You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@zookeeper.apache.org by "ASF GitHub Bot (JIRA)" <ji...@apache.org> on 2017/10/04 18:00:11 UTC
[jira] [Commented] (ZOOKEEPER-2908)
quorum.auth.MiniKdcTest.testKerberosLogin failing with NPE on java 9
[ https://issues.apache.org/jira/browse/ZOOKEEPER-2908?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16191717#comment-16191717 ]
ASF GitHub Bot commented on ZOOKEEPER-2908:
-------------------------------------------
GitHub user mfenes opened a pull request:
https://github.com/apache/zookeeper/pull/390
ZOOKEEPER-2908: quorum.auth.MiniKdcTest.testKerberosLogin failing wit…
ZOOKEEPER-2908: quorum.auth.MiniKdcTest.testKerberosLogin failing with NPE on Java 9
Cause:
The NPE exception in the MiniKdcTest.testKerberosLogin() unit test is caused by a duplicate loginContext.logout() call: one logout() call at the end of the test inside the try block and another logout() call in the finally block. When the test finishes, the first logout() call removes the kerbClientPrinc KerberosPrincipal in Krb5LoginModule, so when logout() is called for the second time in the finally block, it tries to remove a null kerbClientPrinc at Krb5LoginModule.java:1193:
subject.getPrincipals().remove(kerbClientPrinc);
where subject is a javax.security.auth.Subject,
getPrincipals() returns Set<Principal>
and the Set implementation is a javax.security.auth.Subject.SecureSet.
In Java 9, SecureSet's remove() method has introduced a new requireNonNull check for its parameter Object o, which fails if someone tries to remove a null from a SecureSet:
Objects.requireNonNull(o,ResourcesMgr.getString(“invalid.null.input.s.”));
Java 8 (and before) did not have this check in the SecureSet.remove() method, and this is the reason why this NPE appeared in Java 9.
Solution:
The unit test was fixed by adding an additional condition before running the logout() call in the finally block: logout() is called only if the Set of Principals is not empty i.e. logout() was not already called inside the try block.
Note: Inside ZK, LoginContext logout() is called only once in the org.apache.zookeeper.Login reLogin() method, when ZK does a re-login after refreshing the Kerberos tickets.
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/mfenes/zookeeper ZOOKEEPER-2908
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/zookeeper/pull/390.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #390
----
commit fe08ff5cbf50fdba17714c72416ca4e6a9f4e79a
Author: Mark Fenes <mf...@cloudera.com>
Date: 2017-10-03T20:48:44Z
ZOOKEEPER-2908: quorum.auth.MiniKdcTest.testKerberosLogin failing with NPE on java 9
----
> quorum.auth.MiniKdcTest.testKerberosLogin failing with NPE on java 9
> --------------------------------------------------------------------
>
> Key: ZOOKEEPER-2908
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2908
> Project: ZooKeeper
> Issue Type: Bug
> Components: security, tests
> Affects Versions: 3.5.4, 3.4.11
> Reporter: Patrick Hunt
> Assignee: Mark Fenes
> Priority: Blocker
> Fix For: 3.5.4, 3.4.11
>
>
> quorum.auth.MiniKdcTest.testKerberosLogin is failing with an NPE on Java 9.
> I recently setup jenkins jobs for java 9 on branch 3.4 and 3.5 and the test is failing as follows.
> {noformat}
> javax.security.auth.login.LoginException: java.lang.NullPointerException: invalid null input(s)
> at java.base/java.util.Objects.requireNonNull(Objects.java:246)
> at java.base/javax.security.auth.Subject$SecureSet.remove(Subject.java:1172)
> at java.base/java.util.Collections$SynchronizedCollection.remove(Collections.java:2039)
> at jdk.security.auth/com.sun.security.auth.module.Krb5LoginModule.logout(Krb5LoginModule.java:1193)
> at java.base/javax.security.auth.login.LoginContext.invoke(LoginContext.java:732)
> at java.base/javax.security.auth.login.LoginContext.access$000(LoginContext.java:194)
> at java.base/javax.security.auth.login.LoginContext$4.run(LoginContext.java:665)
> at java.base/javax.security.auth.login.LoginContext$4.run(LoginContext.java:663)
> at java.base/java.security.AccessController.doPrivileged(Native Method)
> at java.base/javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:663)
> at java.base/javax.security.auth.login.LoginContext.logout(LoginContext.java:613)
> at org.apache.zookeeper.server.quorum.auth.MiniKdcTest.testKerberosLogin(MiniKdcTest.java:179)
> at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at org.apache.zookeeper.JUnit4ZKTestRunner$LoggedInvokeMethod.evaluate(JUnit4ZKTestRunner.java:55)
> at java.base/javax.security.auth.login.LoginContext.invoke(LoginContext.java:821)
> at java.base/javax.security.auth.login.LoginContext.access$000(LoginContext.java:194)
> at java.base/javax.security.auth.login.LoginContext$4.run(LoginContext.java:665)
> at java.base/javax.security.auth.login.LoginContext$4.run(LoginContext.java:663)
> at java.base/java.security.AccessController.doPrivileged(Native Method)
> at java.base/javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:663)
> at java.base/javax.security.auth.login.LoginContext.logout(LoginContext.java:613)
> at org.apache.zookeeper.server.quorum.auth.MiniKdcTest.testKerberosLogin(MiniKdcTest.java:179)
> at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at org.apache.zookeeper.JUnit4ZKTestRunner$LoggedInvokeMethod.evaluate(JUnit4ZKTestRunner.java:55)
> {noformat}
> https://builds.apache.org/view/S-Z/view/ZooKeeper/job/ZooKeeper_branch34_java9/1/testReport/junit/org.apache.zookeeper.server.quorum.auth/MiniKdcTest/testKerberosLogin/
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)