You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@zookeeper.apache.org by nk...@apache.org on 2020/02/05 08:54:26 UTC

[zookeeper] branch branch-3.5 updated: ZOOKEEPER-3715: fix Kerberos test failures for new JDK versions

This is an automated email from the ASF dual-hosted git repository.

nkalmar pushed a commit to branch branch-3.5
in repository https://gitbox.apache.org/repos/asf/zookeeper.git


The following commit(s) were added to refs/heads/branch-3.5 by this push:
     new 8094756  ZOOKEEPER-3715: fix Kerberos test failures for new JDK versions
8094756 is described below

commit 80947563c892e084569a05f4f1c2637c08379172
Author: Mate Szalay-Beko <sz...@gmail.com>
AuthorDate: Wed Feb 5 09:54:19 2020 +0100

    ZOOKEEPER-3715: fix Kerberos test failures for new JDK versions
    
    Using OpenJDK 8u.242 or OpenJDK 11.0.6, we have some kerberos exceptions
    when running the following, Kerberos Authentication related tests:
    - QuorumKerberosAuthTest
    - QuorumKerberosHostBasedAuthTest
    - SaslKerberosAuthOverSSLTest
    
    After trying this with different JDK versions, we see that the problem
    seems to appear:
    - between OpenJDK 8u.232 and 8u.242 for java 8
    - and between 11.0.3 and 11.0.6 for java 11
    
    There are a lot of kerberos related changes after 8u.232:
    see https://hg.openjdk.java.net/jdk8u/jdk8u/jdk
    
    I didn't really found the root cause of the issue, but the problem disappeared
    after upgrading the Apache Kerby. Kerby is used only by the tests to start a local
    embedded KDC server. I also checked the dependencies of the new Kerby version
    and there is nothing to exclude there as far as I saw.
    
    I also improved the logging of errors during Kerberos authentication problems by
    printing out some more exceptions.
    
    Author: Mate Szalay-Beko <sz...@gmail.com>
    
    Reviewers: Enrico Olivelli <eo...@apache.org>, Norbert Kalmar <nk...@apache.org>
    
    Closes #1248 from symat/ZOOKEEPER-3715-branch-3.5
---
 build.xml                                                               | 2 +-
 pom.xml                                                                 | 2 +-
 .../src/main/java/org/apache/zookeeper/client/ZooKeeperSaslClient.java  | 2 +-
 .../org/apache/zookeeper/server/quorum/auth/SaslQuorumAuthLearner.java  | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/build.xml b/build.xml
index 4b44309..f6bb9bb 100644
--- a/build.xml
+++ b/build.xml
@@ -59,7 +59,7 @@ xmlns:cs="antlib:com.puppycrawl.tools.checkstyle.ant">
     <property name="dependency-check-ant.version" value="5.2.4"/>
 
     <property name="commons-io.version" value="2.6"/>
-    <property name="kerby.version" value="1.1.0"/>
+    <property name="kerby.version" value="2.0.0"/>
 
     <property name="clover.version" value="4.2.1" />
 
diff --git a/pom.xml b/pom.xml
index 103f3bb..6e28cbc 100755
--- a/pom.xml
+++ b/pom.xml
@@ -283,7 +283,7 @@
     <json.version>1.1.1</json.version>
     <jline.version>2.11</jline.version>
     <snappy.version>1.1.7</snappy.version>
-    <kerby.version>1.1.0</kerby.version>
+    <kerby.version>2.0.0</kerby.version>
     <bouncycastle.version>1.60</bouncycastle.version>
     <commons-collections.version>3.2.2</commons-collections.version>
     <spotbugsannotations.version>3.1.9</spotbugsannotations.version>
diff --git a/zookeeper-server/src/main/java/org/apache/zookeeper/client/ZooKeeperSaslClient.java b/zookeeper-server/src/main/java/org/apache/zookeeper/client/ZooKeeperSaslClient.java
index 34f6656..0f5f307 100644
--- a/zookeeper-server/src/main/java/org/apache/zookeeper/client/ZooKeeperSaslClient.java
+++ b/zookeeper-server/src/main/java/org/apache/zookeeper/client/ZooKeeperSaslClient.java
@@ -340,7 +340,7 @@ public class ZooKeeperSaslClient {
                     error += " Zookeeper Client will go to AUTH_FAILED state.";
                     LOG.error(error);
                     saslState = SaslState.FAILED;
-                    throw new SaslException(error);
+                    throw new SaslException(error, e);
                 }
             }
         }
diff --git a/zookeeper-server/src/main/java/org/apache/zookeeper/server/quorum/auth/SaslQuorumAuthLearner.java b/zookeeper-server/src/main/java/org/apache/zookeeper/server/quorum/auth/SaslQuorumAuthLearner.java
index 31f4f55..568601d 100644
--- a/zookeeper-server/src/main/java/org/apache/zookeeper/server/quorum/auth/SaslQuorumAuthLearner.java
+++ b/zookeeper-server/src/main/java/org/apache/zookeeper/server/quorum/auth/SaslQuorumAuthLearner.java
@@ -211,7 +211,7 @@ public class SaslQuorumAuthLearner implements QuorumAuthLearner {
                                 + " '-Dsun.net.spi.nameservice.provider.1=dns,sun' to your server's JVMFLAGS environment.";
                     }
                     LOG.error(error);
-                    throw new SaslException(error);
+                    throw new SaslException(error, e);
                 }
             }
         } else {