Uwe Schindler created SOLR-8052:
-----------------------------------
Summary: Kerberos auth plugin does not work with Java 9 Jigsaw
Key: SOLR-8052
URL: https://issues.apache.org/jira/browse/SOLR-8052
Project: Solr
Issue Type: Bug
Components: hentication
Affects Versions: 5.3
Reporter: Uwe Schindler
As described in my status update yesterday, there are some problems in
dependencies shipped with Solr that don't work with Java 9 Jigsaw builds.
org.apache.solr.cloud.SaslZkACLProviderTest.testSaslZkACLProvider
{noformat}
[junit4] > Throwable #1: java.lang.RuntimeException:
java.lang.IllegalAccessException: Class org.apache.hadoop.minikdc.MiniKdc can
not access a member of class sun.security.krb5.Config (module
java.security.jgss) with modifiers "public static", module java.security.jgss
does not export sun.security.krb5 to <unnamed module @6d2a209c>
[junit4] > at
org.apache.solr.cloud.SaslZkACLProviderTest$SaslZkTestServer.run(SaslZkACLProviderTest.java:211)
[junit4] > at
org.apache.solr.cloud.SaslZkACLProviderTest.setUp(SaslZkACLProviderTest.java:81)
[junit4] > at java.lang.Thread.run([email protected]/Thread.java:746)
[junit4] > Caused by: java.lang.IllegalAccessException: Class
org.apache.hadoop.minikdc.MiniKdc can not access a member of class
sun.security.krb5.Config (module java.security.jgss) with modifiers "public
static", module java.security.jgss does not export sun.security.krb5 to
<unnamed module @6d2a209c>
[junit4] > at
java.lang.reflect.AccessibleObject.slowCheckMemberAccess([email protected]/AccessibleObject.java:384)
[junit4] > at
java.lang.reflect.AccessibleObject.checkAccess([email protected]/AccessibleObject.java:376)
[junit4] > at
org.apache.hadoop.minikdc.MiniKdc.initKDCServer(MiniKdc.java:478)
[junit4] > at
org.apache.hadoop.minikdc.MiniKdc.start(MiniKdc.java:320)
[junit4] > at
org.apache.solr.cloud.SaslZkACLProviderTest$SaslZkTestServer.run(SaslZkACLProviderTest.java:204)
[junit4] > ... 38 moreThrowable #2: java.lang.NullPointerException
[junit4] > at
org.apache.solr.cloud.ZkTestServer$ZKServerMain.shutdown(ZkTestServer.java:334)
[junit4] > at
org.apache.solr.cloud.ZkTestServer.shutdown(ZkTestServer.java:526)
[junit4] > at
org.apache.solr.cloud.SaslZkACLProviderTest$SaslZkTestServer.shutdown(SaslZkACLProviderTest.java:218)
[junit4] > at
org.apache.solr.cloud.SaslZkACLProviderTest.tearDown(SaslZkACLProviderTest.java:116)
[junit4] > at java.lang.Thread.run([email protected]/Thread.java:746)
{noformat}
This is really bad, bad, bad! All security related stuff should never ever be
reflected on!
So we have to open issue in MiniKdc project so they remove the "hacks".
Elasticsearch had
similar problems with Amazon's AWS API. The worked around with a funny hack in
their SecurityPolicy
(https://github.com/elastic/elasticsearch/pull/13538). But as Solr does not run
with SecurityManager
in production, there is no way to do that.
We should report issue on the MiniKdc project, so they fix their code and
remove the really bad reflection on Java's internal classes.
FYI, my
[conclusion|http://mail-archives.apache.org/mod_mbox/lucene-dev/201509.mbox/%3C014801d0ee23%245c8f5df0%2415ae19d0%24%40thetaphi.de%3E]
from yesterday.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
