Uploaded image for project: 'Solr'
  1. Solr
  2. SOLR-9518

Kerberos Delegation Tokens doesn't work without a chrooted ZK

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 6.3, 7.0
    • Component/s: None
    • Security Level: Public (Default Security Level. Issues are Public)
    • Labels:
      None

      Description

      Starting up Solr 6.2.0 (with delegation tokens enabled) that doesn't have a chrooted ZK, I see the following in the startup logs:

      2016-09-15 07:08:22.453 ERROR (main) [   ] o.a.s.s.SolrDispatchFilter Could not start Solr. Check solr/home property and the logs
      2016-09-15 07:08:22.477 ERROR (main) [   ] o.a.s.c.SolrCore null:java.lang.StringIndexOutOfBoundsException: String index out of range: -1
              at java.lang.String.substring(String.java:1927)
              at org.apache.solr.security.KerberosPlugin.init(KerberosPlugin.java:138)
              at org.apache.solr.core.CoreContainer.initializeAuthenticationPlugin(CoreContainer.java:316)
              at org.apache.solr.core.CoreContainer.load(CoreContainer.java:442)
              at org.apache.solr.servlet.SolrDispatchFilter.createCoreContainer(SolrDispatchFilter.java:158)
              at org.apache.solr.servlet.SolrDispatchFilter.init(SolrDispatchFilter.java:134)
              at org.eclipse.jetty.servlet.FilterHolder.initialize(FilterHolder.java:137)
              at org.eclipse.jetty.servlet.ServletHandler.initialize(ServletHandler.java:856)
              at org.eclipse.jetty.servlet.ServletContextHandler.startContext(ServletContextHandler.java:348)
              at org.eclipse.jetty.webapp.WebAppContext.startWebapp(WebAppContext.java:1379)
              at org.eclipse.jetty.webapp.WebAppContext.startContext(WebAppContext.java:1341)
              at org.eclipse.jetty.server.handler.ContextHandler.doStart(ContextHandler.java:772)
              at org.eclipse.jetty.servlet.ServletContextHandler.doStart(ServletContextHandler.java:261)
              at org.eclipse.jetty.webapp.WebAppContext.doStart(WebAppContext.java:517)
              at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)
              at org.eclipse.jetty.deploy.bindings.StandardStarter.processBinding(StandardStarter.java:41)
              at org.eclipse.jetty.deploy.AppLifeCycle.runBindings(AppLifeCycle.java:188)
              at org.eclipse.jetty.deploy.DeploymentManager.requestAppGoal(DeploymentManager.java:499)
              at org.eclipse.jetty.deploy.DeploymentManager.addApp(DeploymentManager.java:147)
              at org.eclipse.jetty.deploy.providers.ScanningAppProvider.fileAdded(ScanningAppProvider.java:180)
      at org.eclipse.jetty.deploy.providers.WebAppProvider.fileAdded(WebAppProvider.java:458)
      at org.eclipse.jetty.deploy.providers.ScanningAppProvider$1.fileAdded(ScanningAppProvider.java:64)
      at org.eclipse.jetty.util.Scanner.reportAddition(Scanner.java:610)
      at org.eclipse.jetty.util.Scanner.reportDifferences(Scanner.java:529)
      

      To me, it seems that adding a check for the presence of a chrooted ZK, and, calculating the relative ZK path only if it exists should suffice. I'll add a patch for this shortly.

        Attachments

        1. SOLR-9518.patch
          4 kB
          Ishan Chattopadhyaya
        2. SOLR-9518.patch
          3 kB
          Ishan Chattopadhyaya
        3. SOLR-9518.patch
          3 kB
          Ishan Chattopadhyaya
        4. SOLR-9518-6x.patch
          4 kB
          Ishan Chattopadhyaya

          Activity

            People

            • Assignee:
              noble.paul Noble Paul
              Reporter:
              ichattopadhyaya Ishan Chattopadhyaya
            • Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: