Re: RFR 8186884: Test native KDC, Java krb5 lib, and native krb5 lib in one test

Thu, 07 Sep 2017 05:40:38 -0700 

Updated at

  http://cr.openjdk.java.net/~weijun/8186884/webrev.01/

Now the libraries can be more freely combined, so you can test interop between 
one native library and another one:

   jtreg -Dnative.krb5.libs=j=,n=,m=lib1.so,h=lib2.so BasicProc.java


More comments inline below.

> On Sep 7, 2017, at 3:29 PM, Artem Smotrakov <artem.smotra...@oracle.com> 
> wrote:
> 
> Hi Max,
> 
> In general, looks fine to me. Below are a couple of comments you might want 
> to address.
> 
> 1. BasicProc.java, it might be better to use named constants for parameters 
> for once() method. That would make it easier to understand what each 
> particular onse() call does

I am passing in label and library names now.

> 
> 2. BasicProc.java, could you please add an exception message?
> 
> +                if (!Arrays.equals(msg, msg2)) {
> +                    throw new Exception();
> +                }
> +                break;

Fixed.

> 
> 3. BasicProc.java, should the test do some cleanup then?
> 
> +            Files.copy(Paths.get("ccache.base"), Paths.get("ccache." + 
> label));

Nowadays I prefer to let jtreg do the cleanup/retain. In fact, I am able to 
find a KDC.java bug by saving the ccache, where the incoming service ticket is 
invalid and not saved into the ccache.

Thanks
Max

> 
> Artem
> 
> On 09/07/2017 03:07 AM, Weijun Wang wrote:
>> Please take a review at
>> 
>>    http://cr.openjdk.java.net/~weijun/8186884/webrev.00/
>> 
>> BasicProc.java is enhanced to use a native JGSS provider, and KDC.java is 
>> enhanced to start (not use) a native KDC. For example, you would be able to 
>> test interop among Java JGSS, native JGSS (with MIT krb5) and Heimdal KDC 
>> with
>> 
>>     jtreg -Dnative.krb5.lib=/usr/local/krb5/lib/libgssapi_krb5.so \
>>           -Dnative.kdc.path=/usr/local/heimdal \
>>           test/sun/security/krb5/auto/BasicProc.java
>> 
>> Without those 2 new system properties, it behaves like before, i.e. Java GSS 
>> on the embedded KDC.
>> 
>> Another change in Context.java. Instead of using shared states to provide 
>> username and password when doing a krb5 login, a callback handler is used. 
>> This is considered more common. An extra permission is needed to read the 
>> default username (though I think this can coded as optional).
>> 
>> Thanks
>> Max
>> 
>

Reply via email to