[apache#625] improvement: Package sun.security.krb5 is not visible in…

… Java 11 and 17. (apache#726) ### What changes were proposed in this pull request? Try remove `sun.security.krb5.Config.refresh();` ### Why are the changes needed? `sun.security.krb5` is not visible in Java 11 and 17. We need to compile on JDK11 and JDK17 ### Does this PR introduce _any_ user-facing change? No. ### How was this patch tested? Unit test verification. Co-authored-by: slfan1989 <louj1988@@>
xianjingfeng · Apr 5, 2023 · d2094e2 · d2094e2
1 parent dfa3535
commit d2094e2
Show file tree

Hide file tree

Showing 2 changed files with 22 additions and 13 deletions.
diff --git a/common/src/main/java/org/apache/uniffle/common/security/HadoopSecurityContext.java b/common/src/main/java/org/apache/uniffle/common/security/HadoopSecurityContext.java
@@ -56,7 +56,6 @@ public HadoopSecurityContext(
 
     if (StringUtils.isNotEmpty(krb5ConfPath)) {
       System.setProperty(KRB5_CONF_KEY, krb5ConfPath);
-      sun.security.krb5.Config.refresh();
     }
 
     Configuration conf = new Configuration(false);

diff --git a/common/src/test/java/org/apache/uniffle/common/security/HadoopSecurityContextTest.java b/common/src/test/java/org/apache/uniffle/common/security/HadoopSecurityContextTest.java
@@ -78,6 +78,8 @@ public void testSecuredCallable() throws Exception {
 
   @Test
   public void testCreateIllegalContext() throws Exception {
+    System.setProperty("sun.security.krb5.debug", "true");
+
     // case1: lack principal, should throw exception
     try (HadoopSecurityContext context = new HadoopSecurityContext(
             null,
@@ -111,20 +113,9 @@ public void testCreateIllegalContext() throws Exception {
       assertTrue(e.getMessage().contains("refreshIntervalSec must be not negative"));
     }
 
-    // case4: lack krb5 conf, should throw exception
+    // case4: After setting the krb5 conf, it should pass
     String krbConfFilePath = System.getProperty("java.security.krb5.conf");
     System.clearProperty("java.security.krb5.conf");
-    try (HadoopSecurityContext context = new HadoopSecurityContext(
-              null,
-              kerberizedHdfs.getHdfsKeytab(),
-              kerberizedHdfs.getHdfsPrincipal(),
-              100)) {
-      fail();
-    } catch (Exception e) {
-      assertTrue(e.getMessage().contains("Cannot locate KDC"));
-    }
-
-    // case5: After setting the krb5 conf, it should pass
     HadoopSecurityContext context = new HadoopSecurityContext(
             krbConfFilePath,
             kerberizedHdfs.getHdfsKeytab(),
@@ -136,4 +127,23 @@ public void testCreateIllegalContext() throws Exception {
     // recover System property of krb5 conf
     System.setProperty("java.security.krb5.conf", krbConfFilePath);
   }
+
+  @Test
+  public void testWithOutKrb5Conf() {
+    // case: lack krb5 conf, should throw exception
+    String krbConfFilePath = System.getProperty("java.security.krb5.conf");
+    System.clearProperty("java.security.krb5.conf");
+    try (HadoopSecurityContext context2 = new HadoopSecurityContext(
+            null,
+            kerberizedHdfs.getHdfsKeytab(),
+            kerberizedHdfs.getHdfsPrincipal(),
+            100)) {
+      fail();
+    } catch (Exception e) {
+      assertTrue(e.getMessage().contains("Cannot locate KDC"));
+    }
+
+    // recover System property of krb5 conf
+    System.setProperty("java.security.krb5.conf", krbConfFilePath);
+  }
 }