Disabling SASL

[Michael Morello <mi...@gmail.com>]

Hi all,

While trying to embed Zookeeper client in a Weblogic application server
following exception is raised :

26 nov. 2012 12:17:29,250 WARN  : Session 0x0 for server null, unexpected
error, closing socket connection and attempting reconnect
java.lang.IllegalArgumentException: No Configuration was registered that
can handle the configuration named Client
at
com.bea.common.security.jdkutils.JAASConfiguration.getAppConfigurationEntry(JAASConfiguration.java:124)
 at
org.apache.zookeeper.client.ZooKeeperSaslClient.<init>(ZooKeeperSaslClient.java:97)
at
org.apache.zookeeper.ClientCnxn$SendThread.startConnect(ClientCnxn.java:943)
 at org.apache.zookeeper.ClientCnxn$SendThread.run(ClientCnxn.java:993)
[ .... repeat .....]
26 nov. 2012 12:17:44,469 ERROR : Connection timed out for connection
string (55.37.68.64:2181,55.10.122.25:2181,55.10.122.172:2181) and timeout
(15000) / elapsed (16312)
org.apache.zookeeper.KeeperException$ConnectionLossException:
KeeperErrorCode = ConnectionLoss
at com.netflix.curator.ConnectionState.getZooKeeper(ConnectionState.java:94)
 at
com.netflix.curator.CuratorZookeeperClient.getZooKeeper(CuratorZookeeperClient.java:107)
at
com.netflix.curator.framework.imps.CuratorFrameworkImpl.getZooKeeper(CuratorFrameworkImpl.java:413

In my situation I don't need SASL, is there any way to tell Zookeeper
client to not create a SASL client ?

Thanks,

Regards,
Michael

Re: Disabling SASL

[Michael Morello <mi...@gmail.com>]

Hi Eugene,

Sorry for the long silence, i spend a lot of time testing my Zookeeper
client embedded in a Weblogic server and i noticed a note related to
ZOOKEEPER-1455 at the beginning of the
clientTunneledAuthenticationInProgress() method.
Actually i'm also a little bit annoyed by this method because since it is
called again and again each time a response is received it floods my debug
log with messages like "Could not retrieve login configuration: ... "

So here is a new patch :
https://github.com/barkbay/zookeeper/compare/barkbay:branch-3.4...barkbay:weblogic-sasl-bug(
you can check the final code here :
https://github.com/barkbay/zookeeper/blob/weblogic-sasl-bug/src/java/main/org/apache/zookeeper/client/ZooKeeperSaslClient.java)

It adds a new SaslState.NO_CONFIGURATION state : this new state is defined
immediately when the ZooKeeperSaslClient is initialized and means that sasl
is not authenticated. if saslState == SaslState.NO_CONFIGURATION then
the clientTunneledAuthenticationInProgress()
returns immediately and my logs stay clean :)
There are also 2 new JUnit tests and all existing unit test have passed.

Do you think that it can help ZOOKEEPER-1455 ?

Thank you for you feedback.


2012/12/2 Eugene Koontz <ek...@hiro-tan.org>

> On 11/29/12 11:51 PM, Michael Morello wrote:
> > Hi Eugene,
> >
> > Thank you for the feedback.
> > I'm setting up a clean development environment (even with a clean
> checkout
> > some JUnit tests fail, i must understand why before i could submit a
> > patch), I do more testing on our clusters and then I open a JIRA with a
> > patch.
> >
> > 2012/11/27 Eugene Koontz <ek...@hiro-tan.org>
> >
> >> Hi Michael,
> >> It looks like a good idea to me and your patch looks good too. You
> should
> >> feel free to open a JIRA and attach the contents of your gist as a
> patch.
> >> -Eugene
> >>
> >>
> Hi Michael,
>     Even if some unit tests fail, that's OK :) You should feel free to
> submit the patch anyway. Almost all JIRAs have many iterations of a
> patch before it's ready. Perhaps someone can look at your patch and help
> you fix the test failure because they've seen something similar in their
> own experience.
>
> -Eugene
>

Re: Disabling SASL

[Eugene Koontz <ek...@hiro-tan.org>]

On 11/29/12 11:51 PM, Michael Morello wrote:
> Hi Eugene,
>
> Thank you for the feedback.
> I'm setting up a clean development environment (even with a clean checkout
> some JUnit tests fail, i must understand why before i could submit a
> patch), I do more testing on our clusters and then I open a JIRA with a
> patch.
>
> 2012/11/27 Eugene Koontz <ek...@hiro-tan.org>
>
>> Hi Michael,
>> It looks like a good idea to me and your patch looks good too. You should
>> feel free to open a JIRA and attach the contents of your gist as a patch.
>> -Eugene
>>
>>
Hi Michael,
    Even if some unit tests fail, that's OK :) You should feel free to
submit the patch anyway. Almost all JIRAs have many iterations of a
patch before it's ready. Perhaps someone can look at your patch and help
you fix the test failure because they've seen something similar in their
own experience.

-Eugene

Re: Disabling SASL

[Michael Morello <mi...@gmail.com>]

Hi Eugene,

Thank you for the feedback.
I'm setting up a clean development environment (even with a clean checkout
some JUnit tests fail, i must understand why before i could submit a
patch), I do more testing on our clusters and then I open a JIRA with a
patch.

2012/11/27 Eugene Koontz <ek...@hiro-tan.org>

> Hi Michael,
> It looks like a good idea to me and your patch looks good too. You should
> feel free to open a JIRA and attach the contents of your gist as a patch.
> -Eugene
>
>

Re: Disabling SASL

[Eugene Koontz <ek...@hiro-tan.org>]

Hi Michael,
It looks like a good idea to me and your patch looks good too. You 
should feel free to open a JIRA and attach the contents of your gist as 
a patch.
-Eugene

Re: Disabling SASL

[Michael Morello <mi...@gmail.com>]

OK, I have found where my problem come from :

Configuration.getAppConfigurationEntry used in ZookeeperSASLClient (lines
97 and 490) throws unchecked exception (see
http://docs.oracle.com/javase/6/docs/api/javax/security/auth/login/Configuration.html#getAppConfigurationEntry(java.lang.String)
)
ZookeeperSASLClient tries to catch SecurityException only, but if the
implementation of getAppConfigurationEntry throws any other kind of
unchecked exception then it fails and the client never connect.
This is what happens in my case : Weblogic BEA engineers chose
java.lang.IllegalArgumentException

Since no assumption can be made on the type of exception thrown by
getAppConfigurationEntry any RuntimeException should be catch : this is
what i tried and it works : https://gist.github.com/4153107

Please devs i would like to have your opinion on it.
Do you mind if open a JIRA with this patch ?

Thank you

(following up to  ZooKeeper developer mailing list)

2012/11/26 Michael Morello <mi...@gmail.com>

> Hi all,
>
> While trying to embed Zookeeper client in a Weblogic application server
> following exception is raised :
>
> 26 nov. 2012 12:17:29,250 WARN  : Session 0x0 for server null, unexpected
> error, closing socket connection and attempting reconnect
> java.lang.IllegalArgumentException: No Configuration was registered that
> can handle the configuration named Client
> at
> com.bea.common.security.jdkutils.JAASConfiguration.getAppConfigurationEntry(JAASConfiguration.java:124)
>  at
> org.apache.zookeeper.client.ZooKeeperSaslClient.<init>(ZooKeeperSaslClient.java:97)
> at
> org.apache.zookeeper.ClientCnxn$SendThread.startConnect(ClientCnxn.java:943)
>  at org.apache.zookeeper.ClientCnxn$SendThread.run(ClientCnxn.java:993)
> [ .... repeat .....]
> 26 nov. 2012 12:17:44,469 ERROR : Connection timed out for connection
> string (55.37.68.64:2181,55.10.122.25:2181,55.10.122.172:2181) and
> timeout (15000) / elapsed (16312)
> org.apache.zookeeper.KeeperException$ConnectionLossException:
> KeeperErrorCode = ConnectionLoss
> at
> com.netflix.curator.ConnectionState.getZooKeeper(ConnectionState.java:94)
>  at
> com.netflix.curator.CuratorZookeeperClient.getZooKeeper(CuratorZookeeperClient.java:107)
> at
> com.netflix.curator.framework.imps.CuratorFrameworkImpl.getZooKeeper(CuratorFrameworkImpl.java:413
>
>

Re: Disabling SASL

[Michael Morello <mi...@gmail.com>]

OK, I have found where my problem come from :

Configuration.getAppConfigurationEntry used in ZookeeperSASLClient (lines
97 and 490) throws unchecked exception (see
http://docs.oracle.com/javase/6/docs/api/javax/security/auth/login/Configuration.html#getAppConfigurationEntry(java.lang.String)
)
ZookeeperSASLClient tries to catch SecurityException only, but if the
implementation of getAppConfigurationEntry throws any other kind of
unchecked exception then it fails and the client never connect.
This is what happens in my case : Weblogic BEA engineers chose
java.lang.IllegalArgumentException

Since no assumption can be made on the type of exception thrown by
getAppConfigurationEntry any RuntimeException should be catch : this is
what i tried and it works : https://gist.github.com/4153107

Please devs i would like to have your opinion on it.
Do you mind if open a JIRA with this patch ?

Thank you

(following up to  ZooKeeper developer mailing list)

2012/11/26 Michael Morello <mi...@gmail.com>

> Hi all,
>
> While trying to embed Zookeeper client in a Weblogic application server
> following exception is raised :
>
> 26 nov. 2012 12:17:29,250 WARN  : Session 0x0 for server null, unexpected
> error, closing socket connection and attempting reconnect
> java.lang.IllegalArgumentException: No Configuration was registered that
> can handle the configuration named Client
> at
> com.bea.common.security.jdkutils.JAASConfiguration.getAppConfigurationEntry(JAASConfiguration.java:124)
>  at
> org.apache.zookeeper.client.ZooKeeperSaslClient.<init>(ZooKeeperSaslClient.java:97)
> at
> org.apache.zookeeper.ClientCnxn$SendThread.startConnect(ClientCnxn.java:943)
>  at org.apache.zookeeper.ClientCnxn$SendThread.run(ClientCnxn.java:993)
> [ .... repeat .....]
> 26 nov. 2012 12:17:44,469 ERROR : Connection timed out for connection
> string (55.37.68.64:2181,55.10.122.25:2181,55.10.122.172:2181) and
> timeout (15000) / elapsed (16312)
> org.apache.zookeeper.KeeperException$ConnectionLossException:
> KeeperErrorCode = ConnectionLoss
> at
> com.netflix.curator.ConnectionState.getZooKeeper(ConnectionState.java:94)
>  at
> com.netflix.curator.CuratorZookeeperClient.getZooKeeper(CuratorZookeeperClient.java:107)
> at
> com.netflix.curator.framework.imps.CuratorFrameworkImpl.getZooKeeper(CuratorFrameworkImpl.java:413
>
>