Uploaded image for project: 'Solr'
  1. Solr
  2. SOLR-8052

Tests using MiniKDC do not work with Java 9 Jigsaw

    XMLWordPrintableJSON

Details

    Description

      As described in my status update yesterday, there are some problems in dependencies shipped with Solr that don't work with Java 9 Jigsaw builds.

      org.apache.solr.cloud.SaslZkACLProviderTest.testSaslZkACLProvider

         [junit4]    > Throwable #1: java.lang.RuntimeException: java.lang.IllegalAccessException: Class org.apache.hadoop.minikdc.MiniKdc can not access a member of class sun.security.krb5.Config (module java.security.jgss) with modifiers "public static", module java.security.jgss does not export sun.security.krb5 to <unnamed module @6d2a209c>
   [junit4]    >        at org.apache.solr.cloud.SaslZkACLProviderTest$SaslZkTestServer.run(SaslZkACLProviderTest.java:211)
   [junit4]    >        at org.apache.solr.cloud.SaslZkACLProviderTest.setUp(SaslZkACLProviderTest.java:81)
   [junit4]    >        at java.lang.Thread.run(java.base@9.0/Thread.java:746)
   [junit4]    > Caused by: java.lang.IllegalAccessException: Class org.apache.hadoop.minikdc.MiniKdc can not access a member of class sun.security.krb5.Config (module java.security.jgss) with modifiers "public static", module java.security.jgss does not export sun.security.krb5 to <unnamed module @6d2a209c>
   [junit4]    >        at java.lang.reflect.AccessibleObject.slowCheckMemberAccess(java.base@9.0/AccessibleObject.java:384)
   [junit4]    >        at java.lang.reflect.AccessibleObject.checkAccess(java.base@9.0/AccessibleObject.java:376)
   [junit4]    >        at org.apache.hadoop.minikdc.MiniKdc.initKDCServer(MiniKdc.java:478)
   [junit4]    >        at org.apache.hadoop.minikdc.MiniKdc.start(MiniKdc.java:320)
   [junit4]    >        at org.apache.solr.cloud.SaslZkACLProviderTest$SaslZkTestServer.run(SaslZkACLProviderTest.java:204)
   [junit4]    >        ... 38 moreThrowable #2: java.lang.NullPointerException
   [junit4]    >        at org.apache.solr.cloud.ZkTestServer$ZKServerMain.shutdown(ZkTestServer.java:334)
   [junit4]    >        at org.apache.solr.cloud.ZkTestServer.shutdown(ZkTestServer.java:526)
   [junit4]    >        at org.apache.solr.cloud.SaslZkACLProviderTest$SaslZkTestServer.shutdown(SaslZkACLProviderTest.java:218)
   [junit4]    >        at org.apache.solr.cloud.SaslZkACLProviderTest.tearDown(SaslZkACLProviderTest.java:116)
   [junit4]    >        at java.lang.Thread.run(java.base@9.0/Thread.java:746)

      This is really bad, bad, bad! All security related stuff should never ever be reflected on!
      So we have to open issue in MiniKdc project so they remove the "hacks". Elasticsearch had
      similar problems with Amazon's AWS API. The worked around with a funny hack in their SecurityPolicy
      (https://github.com/elastic/elasticsearch/pull/13538). But as Solr does not run with SecurityManager
      in production, there is no way to do that.

      We should report issue on the MiniKdc project, so they fix their code and remove the really bad reflection on Java's internal classes.

      FYI, my conclusion from yesterday.

      Attachments

        1. SOLR-8052.patch
          32 kB
          Chris M. Hostetter
        2. SOLR-8052.patch
          25 kB
          Chris M. Hostetter

        Issue Links

          blocks

          Test - A new unit, integration or system test. SOLR-8182 TestSolrCloudWithKerberosAlt fails consistently on JDK9

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Closed
          is blocked by

          Bug - A problem which impairs or prevents the functions of the product. SOLR-10210 Solr features based on Hadoop that do not work on Java9

          • Major - Major loss of function.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. DIRKRB-613 Tests fails on systems with includedir in /etc/krb5.conf

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Closed
          Is contained by

          Improvement - An improvement or enhancement to an existing feature or task. SOLR-9515 Update to Hadoop 3

          • Blocker - Blocks development and/or testing work, production could not run
          • Closed
          is related to

          Test - A new unit, integration or system test. SOLR-8874 Add fixes and workaround for Java 9 Jigsaw (Module System) to Solr tests

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed
          relates to

          Sub-task - The sub-task of the issue SOLR-9889 Add multi-node Solrcloud unit tests for kerberos auth

          • Major - Major loss of function.
          • Open

          Bug - A problem which impairs or prevents the functions of the product. SOLR-10199 Solr's Kerberos functionality does not work in Java9 due to dependency on hadoop's AuthenticationFilter which attempt access to JVM protected classes

          • Major - Major loss of function.
          • Closed

          Activity

            People

              krisden Kevin Risden
              uschindler Uwe Schindler
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: