Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Fixed
-
5.3
Description
As described in my status update yesterday, there are some problems in dependencies shipped with Solr that don't work with Java 9 Jigsaw builds.
org.apache.solr.cloud.SaslZkACLProviderTest.testSaslZkACLProvider
[junit4] > Throwable #1: java.lang.RuntimeException: java.lang.IllegalAccessException: Class org.apache.hadoop.minikdc.MiniKdc can not access a member of class sun.security.krb5.Config (module java.security.jgss) with modifiers "public static", module java.security.jgss does not export sun.security.krb5 to <unnamed module @6d2a209c> [junit4] > at org.apache.solr.cloud.SaslZkACLProviderTest$SaslZkTestServer.run(SaslZkACLProviderTest.java:211) [junit4] > at org.apache.solr.cloud.SaslZkACLProviderTest.setUp(SaslZkACLProviderTest.java:81) [junit4] > at java.lang.Thread.run(java.base@9.0/Thread.java:746) [junit4] > Caused by: java.lang.IllegalAccessException: Class org.apache.hadoop.minikdc.MiniKdc can not access a member of class sun.security.krb5.Config (module java.security.jgss) with modifiers "public static", module java.security.jgss does not export sun.security.krb5 to <unnamed module @6d2a209c> [junit4] > at java.lang.reflect.AccessibleObject.slowCheckMemberAccess(java.base@9.0/AccessibleObject.java:384) [junit4] > at java.lang.reflect.AccessibleObject.checkAccess(java.base@9.0/AccessibleObject.java:376) [junit4] > at org.apache.hadoop.minikdc.MiniKdc.initKDCServer(MiniKdc.java:478) [junit4] > at org.apache.hadoop.minikdc.MiniKdc.start(MiniKdc.java:320) [junit4] > at org.apache.solr.cloud.SaslZkACLProviderTest$SaslZkTestServer.run(SaslZkACLProviderTest.java:204) [junit4] > ... 38 moreThrowable #2: java.lang.NullPointerException [junit4] > at org.apache.solr.cloud.ZkTestServer$ZKServerMain.shutdown(ZkTestServer.java:334) [junit4] > at org.apache.solr.cloud.ZkTestServer.shutdown(ZkTestServer.java:526) [junit4] > at org.apache.solr.cloud.SaslZkACLProviderTest$SaslZkTestServer.shutdown(SaslZkACLProviderTest.java:218) [junit4] > at org.apache.solr.cloud.SaslZkACLProviderTest.tearDown(SaslZkACLProviderTest.java:116) [junit4] > at java.lang.Thread.run(java.base@9.0/Thread.java:746)
This is really bad, bad, bad! All security related stuff should never ever be reflected on!
So we have to open issue in MiniKdc project so they remove the "hacks". Elasticsearch had
similar problems with Amazon's AWS API. The worked around with a funny hack in their SecurityPolicy
(https://github.com/elastic/elasticsearch/pull/13538). But as Solr does not run with SecurityManager
in production, there is no way to do that.
We should report issue on the MiniKdc project, so they fix their code and remove the really bad reflection on Java's internal classes.
FYI, my conclusion from yesterday.
Attachments
Attachments
Issue Links
- blocks
-
SOLR-8182 TestSolrCloudWithKerberosAlt fails consistently on JDK9
- Closed
- is blocked by
-
SOLR-10210 Solr features based on Hadoop that do not work on Java9
- Closed
-
DIRKRB-613 Tests fails on systems with includedir in /etc/krb5.conf
- Closed
- Is contained by
-
SOLR-9515 Update to Hadoop 3
- Closed
- is related to
-
SOLR-8874 Add fixes and workaround for Java 9 Jigsaw (Module System) to Solr tests
- Closed
- relates to
-
SOLR-9889 Add multi-node Solrcloud unit tests for kerberos auth
- Resolved
-
SOLR-10199 Solr's Kerberos functionality does not work in Java9 due to dependency on hadoop's AuthenticationFilter which attempt access to JVM protected classes
- Closed