Uploaded image for project: 'Solr'
  1. Solr
  2. SOLR-8052

Tests using MiniKDC do not work with Java 9 Jigsaw

    XMLWordPrintableJSON

    Details

      Description

      As described in my status update yesterday, there are some problems in dependencies shipped with Solr that don't work with Java 9 Jigsaw builds.

      org.apache.solr.cloud.SaslZkACLProviderTest.testSaslZkACLProvider

         [junit4]    > Throwable #1: java.lang.RuntimeException: java.lang.IllegalAccessException: Class org.apache.hadoop.minikdc.MiniKdc can not access a member of class sun.security.krb5.Config (module java.security.jgss) with modifiers "public static", module java.security.jgss does not export sun.security.krb5 to <unnamed module @6d2a209c>
         [junit4]    >        at org.apache.solr.cloud.SaslZkACLProviderTest$SaslZkTestServer.run(SaslZkACLProviderTest.java:211)
         [junit4]    >        at org.apache.solr.cloud.SaslZkACLProviderTest.setUp(SaslZkACLProviderTest.java:81)
         [junit4]    >        at java.lang.Thread.run(java.base@9.0/Thread.java:746)
         [junit4]    > Caused by: java.lang.IllegalAccessException: Class org.apache.hadoop.minikdc.MiniKdc can not access a member of class sun.security.krb5.Config (module java.security.jgss) with modifiers "public static", module java.security.jgss does not export sun.security.krb5 to <unnamed module @6d2a209c>
         [junit4]    >        at java.lang.reflect.AccessibleObject.slowCheckMemberAccess(java.base@9.0/AccessibleObject.java:384)
         [junit4]    >        at java.lang.reflect.AccessibleObject.checkAccess(java.base@9.0/AccessibleObject.java:376)
         [junit4]    >        at org.apache.hadoop.minikdc.MiniKdc.initKDCServer(MiniKdc.java:478)
         [junit4]    >        at org.apache.hadoop.minikdc.MiniKdc.start(MiniKdc.java:320)
         [junit4]    >        at org.apache.solr.cloud.SaslZkACLProviderTest$SaslZkTestServer.run(SaslZkACLProviderTest.java:204)
         [junit4]    >        ... 38 moreThrowable #2: java.lang.NullPointerException
         [junit4]    >        at org.apache.solr.cloud.ZkTestServer$ZKServerMain.shutdown(ZkTestServer.java:334)
         [junit4]    >        at org.apache.solr.cloud.ZkTestServer.shutdown(ZkTestServer.java:526)
         [junit4]    >        at org.apache.solr.cloud.SaslZkACLProviderTest$SaslZkTestServer.shutdown(SaslZkACLProviderTest.java:218)
         [junit4]    >        at org.apache.solr.cloud.SaslZkACLProviderTest.tearDown(SaslZkACLProviderTest.java:116)
         [junit4]    >        at java.lang.Thread.run(java.base@9.0/Thread.java:746)
      

      This is really bad, bad, bad! All security related stuff should never ever be reflected on!
      So we have to open issue in MiniKdc project so they remove the "hacks". Elasticsearch had
      similar problems with Amazon's AWS API. The worked around with a funny hack in their SecurityPolicy
      (https://github.com/elastic/elasticsearch/pull/13538). But as Solr does not run with SecurityManager
      in production, there is no way to do that.

      We should report issue on the MiniKdc project, so they fix their code and remove the really bad reflection on Java's internal classes.

      FYI, my conclusion from yesterday.

        Attachments

        1. SOLR-8052.patch
          25 kB
          Chris M. Hostetter
        2. SOLR-8052.patch
          32 kB
          Chris M. Hostetter

          Issue Links

            Activity

              People

              • Assignee:
                krisden Kevin Risden
                Reporter:
                uschindler Uwe Schindler
              • Votes:
                0 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: