Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Return false when java.security.auth.login.config is unreadable #78

Open
devcsrj opened this issue Oct 24, 2018 · 5 comments
Open

Return false when java.security.auth.login.config is unreadable #78

devcsrj opened this issue Oct 24, 2018 · 5 comments

Comments

@devcsrj
Copy link

devcsrj commented Oct 24, 2018

In the ZkClient#isZkSaslEnabled, the method fails when the file represented by java.security.auth.login.config is unreadable:

        String loginConfigFile = System.getProperty(JAVA_LOGIN_CONFIG_PARAM);
        if (loginConfigFile != null && loginConfigFile.length() > 0) {
            LOG.info("JAAS File name: " + loginConfigFile);
            File configFile = new File(loginConfigFile);
            if (!configFile.canRead()) {
                throw new IllegalArgumentException("File " + loginConfigFile + "cannot be read.");
            }
        ...

Another 3rd-party library I'm using in the classpath, unfortunately, sets the java.security.auth.login.config system property to gss.conf, which causes ZkClient to fail when checking whether Sasl is enabled.

Will it be alright to replace this with a logger warning instead (i.e., return false on cases where the config file is unreadable)? If not, what're your recommendations?

@jzillmann
Copy link
Collaborator

I see it that way:

  • The check is executed only when 'zookeeper.sasl.client' is set to true.
  • When the above is true, it's crucial that the file specified by 'java.security.auth.login.config' is readable

So even if you would go past that check by making it a warning, my expectation is you start to run into the real problem by not being able to connect to zookeeper!

Thoughts @fpj ?

@devcsrj
Copy link
Author

devcsrj commented Oct 24, 2018

The check is executed only when 'zookeeper.sasl.client' is set to true

Oh you're right, I didn't notice that just above those lines. Will it make sense though to default zookeeper.sasl.client to false?

@jzillmann
Copy link
Collaborator

Yes, i mean depends on your environment/setup!

@devcsrj
Copy link
Author

devcsrj commented Oct 24, 2018

Ah I just meant, because of the line:

boolean zkSaslEnabled = Boolean.parseBoolean(System.getProperty(ZK_SASL_CLIENT, "true"));

It defaults to true

@jzillmann
Copy link
Collaborator

Oh yes, i think that makes sense!

@fpj any concerns ?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants