shutdown(ZkTestServer.java:526)
> [junit4] > at
> org.apache.solr.cloud.SaslZkACLProviderTest$SaslZkTestServer.shutdown(SaslZkACLProviderTest.java:218)
> [junit4] > at
> org.apache.solr.cloud.SaslZkACLProviderTest.tearDown(SaslZkACLProviderTest.java:116)
> [junit4] > at java.lang.Thread.run([email protected]/Thread.java:746)
> {noformat}
> This is really bad, bad, bad! All security related stuff should never ever be
> reflected on!
> So we have to open issue in MiniKdc project so they remove the "hacks".
> Elasticsearch had
> similar problems with Amazon's AWS API. The worked around with a funny hack
> in their SecurityPolicy
> (https://github.com/elastic/elasticsearch/pull/13538). But as Solr does not
> run with SecurityManager
> in production, there is no way to do that.
> We should report issue on the MiniKdc project, so they fix their code and
> remove the really bad reflection on Java's internal classes.
> FYI, my
> [conclusion|http://mail-archives.apache.org/mod_mbox/lucene-dev/201509.mbox/%3C014801d0ee23%245c8f5df0%2415ae19d0%24%40thetaphi.de%3E]
> from yesterday.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
