You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@zookeeper.apache.org by "Todd Lipcon (JIRA)" <ji...@apache.org> on 2012/07/16 21:45:34 UTC
[jira] [Created] (ZOOKEEPER-1510) Should not log SASL errors for
non-secure usage
Todd Lipcon created ZOOKEEPER-1510:
--------------------------------------
Summary: Should not log SASL errors for non-secure usage
Key: ZOOKEEPER-1510
URL: https://issues.apache.org/jira/browse/ZOOKEEPER-1510
Project: ZooKeeper
Issue Type: Improvement
Components: java client
Affects Versions: 3.4.3
Reporter: Todd Lipcon
Priority: Minor
Since SASL support was added, all connections with non-secure clients have started logging messages like:
2012-07-01 02:13:34,986 WARN org.apache.zookeeper.client.ZooKeeperSaslClient: SecurityException: java.lang.SecurityException: Unable to locate a login configuration occurred when trying to find JAAS configuration.
2012-07-01 02:13:34,986 INFO org.apache.zookeeper.client.ZooKeeperSaslClient: Client will not SASL-authenticate because the default JAAS configuration section 'Client' could not be found. If you are not using SASL, you may ignore this. On the other hand, if you expected SASL to work, please fix your JAAS configuration.
Despite the "you may ignore this" qualifier, I've seen a lot of users confused by this message. Instead, it would be better to either log at DEBUG level, or piggy back the SASL information onto the "Opening socket connection" message (eg "Opening socket connection to X:2181. Will not use SASL because no configuration was located.")
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (ZOOKEEPER-1510) Should not log SASL errors for
non-secure usage
Posted by "Hadoop QA (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/ZOOKEEPER-1510?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13426876#comment-13426876 ]
Hadoop QA commented on ZOOKEEPER-1510:
--------------------------------------
-1 overall. Here are the results of testing the latest attachment
http://issues.apache.org/jira/secure/attachment/12538821/zookeeper-1510.txt
against trunk revision 1368203.
+1 @author. The patch does not contain any @author tags.
-1 tests included. The patch doesn't appear to include any new or modified tests.
Please justify why no new tests are needed for this patch.
Also please list what manual steps were performed to verify this patch.
+1 javadoc. The javadoc tool did not generate any warning messages.
+1 javac. The applied patch does not increase the total number of javac compiler warnings.
+1 findbugs. The patch does not introduce any new Findbugs (version 1.3.9) warnings.
+1 release audit. The applied patch does not increase the total number of release audit warnings.
+1 core tests. The patch passed core unit tests.
+1 contrib tests. The patch passed contrib unit tests.
Test results: https://builds.apache.org/job/PreCommit-ZOOKEEPER-Build/1152//testReport/
Findbugs warnings: https://builds.apache.org/job/PreCommit-ZOOKEEPER-Build/1152//artifact/trunk/build/test/findbugs/newPatchFindbugsWarnings.html
Console output: https://builds.apache.org/job/PreCommit-ZOOKEEPER-Build/1152//console
This message is automatically generated.
> Should not log SASL errors for non-secure usage
> -----------------------------------------------
>
> Key: ZOOKEEPER-1510
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-1510
> Project: ZooKeeper
> Issue Type: Improvement
> Components: java client
> Affects Versions: 3.4.3
> Reporter: Todd Lipcon
> Assignee: Todd Lipcon
> Priority: Minor
> Fix For: 3.4.4, 3.5.0
>
> Attachments: zookeeper-1510.txt, zookeeper-1510.txt
>
>
> Since SASL support was added, all connections with non-secure clients have started logging messages like:
> 2012-07-01 02:13:34,986 WARN org.apache.zookeeper.client.ZooKeeperSaslClient: SecurityException: java.lang.SecurityException: Unable to locate a login configuration occurred when trying to find JAAS configuration.
> 2012-07-01 02:13:34,986 INFO org.apache.zookeeper.client.ZooKeeperSaslClient: Client will not SASL-authenticate because the default JAAS configuration section 'Client' could not be found. If you are not using SASL, you may ignore this. On the other hand, if you expected SASL to work, please fix your JAAS configuration.
> Despite the "you may ignore this" qualifier, I've seen a lot of users confused by this message. Instead, it would be better to either log at DEBUG level, or piggy back the SASL information onto the "Opening socket connection" message (eg "Opening socket connection to X:2181. Will not use SASL because no configuration was located.")
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (ZOOKEEPER-1510) Should not log SASL errors for
non-secure usage
Posted by "Hadoop QA (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/ZOOKEEPER-1510?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13426917#comment-13426917 ]
Hadoop QA commented on ZOOKEEPER-1510:
--------------------------------------
-1 overall. Here are the results of testing the latest attachment
http://issues.apache.org/jira/secure/attachment/12538821/zookeeper-1510.txt
against trunk revision 1368203.
+1 @author. The patch does not contain any @author tags.
-1 tests included. The patch doesn't appear to include any new or modified tests.
Please justify why no new tests are needed for this patch.
Also please list what manual steps were performed to verify this patch.
+1 javadoc. The javadoc tool did not generate any warning messages.
+1 javac. The applied patch does not increase the total number of javac compiler warnings.
+1 findbugs. The patch does not introduce any new Findbugs (version 1.3.9) warnings.
+1 release audit. The applied patch does not increase the total number of release audit warnings.
+1 core tests. The patch passed core unit tests.
+1 contrib tests. The patch passed contrib unit tests.
Test results: https://builds.apache.org/job/PreCommit-ZOOKEEPER-Build/1153//testReport/
Findbugs warnings: https://builds.apache.org/job/PreCommit-ZOOKEEPER-Build/1153//artifact/trunk/build/test/findbugs/newPatchFindbugsWarnings.html
Console output: https://builds.apache.org/job/PreCommit-ZOOKEEPER-Build/1153//console
This message is automatically generated.
> Should not log SASL errors for non-secure usage
> -----------------------------------------------
>
> Key: ZOOKEEPER-1510
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-1510
> Project: ZooKeeper
> Issue Type: Improvement
> Components: java client
> Affects Versions: 3.4.3
> Reporter: Todd Lipcon
> Assignee: Todd Lipcon
> Priority: Minor
> Fix For: 3.4.4, 3.5.0
>
> Attachments: zookeeper-1510.txt, zookeeper-1510.txt
>
>
> Since SASL support was added, all connections with non-secure clients have started logging messages like:
> 2012-07-01 02:13:34,986 WARN org.apache.zookeeper.client.ZooKeeperSaslClient: SecurityException: java.lang.SecurityException: Unable to locate a login configuration occurred when trying to find JAAS configuration.
> 2012-07-01 02:13:34,986 INFO org.apache.zookeeper.client.ZooKeeperSaslClient: Client will not SASL-authenticate because the default JAAS configuration section 'Client' could not be found. If you are not using SASL, you may ignore this. On the other hand, if you expected SASL to work, please fix your JAAS configuration.
> Despite the "you may ignore this" qualifier, I've seen a lot of users confused by this message. Instead, it would be better to either log at DEBUG level, or piggy back the SASL information onto the "Opening socket connection" message (eg "Opening socket connection to X:2181. Will not use SASL because no configuration was located.")
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Assigned] (ZOOKEEPER-1510) Should not log SASL errors for
non-secure usage
Posted by "Todd Lipcon (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/ZOOKEEPER-1510?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Todd Lipcon reassigned ZOOKEEPER-1510:
--------------------------------------
Assignee: Todd Lipcon
> Should not log SASL errors for non-secure usage
> -----------------------------------------------
>
> Key: ZOOKEEPER-1510
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-1510
> Project: ZooKeeper
> Issue Type: Improvement
> Components: java client
> Affects Versions: 3.4.3
> Reporter: Todd Lipcon
> Assignee: Todd Lipcon
> Priority: Minor
>
> Since SASL support was added, all connections with non-secure clients have started logging messages like:
> 2012-07-01 02:13:34,986 WARN org.apache.zookeeper.client.ZooKeeperSaslClient: SecurityException: java.lang.SecurityException: Unable to locate a login configuration occurred when trying to find JAAS configuration.
> 2012-07-01 02:13:34,986 INFO org.apache.zookeeper.client.ZooKeeperSaslClient: Client will not SASL-authenticate because the default JAAS configuration section 'Client' could not be found. If you are not using SASL, you may ignore this. On the other hand, if you expected SASL to work, please fix your JAAS configuration.
> Despite the "you may ignore this" qualifier, I've seen a lot of users confused by this message. Instead, it would be better to either log at DEBUG level, or piggy back the SASL information onto the "Opening socket connection" message (eg "Opening socket connection to X:2181. Will not use SASL because no configuration was located.")
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (ZOOKEEPER-1510) Should not log SASL errors for
non-secure usage
Posted by "Patrick Hunt (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/ZOOKEEPER-1510?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Patrick Hunt updated ZOOKEEPER-1510:
------------------------------------
Fix Version/s: 3.5.0
3.4.4
> Should not log SASL errors for non-secure usage
> -----------------------------------------------
>
> Key: ZOOKEEPER-1510
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-1510
> Project: ZooKeeper
> Issue Type: Improvement
> Components: java client
> Affects Versions: 3.4.3
> Reporter: Todd Lipcon
> Assignee: Todd Lipcon
> Priority: Minor
> Fix For: 3.4.4, 3.5.0
>
> Attachments: zookeeper-1510.txt, zookeeper-1510.txt
>
>
> Since SASL support was added, all connections with non-secure clients have started logging messages like:
> 2012-07-01 02:13:34,986 WARN org.apache.zookeeper.client.ZooKeeperSaslClient: SecurityException: java.lang.SecurityException: Unable to locate a login configuration occurred when trying to find JAAS configuration.
> 2012-07-01 02:13:34,986 INFO org.apache.zookeeper.client.ZooKeeperSaslClient: Client will not SASL-authenticate because the default JAAS configuration section 'Client' could not be found. If you are not using SASL, you may ignore this. On the other hand, if you expected SASL to work, please fix your JAAS configuration.
> Despite the "you may ignore this" qualifier, I've seen a lot of users confused by this message. Instead, it would be better to either log at DEBUG level, or piggy back the SASL information onto the "Opening socket connection" message (eg "Opening socket connection to X:2181. Will not use SASL because no configuration was located.")
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (ZOOKEEPER-1510) Should not log SASL errors for
non-secure usage
Posted by "Eugene Koontz (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/ZOOKEEPER-1510?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13415724#comment-13415724 ]
Eugene Koontz commented on ZOOKEEPER-1510:
------------------------------------------
Looks like a good change to me. It's always interesting to hear users' reactions to what they're seeing.
> Should not log SASL errors for non-secure usage
> -----------------------------------------------
>
> Key: ZOOKEEPER-1510
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-1510
> Project: ZooKeeper
> Issue Type: Improvement
> Components: java client
> Affects Versions: 3.4.3
> Reporter: Todd Lipcon
> Assignee: Todd Lipcon
> Priority: Minor
> Attachments: zookeeper-1510.txt
>
>
> Since SASL support was added, all connections with non-secure clients have started logging messages like:
> 2012-07-01 02:13:34,986 WARN org.apache.zookeeper.client.ZooKeeperSaslClient: SecurityException: java.lang.SecurityException: Unable to locate a login configuration occurred when trying to find JAAS configuration.
> 2012-07-01 02:13:34,986 INFO org.apache.zookeeper.client.ZooKeeperSaslClient: Client will not SASL-authenticate because the default JAAS configuration section 'Client' could not be found. If you are not using SASL, you may ignore this. On the other hand, if you expected SASL to work, please fix your JAAS configuration.
> Despite the "you may ignore this" qualifier, I've seen a lot of users confused by this message. Instead, it would be better to either log at DEBUG level, or piggy back the SASL information onto the "Opening socket connection" message (eg "Opening socket connection to X:2181. Will not use SASL because no configuration was located.")
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (ZOOKEEPER-1510) Should not log SASL errors for
non-secure usage
Posted by "Todd Lipcon (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/ZOOKEEPER-1510?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Todd Lipcon updated ZOOKEEPER-1510:
-----------------------------------
Attachment: zookeeper-1510.txt
Attached patch changes the SASL-related message to piggy-back on the "Connecting" message except for the true error case. I tested by running the existing unit tests and looking at the logs. Examples:
*Successfully found config:*
{code}
Opening socket connection to server todd-w510/127.0.0.1:11221. Will attempt to SASL-authenticate using Login Context section 'MyZookeeperClient'
{code}
*Failed configuration:*
{code}
2012-07-16 13:00:50,723 [myid:] - WARN [main-SendThread(todd-w510:11221):ClientCnxn$SendThread@942] - SASL configuration failed: javax.security.auth.login.LoginException: Client cannot SASL-authenticate because the specified JAAS configuration section 'MyZookeeperClient' could not be found. Will continue connection to Zookeeper server without SASL authentication, if Zookeeper server allows it.
2012-07-16 13:00:50,726 [myid:] - INFO [main-SendThread(todd-w510:11221):ClientCnxn$SendThread@952] - Opening socket connection to server todd-w510/127.0.0.1:11221
{code}
*Unconfigured*:
{code}
2012-07-16 13:02:31,501 [myid:] - INFO [main-SendThread(todd-w510:2181):ClientCnxn$SendThread@952] - Opening socket connection to server todd-w510/0:0:0:0:0:0:0:1:2181. Will not attempt to authenticate using SASL (Unable to locate a login configuration)
{code}
> Should not log SASL errors for non-secure usage
> -----------------------------------------------
>
> Key: ZOOKEEPER-1510
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-1510
> Project: ZooKeeper
> Issue Type: Improvement
> Components: java client
> Affects Versions: 3.4.3
> Reporter: Todd Lipcon
> Assignee: Todd Lipcon
> Priority: Minor
> Attachments: zookeeper-1510.txt
>
>
> Since SASL support was added, all connections with non-secure clients have started logging messages like:
> 2012-07-01 02:13:34,986 WARN org.apache.zookeeper.client.ZooKeeperSaslClient: SecurityException: java.lang.SecurityException: Unable to locate a login configuration occurred when trying to find JAAS configuration.
> 2012-07-01 02:13:34,986 INFO org.apache.zookeeper.client.ZooKeeperSaslClient: Client will not SASL-authenticate because the default JAAS configuration section 'Client' could not be found. If you are not using SASL, you may ignore this. On the other hand, if you expected SASL to work, please fix your JAAS configuration.
> Despite the "you may ignore this" qualifier, I've seen a lot of users confused by this message. Instead, it would be better to either log at DEBUG level, or piggy back the SASL information onto the "Opening socket connection" message (eg "Opening socket connection to X:2181. Will not use SASL because no configuration was located.")
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (ZOOKEEPER-1510) Should not log SASL errors for
non-secure usage
Posted by "Hudson (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/ZOOKEEPER-1510?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13427009#comment-13427009 ]
Hudson commented on ZOOKEEPER-1510:
-----------------------------------
Integrated in ZooKeeper-trunk #1633 (See [https://builds.apache.org/job/ZooKeeper-trunk/1633/])
ZOOKEEPER-1510. Should not log SASL errors for non-secure usage (Todd Lipcon via phunt) Missed a bit in the prior commit (Revision 1368299)
ZOOKEEPER-1510. Should not log SASL errors for non-secure usage (Todd Lipcon via phunt) (Revision 1368267)
Result = SUCCESS
phunt : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1368299
Files :
* /zookeeper/trunk/src/java/main/org/apache/zookeeper/ClientCnxn.java
* /zookeeper/trunk/src/java/main/org/apache/zookeeper/client/ZooKeeperSaslClient.java
phunt : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1368267
Files :
* /zookeeper/trunk/CHANGES.txt
* /zookeeper/trunk/src/java/main/org/apache/zookeeper/ClientCnxn.java
* /zookeeper/trunk/src/java/main/org/apache/zookeeper/client/ZooKeeperSaslClient.java
> Should not log SASL errors for non-secure usage
> -----------------------------------------------
>
> Key: ZOOKEEPER-1510
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-1510
> Project: ZooKeeper
> Issue Type: Improvement
> Components: java client
> Affects Versions: 3.4.3
> Reporter: Todd Lipcon
> Assignee: Todd Lipcon
> Priority: Minor
> Fix For: 3.4.4, 3.5.0
>
> Attachments: zookeeper-1510.txt, zookeeper-1510.txt
>
>
> Since SASL support was added, all connections with non-secure clients have started logging messages like:
> 2012-07-01 02:13:34,986 WARN org.apache.zookeeper.client.ZooKeeperSaslClient: SecurityException: java.lang.SecurityException: Unable to locate a login configuration occurred when trying to find JAAS configuration.
> 2012-07-01 02:13:34,986 INFO org.apache.zookeeper.client.ZooKeeperSaslClient: Client will not SASL-authenticate because the default JAAS configuration section 'Client' could not be found. If you are not using SASL, you may ignore this. On the other hand, if you expected SASL to work, please fix your JAAS configuration.
> Despite the "you may ignore this" qualifier, I've seen a lot of users confused by this message. Instead, it would be better to either log at DEBUG level, or piggy back the SASL information onto the "Opening socket connection" message (eg "Opening socket connection to X:2181. Will not use SASL because no configuration was located.")
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (ZOOKEEPER-1510) Should not log SASL errors for
non-secure usage
Posted by "Patrick Hunt (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/ZOOKEEPER-1510?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Patrick Hunt updated ZOOKEEPER-1510:
------------------------------------
Attachment: zookeeper-1510.txt
A couple minor tweaks to the patch, including adding some javadoc for the new method/field.
> Should not log SASL errors for non-secure usage
> -----------------------------------------------
>
> Key: ZOOKEEPER-1510
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-1510
> Project: ZooKeeper
> Issue Type: Improvement
> Components: java client
> Affects Versions: 3.4.3
> Reporter: Todd Lipcon
> Assignee: Todd Lipcon
> Priority: Minor
> Attachments: zookeeper-1510.txt, zookeeper-1510.txt
>
>
> Since SASL support was added, all connections with non-secure clients have started logging messages like:
> 2012-07-01 02:13:34,986 WARN org.apache.zookeeper.client.ZooKeeperSaslClient: SecurityException: java.lang.SecurityException: Unable to locate a login configuration occurred when trying to find JAAS configuration.
> 2012-07-01 02:13:34,986 INFO org.apache.zookeeper.client.ZooKeeperSaslClient: Client will not SASL-authenticate because the default JAAS configuration section 'Client' could not be found. If you are not using SASL, you may ignore this. On the other hand, if you expected SASL to work, please fix your JAAS configuration.
> Despite the "you may ignore this" qualifier, I've seen a lot of users confused by this message. Instead, it would be better to either log at DEBUG level, or piggy back the SASL information onto the "Opening socket connection" message (eg "Opening socket connection to X:2181. Will not use SASL because no configuration was located.")
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira