[ https://issues.apache.org/jira/browse/SOLR-9518?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ishan Chattopadhyaya updated SOLR-9518: --------------------------------------- Description: Starting up Solr 6.2.0 (with delegation tokens enabled) that doesn't have a chrooted ZK, I see the following in the startup logs: {code} 2016-09-15 07:08:22.453 ERROR (main) [ ] o.a.s.s.SolrDispatchFilter Could not start Solr. Check solr/home property and the logs 2016-09-15 07:08:22.477 ERROR (main) [ ] o.a.s.c.SolrCore null:java.lang.StringIndexOutOfBoundsException: String index out of range: -1 at java.lang.String.substring(String.java:1927) at org.apache.solr.security.KerberosPlugin.init(KerberosPlugin.java:138) at org.apache.solr.core.CoreContainer.initializeAuthenticationPlugin(CoreContainer.java:316) at org.apache.solr.core.CoreContainer.load(CoreContainer.java:442) at org.apache.solr.servlet.SolrDispatchFilter.createCoreContainer(SolrDispatchFilter.java:158) at org.apache.solr.servlet.SolrDispatchFilter.init(SolrDispatchFilter.java:134) at org.eclipse.jetty.servlet.FilterHolder.initialize(FilterHolder.java:137) at org.eclipse.jetty.servlet.ServletHandler.initialize(ServletHandler.java:856) at org.eclipse.jetty.servlet.ServletContextHandler.startContext(ServletContextHandler.java:348) at org.eclipse.jetty.webapp.WebAppContext.startWebapp(WebAppContext.java:1379) at org.eclipse.jetty.webapp.WebAppContext.startContext(WebAppContext.java:1341) at org.eclipse.jetty.server.handler.ContextHandler.doStart(ContextHandler.java:772) at org.eclipse.jetty.servlet.ServletContextHandler.doStart(ServletContextHandler.java:261) at org.eclipse.jetty.webapp.WebAppContext.doStart(WebAppContext.java:517) at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68) at org.eclipse.jetty.deploy.bindings.StandardStarter.processBinding(StandardStarter.java:41) at org.eclipse.jetty.deploy.AppLifeCycle.runBindings(AppLifeCycle.java:188) at org.eclipse.jetty.deploy.DeploymentManager.requestAppGoal(DeploymentManager.java:499) at org.eclipse.jetty.deploy.DeploymentManager.addApp(DeploymentManager.java:147) at org.eclipse.jetty.deploy.providers.ScanningAppProvider.fileAdded(ScanningAppProvider.java:180) at org.eclipse.jetty.deploy.providers.WebAppProvider.fileAdded(WebAppProvider.java:458) at org.eclipse.jetty.deploy.providers.ScanningAppProvider$1.fileAdded(ScanningAppProvider.java:64) at org.eclipse.jetty.util.Scanner.reportAddition(Scanner.java:610) at org.eclipse.jetty.util.Scanner.reportDifferences(Scanner.java:529) {code} To me, it seems that adding a check for the presence of a chrooted ZK, and, calculating the relative ZK path only if it exists should suffice. I'll add a patch for this shortly. was: Starting up Solr 6.2.0 that doesn't have a chrooted ZK, I see the following in the startup logs: {code} 2016-09-15 07:08:22.453 ERROR (main) [ ] o.a.s.s.SolrDispatchFilter Could not start Solr. Check solr/home property and the logs 2016-09-15 07:08:22.477 ERROR (main) [ ] o.a.s.c.SolrCore null:java.lang.StringIndexOutOfBoundsException: String index out of range: -1 at java.lang.String.substring(String.java:1927) at org.apache.solr.security.KerberosPlugin.init(KerberosPlugin.java:138) at org.apache.solr.core.CoreContainer.initializeAuthenticationPlugin(CoreContainer.java:316) at org.apache.solr.core.CoreContainer.load(CoreContainer.java:442) at org.apache.solr.servlet.SolrDispatchFilter.createCoreContainer(SolrDispatchFilter.java:158) at org.apache.solr.servlet.SolrDispatchFilter.init(SolrDispatchFilter.java:134) at org.eclipse.jetty.servlet.FilterHolder.initialize(FilterHolder.java:137) at org.eclipse.jetty.servlet.ServletHandler.initialize(ServletHandler.java:856) at org.eclipse.jetty.servlet.ServletContextHandler.startContext(ServletContextHandler.java:348) at org.eclipse.jetty.webapp.WebAppContext.startWebapp(WebAppContext.java:1379) at org.eclipse.jetty.webapp.WebAppContext.startContext(WebAppContext.java:1341) at org.eclipse.jetty.server.handler.ContextHandler.doStart(ContextHandler.java:772) at org.eclipse.jetty.servlet.ServletContextHandler.doStart(ServletContextHandler.java:261) at org.eclipse.jetty.webapp.WebAppContext.doStart(WebAppContext.java:517) at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68) at org.eclipse.jetty.deploy.bindings.StandardStarter.processBinding(StandardStarter.java:41) at org.eclipse.jetty.deploy.AppLifeCycle.runBindings(AppLifeCycle.java:188) at org.eclipse.jetty.deploy.DeploymentManager.requestAppGoal(DeploymentManager.java:499) at org.eclipse.jetty.deploy.DeploymentManager.addApp(DeploymentManager.java:147) at org.eclipse.jetty.deploy.providers.ScanningAppProvider.fileAdded(ScanningAppProvider.java:180) at org.eclipse.jetty.deploy.providers.WebAppProvider.fileAdded(WebAppProvider.java:458) at org.eclipse.jetty.deploy.providers.ScanningAppProvider$1.fileAdded(ScanningAppProvider.java:64) at org.eclipse.jetty.util.Scanner.reportAddition(Scanner.java:610) at org.eclipse.jetty.util.Scanner.reportDifferences(Scanner.java:529) {code} To me, it seems that adding a check for the presence of a chrooted ZK, and, calculating the relative ZK path only if it exists should suffice. I'll add a patch for this shortly. > Kerberos Delegation Tokens doesn't work without a chrooted ZK > ------------------------------------------------------------- > > Key: SOLR-9518 > URL: https://issues.apache.org/jira/browse/SOLR-9518 > Project: Solr > Issue Type: Bug > Security Level: Public(Default Security Level. Issues are Public) > Reporter: Ishan Chattopadhyaya > Attachments: SOLR-9518.patch, SOLR-9518.patch > > > Starting up Solr 6.2.0 (with delegation tokens enabled) that doesn't have a > chrooted ZK, I see the following in the startup logs: > {code} > 2016-09-15 07:08:22.453 ERROR (main) [ ] o.a.s.s.SolrDispatchFilter Could > not start Solr. Check solr/home property and the logs > 2016-09-15 07:08:22.477 ERROR (main) [ ] o.a.s.c.SolrCore > null:java.lang.StringIndexOutOfBoundsException: String index out of range: -1 > at java.lang.String.substring(String.java:1927) > at > org.apache.solr.security.KerberosPlugin.init(KerberosPlugin.java:138) > at > org.apache.solr.core.CoreContainer.initializeAuthenticationPlugin(CoreContainer.java:316) > at org.apache.solr.core.CoreContainer.load(CoreContainer.java:442) > at > org.apache.solr.servlet.SolrDispatchFilter.createCoreContainer(SolrDispatchFilter.java:158) > at > org.apache.solr.servlet.SolrDispatchFilter.init(SolrDispatchFilter.java:134) > at > org.eclipse.jetty.servlet.FilterHolder.initialize(FilterHolder.java:137) > at > org.eclipse.jetty.servlet.ServletHandler.initialize(ServletHandler.java:856) > at > org.eclipse.jetty.servlet.ServletContextHandler.startContext(ServletContextHandler.java:348) > at > org.eclipse.jetty.webapp.WebAppContext.startWebapp(WebAppContext.java:1379) > at > org.eclipse.jetty.webapp.WebAppContext.startContext(WebAppContext.java:1341) > at > org.eclipse.jetty.server.handler.ContextHandler.doStart(ContextHandler.java:772) > at > org.eclipse.jetty.servlet.ServletContextHandler.doStart(ServletContextHandler.java:261) > at > org.eclipse.jetty.webapp.WebAppContext.doStart(WebAppContext.java:517) > at > org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68) > at > org.eclipse.jetty.deploy.bindings.StandardStarter.processBinding(StandardStarter.java:41) > at > org.eclipse.jetty.deploy.AppLifeCycle.runBindings(AppLifeCycle.java:188) > at > org.eclipse.jetty.deploy.DeploymentManager.requestAppGoal(DeploymentManager.java:499) > at > org.eclipse.jetty.deploy.DeploymentManager.addApp(DeploymentManager.java:147) > at > org.eclipse.jetty.deploy.providers.ScanningAppProvider.fileAdded(ScanningAppProvider.java:180) > at > org.eclipse.jetty.deploy.providers.WebAppProvider.fileAdded(WebAppProvider.java:458) > at > org.eclipse.jetty.deploy.providers.ScanningAppProvider$1.fileAdded(ScanningAppProvider.java:64) > at org.eclipse.jetty.util.Scanner.reportAddition(Scanner.java:610) > at org.eclipse.jetty.util.Scanner.reportDifferences(Scanner.java:529) > {code} > To me, it seems that adding a check for the presence of a chrooted ZK, and, > calculating the relative ZK path only if it exists should suffice. I'll add a > patch for this shortly. -- This message was sent by Atlassian JIRA (v6.3.4#6332) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org