[
https://issues.apache.org/jira/browse/ZOOKEEPER-1881?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Chris Nauroth updated ZOOKEEPER-1881:
-------------------------------------
Fix Version/s: (was: 3.5.2)
3.5.3
> Shutdown server immediately upon PrivilegedActionException
> ----------------------------------------------------------
>
> Key: ZOOKEEPER-1881
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-1881
> Project: ZooKeeper
> Issue Type: Improvement
> Components: server
> Affects Versions: 3.4.5
> Reporter: Ding Yuan
> Assignee: Ding Yuan
> Fix For: 3.6.0, 3.5.3
>
> Attachments: zookeeper-1881.patch
>
>
> It seems when an SaslServer cannot be created due to a
> PriviledgedActionException, it is better to shutdown the server immediately
> instead of letting it to propagate. The current behaviour will just set
> ServerCncx.zooKeeperSaslServer to null, and later every time when an SASL
> request comes in it will be rejected. If we already detect the loophole
> early, we should just reject it early.
> {noformat}
> private SaslServer createSaslServer(final Login login) {
> catch (PrivilegedActionException e) {
> // TODO: exit server at this point(?)
> LOG.error("Zookeeper Quorum member experienced a
> PrivilegedActionException exception while creating a SaslServer using a JAAS
> principal context:" + e);
> e.printStackTrace();
> }
> {noformat}
> For what it is worth, attaching an attempt to patch it. The idea of the patch
> is to propagate this PrivilegedActionException to ServerCnxnFactory and shut
> down all the connections and server. Not sure if this is the right way to
> solve it. Any comments are appreciated!
> Also in the patch are two additional logging on two unlogged exceptions.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
