Details

    • Type: Bug Bug
    • Status: Resolved
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 3.4.0, 3.4.3
    • Fix Version/s: 3.4.4, 3.5.0
    • Component/s: server
    • Labels:
      None
    • Hadoop Flags:
      Reviewed

      Description

      See HADOOP-7211 - Recent kerberos integration resulted in the same issue in ZK.

          [javac] /home/phunt/dev/zookeeper/src/java/main/org/apache/zookeeper/server/auth/KerberosName.java:88: warning: sun.security.krb5.KrbException is Sun proprietary API and may be removed in a future release
          [javac]     } catch (KrbException ke) {
      
      1. zookeeper-1236.patch
        4 kB
        Adalberto Medeiros
      2. zookeeper-1236-v2.patch
        3 kB
        Adalberto Medeiros

        Issue Links

          Activity

          Hide
          Patrick Hunt added a comment -

          Eugene - could you take a look at resolving this?

          Show
          Patrick Hunt added a comment - Eugene - could you take a look at resolving this?
          Show
          Eugene Koontz added a comment - This issue was discussed in course of ZOOKEEPER-938 also, beginning here: https://issues.apache.org/jira/browse/ZOOKEEPER-938?focusedCommentId=13080545&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-13080545
          Hide
          Eugene Koontz added a comment -

          Unfortunately I couldn't find support for obtaining the default Kerberos realm in
          java.security or javax.security.

          (In fact, it seems that javax.security uses sun.security internally, for example: http://www.java2s.com/Open-Source/Java-Document/6.0-JDK-Core/security/javax/security/auth/kerberos/KerberosPrincipal.java.htm.
          (see "import sun.security.krb5.Asn1Exception;" in the source code)).

          So I don't see any way around using the sun.* classes.

          https://issues.apache.org/jira/browse/ZOOKEEPER-938?focusedCommentId=13081866&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-13081866

          Show
          Eugene Koontz added a comment - Unfortunately I couldn't find support for obtaining the default Kerberos realm in java.security or javax.security. (In fact, it seems that javax.security uses sun.security internally, for example: http://www.java2s.com/Open-Source/Java-Document/6.0-JDK-Core/security/javax/security/auth/kerberos/KerberosPrincipal.java.htm . (see "import sun.security.krb5.Asn1Exception;" in the source code)). So I don't see any way around using the sun.* classes. https://issues.apache.org/jira/browse/ZOOKEEPER-938?focusedCommentId=13081866&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-13081866
          Hide
          Andrew Purtell added a comment -

          Hadoop core also throws the same warnings, from src/core/org/apache/hadoop/security/KerberosName.java, src/core/org/apache/hadoop/security/SecurityUtil.java, org/apache/hadoop/security/authentication/client/KerberosAuthenticator.java, and other places. You need a JRE fix or to avoid Kerberos entirely I think Patrick.

          Show
          Andrew Purtell added a comment - Hadoop core also throws the same warnings, from src/core/org/apache/hadoop/security/KerberosName.java, src/core/org/apache/hadoop/security/SecurityUtil.java, org/apache/hadoop/security/authentication/client/KerberosAuthenticator.java, and other places. You need a JRE fix or to avoid Kerberos entirely I think Patrick.
          Hide
          Patrick Hunt added a comment -

          That's unfortunate. What about HADOOP-6941 ? That seemed to be on the road to resolving this for Hadoop. No?

          Show
          Patrick Hunt added a comment - That's unfortunate. What about HADOOP-6941 ? That seemed to be on the road to resolving this for Hadoop. No?
          Hide
          Patrick Hunt added a comment -

          Or does HADOOP-6941 only allow you to plug in other implementations? but not get rid of the warnings?

          Could we separate this code out into a separately releasable artifact? Something that could be reused by the many projects that are now integrating with kerberos? Then only one build would have the warnings.

          Show
          Patrick Hunt added a comment - Or does HADOOP-6941 only allow you to plug in other implementations? but not get rid of the warnings? Could we separate this code out into a separately releasable artifact? Something that could be reused by the many projects that are now integrating with kerberos? Then only one build would have the warnings.
          Hide
          Eugene Koontz added a comment -

          Thanks to Patrick Hunt for the mention of HADOOP-6941.

          Show
          Eugene Koontz added a comment - Thanks to Patrick Hunt for the mention of HADOOP-6941 .
          Hide
          Adalberto Medeiros added a comment -

          Looking at HADOOP-6941 patch, they created a KerberosUtil.java class that uses reflect and chooses between IBM or Sun jvm. KerberosName.java in ZK is similar to the one in Hadoop.
          Since there were no more comments lately, I'm adding a patch to fix this issue based on hadoop common, built under zk branch-3.4 . Please, take a look.

          Show
          Adalberto Medeiros added a comment - Looking at HADOOP-6941 patch, they created a KerberosUtil.java class that uses reflect and chooses between IBM or Sun jvm. KerberosName.java in ZK is similar to the one in Hadoop. Since there were no more comments lately, I'm adding a patch to fix this issue based on hadoop common, built under zk branch-3.4 . Please, take a look.
          Hide
          Adalberto Medeiros added a comment -

          My bad, I used the Submit Patch button, instead of the Attach Files. Attaching the patch now.

          Show
          Adalberto Medeiros added a comment - My bad, I used the Submit Patch button, instead of the Attach Files. Attaching the patch now.
          Hide
          Hadoop QA added a comment -

          -1 overall. Here are the results of testing the latest attachment
          http://issues.apache.org/jira/secure/attachment/12531825/zookeeper-1236.patch
          against trunk revision 1337029.

          +1 @author. The patch does not contain any @author tags.

          -1 tests included. The patch doesn't appear to include any new or modified tests.
          Please justify why no new tests are needed for this patch.
          Also please list what manual steps were performed to verify this patch.

          -1 patch. The patch command could not apply the patch.

          Console output: https://builds.apache.org/job/PreCommit-ZOOKEEPER-Build/1093//console

          This message is automatically generated.

          Show
          Hadoop QA added a comment - -1 overall. Here are the results of testing the latest attachment http://issues.apache.org/jira/secure/attachment/12531825/zookeeper-1236.patch against trunk revision 1337029. +1 @author. The patch does not contain any @author tags. -1 tests included. The patch doesn't appear to include any new or modified tests. Please justify why no new tests are needed for this patch. Also please list what manual steps were performed to verify this patch. -1 patch. The patch command could not apply the patch. Console output: https://builds.apache.org/job/PreCommit-ZOOKEEPER-Build/1093//console This message is automatically generated.
          Hide
          Eugene Koontz added a comment -

          Hi Adalberto,

          Please add

          [diff]
              noprefix = true
          

          to your $HOME/.gitconfig and re-create your patch so that the Hadoop QA process can use it.

          (I encountered the same problem back when I first started submitting JIRA patches)

          Show
          Eugene Koontz added a comment - Hi Adalberto, Please add [diff] noprefix = true to your $HOME/.gitconfig and re-create your patch so that the Hadoop QA process can use it. (I encountered the same problem back when I first started submitting JIRA patches)
          Hide
          Adalberto Medeiros added a comment -

          Fixed git prefix

          Show
          Adalberto Medeiros added a comment - Fixed git prefix
          Hide
          Hadoop QA added a comment -

          -1 overall. Here are the results of testing the latest attachment
          http://issues.apache.org/jira/secure/attachment/12531980/zookeeper-1236-v2.patch
          against trunk revision 1337029.

          +1 @author. The patch does not contain any @author tags.

          -1 tests included. The patch doesn't appear to include any new or modified tests.
          Please justify why no new tests are needed for this patch.
          Also please list what manual steps were performed to verify this patch.

          +1 javadoc. The javadoc tool did not generate any warning messages.

          +1 javac. The applied patch does not increase the total number of javac compiler warnings.

          +1 findbugs. The patch does not introduce any new Findbugs (version 1.3.9) warnings.

          +1 release audit. The applied patch does not increase the total number of release audit warnings.

          +1 core tests. The patch passed core unit tests.

          +1 contrib tests. The patch passed contrib unit tests.

          Test results: https://builds.apache.org/job/PreCommit-ZOOKEEPER-Build/1095//testReport/
          Findbugs warnings: https://builds.apache.org/job/PreCommit-ZOOKEEPER-Build/1095//artifact/trunk/build/test/findbugs/newPatchFindbugsWarnings.html
          Console output: https://builds.apache.org/job/PreCommit-ZOOKEEPER-Build/1095//console

          This message is automatically generated.

          Show
          Hadoop QA added a comment - -1 overall. Here are the results of testing the latest attachment http://issues.apache.org/jira/secure/attachment/12531980/zookeeper-1236-v2.patch against trunk revision 1337029. +1 @author. The patch does not contain any @author tags. -1 tests included. The patch doesn't appear to include any new or modified tests. Please justify why no new tests are needed for this patch. Also please list what manual steps were performed to verify this patch. +1 javadoc. The javadoc tool did not generate any warning messages. +1 javac. The applied patch does not increase the total number of javac compiler warnings. +1 findbugs. The patch does not introduce any new Findbugs (version 1.3.9) warnings. +1 release audit. The applied patch does not increase the total number of release audit warnings. +1 core tests. The patch passed core unit tests. +1 contrib tests. The patch passed contrib unit tests. Test results: https://builds.apache.org/job/PreCommit-ZOOKEEPER-Build/1095//testReport/ Findbugs warnings: https://builds.apache.org/job/PreCommit-ZOOKEEPER-Build/1095//artifact/trunk/build/test/findbugs/newPatchFindbugsWarnings.html Console output: https://builds.apache.org/job/PreCommit-ZOOKEEPER-Build/1095//console This message is automatically generated.
          Hide
          Adalberto Medeiros added a comment -

          -1 tests included. The patch doesn't appear to include any new or modified tests.
          Please justify why no new tests are needed for this patch.
          Also please list what manual steps were performed to verify this patch.

          This was tested for both ibm jvm and sun jvm. I think the unit tests already created for testing the KerberosName.java are enough here. Is there anything else needed?

          Show
          Adalberto Medeiros added a comment - -1 tests included. The patch doesn't appear to include any new or modified tests. Please justify why no new tests are needed for this patch. Also please list what manual steps were performed to verify this patch. This was tested for both ibm jvm and sun jvm. I think the unit tests already created for testing the KerberosName.java are enough here. Is there anything else needed?
          Hide
          Patrick Hunt added a comment -

          Thanks Adalberto!

          Show
          Patrick Hunt added a comment - Thanks Adalberto!
          Hide
          Hudson added a comment -

          Integrated in ZooKeeper-trunk #1600 (See https://builds.apache.org/job/ZooKeeper-trunk/1600/)
          ZOOKEEPER-1236. Security uses proprietary Sun APIs (Adalberto Medeiros via phunt) (Revision 1355651)

          Result = SUCCESS
          phunt : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1355651
          Files :

          • /zookeeper/trunk/CHANGES.txt
          • /zookeeper/trunk/src/java/main/org/apache/zookeeper/server/auth/KerberosName.java
          • /zookeeper/trunk/src/java/main/org/apache/zookeeper/server/util/KerberosUtil.java
          Show
          Hudson added a comment - Integrated in ZooKeeper-trunk #1600 (See https://builds.apache.org/job/ZooKeeper-trunk/1600/ ) ZOOKEEPER-1236 . Security uses proprietary Sun APIs (Adalberto Medeiros via phunt) (Revision 1355651) Result = SUCCESS phunt : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1355651 Files : /zookeeper/trunk/CHANGES.txt /zookeeper/trunk/src/java/main/org/apache/zookeeper/server/auth/KerberosName.java /zookeeper/trunk/src/java/main/org/apache/zookeeper/server/util/KerberosUtil.java

            People

            • Assignee:
              Adalberto Medeiros
              Reporter:
              Patrick Hunt
            • Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development