[
https://issues.apache.org/jira/browse/SOLR-8052?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14790551#comment-14790551
]
Anshum Gupta commented on SOLR-8052:
------------------------------------
You beat me to it Uwe :)
Thanks for fixing the summary. MiniKDC is a test class to be used for spinning
up an embedded KDC server on the fly for security testing. It isn't used for
anything else, and AFAIK this is the only way to test anything that needs KDC
without actually spinning up a KDC server.
> Tests using MiniKDC do not work with Java 9 Jigsaw
> --------------------------------------------------
>
> Key: SOLR-8052
> URL: https://issues.apache.org/jira/browse/SOLR-8052
> Project: Solr
> Issue Type: Bug
> Components: Authentication
> Affects Versions: 5.3
> Reporter: Uwe Schindler
>
> As described in my status update yesterday, there are some problems in
> dependencies shipped with Solr that don't work with Java 9 Jigsaw builds.
> org.apache.solr.cloud.SaslZkACLProviderTest.testSaslZkACLProvider
> {noformat}
> [junit4] > Throwable #1: java.lang.RuntimeException:
> java.lang.IllegalAccessException: Class org.apache.hadoop.minikdc.MiniKdc can
> not access a member of class sun.security.krb5.Config (module
> java.security.jgss) with modifiers "public static", module java.security.jgss
> does not export sun.security.krb5 to <unnamed module @6d2a209c>
> [junit4] > at
> org.apache.solr.cloud.SaslZkACLProviderTest$SaslZkTestServer.run(SaslZkACLProviderTest.java:211)
> [junit4] > at
> org.apache.solr.cloud.SaslZkACLProviderTest.setUp(SaslZkACLProviderTest.java:81)
> [junit4] > at java.lang.Thread.run([email protected]/Thread.java:746)
> [junit4] > Caused by: java.lang.IllegalAccessException: Class
> org.apache.hadoop.minikdc.MiniKdc can not access a member of class
> sun.security.krb5.Config (module java.security.jgss) with modifiers "public
> static", module java.security.jgss does not export sun.security.krb5 to
> <unnamed module @6d2a209c>
> [junit4] > at
> java.lang.reflect.AccessibleObject.slowCheckMemberAccess([email protected]/AccessibleObject.java:384)
> [junit4] > at
> java.lang.reflect.AccessibleObject.checkAccess([email protected]/AccessibleObject.java:376)
> [junit4] > at
> org.apache.hadoop.minikdc.MiniKdc.initKDCServer(MiniKdc.java:478)
> [junit4] > at
> org.apache.hadoop.minikdc.MiniKdc.start(MiniKdc.java:320)
> [junit4] > at
> org.apache.solr.cloud.SaslZkACLProviderTest$SaslZkTestServer.run(SaslZkACLProviderTest.java:204)
> [junit4] > ... 38 moreThrowable #2:
> java.lang.NullPointerException
> [junit4] > at
> org.apache.solr.cloud.ZkTestServer$ZKServerMain.shutdown(ZkTestServer.java:334)
> [junit4] > at
> org.apache.solr.cloud.ZkTestServer.shutdown(ZkTestServer.java:526)
> [junit4] > at
> org.apache.solr.cloud.SaslZkACLProviderTest$SaslZkTestServer.shutdown(SaslZkACLProviderTest.java:218)
> [junit4] > at
> org.apache.solr.cloud.SaslZkACLProviderTest.tearDown(SaslZkACLProviderTest.java:116)
> [junit4] > at java.lang.Thread.run([email protected]/Thread.java:746)
> {noformat}
> This is really bad, bad, bad! All security related stuff should never ever be
> reflected on!
> So we have to open issue in MiniKdc project so they remove the "hacks".
> Elasticsearch had
> similar problems with Amazon's AWS API. The worked around with a funny hack
> in their SecurityPolicy
> (https://github.com/elastic/elasticsearch/pull/13538). But as Solr does not
> run with SecurityManager
> in production, there is no way to do that.
> We should report issue on the MiniKdc project, so they fix their code and
> remove the really bad reflection on Java's internal classes.
> FYI, my
> [conclusion|http://mail-archives.apache.org/mod_mbox/lucene-dev/201509.mbox/%3C014801d0ee23%245c8f5df0%2415ae19d0%24%40thetaphi.de%3E]
> from yesterday.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
