[ https://issues.apache.org/jira/browse/ZOOKEEPER-1881?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13965254#comment-13965254 ]
Ding Yuan commented on ZOOKEEPER-1881: -------------------------------------- Ping. Is there anything else I can help from my side? > Shutdown server immediately upon PrivilegedActionException > ---------------------------------------------------------- > > Key: ZOOKEEPER-1881 > URL: https://issues.apache.org/jira/browse/ZOOKEEPER-1881 > Project: ZooKeeper > Issue Type: Improvement > Components: server > Affects Versions: 3.4.5 > Reporter: Ding Yuan > Attachments: zookeeper-1881.patch > > > It seems when an SaslServer cannot be created due to a > PriviledgedActionException, it is better to shutdown the server immediately > instead of letting it to propagate. The current behaviour will just set > ServerCncx.zooKeeperSaslServer to null, and later every time when an SASL > request comes in it will be rejected. If we already detect the loophole > early, we should just reject it early. > {noformat} > private SaslServer createSaslServer(final Login login) { > catch (PrivilegedActionException e) { > // TODO: exit server at this point(?) > LOG.error("Zookeeper Quorum member experienced a > PrivilegedActionException exception while creating a SaslServer using a JAAS > principal context:" + e); > e.printStackTrace(); > } > {noformat} > For what it is worth, attaching an attempt to patch it. The idea of the patch > is to propagate this PrivilegedActionException to ServerCnxnFactory and shut > down all the connections and server. Not sure if this is the right way to > solve it. Any comments are appreciated! > Also in the patch are two additional logging on two unlogged exceptions. -- This message was sent by Atlassian JIRA (v6.2#6252)