You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@zookeeper.apache.org by "Hadoop QA (JIRA)" <ji...@apache.org> on 2014/08/02 04:35:38 UTC
[jira] [Commented] (ZOOKEEPER-1881) Shutdown server immediately
upon PrivilegedActionException
[ https://issues.apache.org/jira/browse/ZOOKEEPER-1881?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14083299#comment-14083299 ]
Hadoop QA commented on ZOOKEEPER-1881:
--------------------------------------
-1 overall. Here are the results of testing the latest attachment
http://issues.apache.org/jira/secure/attachment/12628899/zookeeper-1881.patch
against trunk revision 1615240.
+1 @author. The patch does not contain any @author tags.
+1 tests included. The patch appears to include 3 new or modified tests.
+1 javadoc. The javadoc tool did not generate any warning messages.
+1 javac. The applied patch does not increase the total number of javac compiler warnings.
+1 findbugs. The patch does not introduce any new Findbugs (version 2.0.3) warnings.
+1 release audit. The applied patch does not increase the total number of release audit warnings.
-1 core tests. The patch failed core unit tests.
+1 contrib tests. The patch passed contrib unit tests.
Test results: https://builds.apache.org/job/PreCommit-ZOOKEEPER-Build/2259//testReport/
Findbugs warnings: https://builds.apache.org/job/PreCommit-ZOOKEEPER-Build/2259//artifact/trunk/build/test/findbugs/newPatchFindbugsWarnings.html
Console output: https://builds.apache.org/job/PreCommit-ZOOKEEPER-Build/2259//console
This message is automatically generated.
> Shutdown server immediately upon PrivilegedActionException
> ----------------------------------------------------------
>
> Key: ZOOKEEPER-1881
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-1881
> Project: ZooKeeper
> Issue Type: Improvement
> Components: server
> Affects Versions: 3.4.5
> Reporter: Ding Yuan
> Assignee: Ding Yuan
> Fix For: 3.5.1
>
> Attachments: zookeeper-1881.patch
>
>
> It seems when an SaslServer cannot be created due to a PriviledgedActionException, it is better to shutdown the server immediately instead of letting it to propagate. The current behaviour will just set ServerCncx.zooKeeperSaslServer to null, and later every time when an SASL request comes in it will be rejected. If we already detect the loophole early, we should just reject it early.
> {noformat}
> private SaslServer createSaslServer(final Login login) {
> catch (PrivilegedActionException e) {
> // TODO: exit server at this point(?)
> LOG.error("Zookeeper Quorum member experienced a PrivilegedActionException exception while creating a SaslServer using a JAAS principal context:" + e);
> e.printStackTrace();
> }
> {noformat}
> For what it is worth, attaching an attempt to patch it. The idea of the patch is to propagate this PrivilegedActionException to ServerCnxnFactory and shut down all the connections and server. Not sure if this is the right way to solve it. Any comments are appreciated!
> Also in the patch are two additional logging on two unlogged exceptions.
--
This message was sent by Atlassian JIRA
(v6.2#6252)