From d2094e253cd4a15ba86b4f072b2920e953842f12 Mon Sep 17 00:00:00 2001 From: slfan1989 <55643692+slfan1989@users.noreply.github.com> Date: Wed, 15 Mar 2023 22:17:31 +0800 Subject: [PATCH] [#625] improvement: Package sun.security.krb5 is not visible in Java 11 and 17. (#726) ### What changes were proposed in this pull request? Try remove `sun.security.krb5.Config.refresh();` ### Why are the changes needed? `sun.security.krb5` is not visible in Java 11 and 17. We need to compile on JDK11 and JDK17 ### Does this PR introduce _any_ user-facing change? No. ### How was this patch tested? Unit test verification. Co-authored-by: slfan1989 --- .../security/HadoopSecurityContext.java | 1 - .../security/HadoopSecurityContextTest.java | 34 ++++++++++++------- 2 files changed, 22 insertions(+), 13 deletions(-) diff --git a/common/src/main/java/org/apache/uniffle/common/security/HadoopSecurityContext.java b/common/src/main/java/org/apache/uniffle/common/security/HadoopSecurityContext.java index 49083d365c..8f32e507a2 100644 --- a/common/src/main/java/org/apache/uniffle/common/security/HadoopSecurityContext.java +++ b/common/src/main/java/org/apache/uniffle/common/security/HadoopSecurityContext.java @@ -56,7 +56,6 @@ public HadoopSecurityContext( if (StringUtils.isNotEmpty(krb5ConfPath)) { System.setProperty(KRB5_CONF_KEY, krb5ConfPath); - sun.security.krb5.Config.refresh(); } Configuration conf = new Configuration(false); diff --git a/common/src/test/java/org/apache/uniffle/common/security/HadoopSecurityContextTest.java b/common/src/test/java/org/apache/uniffle/common/security/HadoopSecurityContextTest.java index 53ad36b231..31866ec9fe 100644 --- a/common/src/test/java/org/apache/uniffle/common/security/HadoopSecurityContextTest.java +++ b/common/src/test/java/org/apache/uniffle/common/security/HadoopSecurityContextTest.java @@ -78,6 +78,8 @@ public void testSecuredCallable() throws Exception { @Test public void testCreateIllegalContext() throws Exception { + System.setProperty("sun.security.krb5.debug", "true"); + // case1: lack principal, should throw exception try (HadoopSecurityContext context = new HadoopSecurityContext( null, @@ -111,20 +113,9 @@ public void testCreateIllegalContext() throws Exception { assertTrue(e.getMessage().contains("refreshIntervalSec must be not negative")); } - // case4: lack krb5 conf, should throw exception + // case4: After setting the krb5 conf, it should pass String krbConfFilePath = System.getProperty("java.security.krb5.conf"); System.clearProperty("java.security.krb5.conf"); - try (HadoopSecurityContext context = new HadoopSecurityContext( - null, - kerberizedHdfs.getHdfsKeytab(), - kerberizedHdfs.getHdfsPrincipal(), - 100)) { - fail(); - } catch (Exception e) { - assertTrue(e.getMessage().contains("Cannot locate KDC")); - } - - // case5: After setting the krb5 conf, it should pass HadoopSecurityContext context = new HadoopSecurityContext( krbConfFilePath, kerberizedHdfs.getHdfsKeytab(), @@ -136,4 +127,23 @@ public void testCreateIllegalContext() throws Exception { // recover System property of krb5 conf System.setProperty("java.security.krb5.conf", krbConfFilePath); } + + @Test + public void testWithOutKrb5Conf() { + // case: lack krb5 conf, should throw exception + String krbConfFilePath = System.getProperty("java.security.krb5.conf"); + System.clearProperty("java.security.krb5.conf"); + try (HadoopSecurityContext context2 = new HadoopSecurityContext( + null, + kerberizedHdfs.getHdfsKeytab(), + kerberizedHdfs.getHdfsPrincipal(), + 100)) { + fail(); + } catch (Exception e) { + assertTrue(e.getMessage().contains("Cannot locate KDC")); + } + + // recover System property of krb5 conf + System.setProperty("java.security.krb5.conf", krbConfFilePath); + } }