-
Bug
-
Resolution: Fixed
-
P3
-
7
-
b142
-
b28
-
x86
-
windows_7
-
Verified
| Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
|---|---|---|---|---|---|---|
| JDK-2221392 | 7u6 | Weijun Wang | P3 | Closed | Fixed | b03 |
FULL PRODUCT VERSION :
java version "1.7.0_02"
Java(TM) SE Runtime Environment (build 1.7.0_02-b13)
Java HotSpot(TM) 64-Bit Server VM (build 22.0-b10, mixed mode)
ADDITIONAL OS VERSION INFORMATION :
Microsoft Windows [Version 6.1.7600]
A DESCRIPTION OF THE PROBLEM :
Under JDK6, sun.security.krb5.internal.ktab.KeyTab.getInstance() used to remove prefixes like "file:" from the keyTabName.
Using JDK7 this is no longer the case. Passing a File URI like "file:/..." now results in an empty KeyTab. What happens, is a FileNotFoundException is thrown when reading from the FileInputStream in the constructor. The exception is caught in the constructor and the "isMissing" flag is set to true.
However, when the default_keytab_name property is resolved in getDefaultTabName(), prefixes like "file:" *are* removed (by calling the parse method).
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
1. Construct a dummy keytab file using ktab.exe.
ktab.exe -a host/user@DOMAIN password -k dummy.keytab
2. Construct a KeyTab using a File URI.
KeyTab keyTab = KeyTab.getInstance("file:/C:/workspace/dummy.keytab");
3. Retrieve the entries from the KeyTab.
keyTab.getEntries()
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
keyTab.getEntries() should contain the entries of the keytab.
ACTUAL -
keyTab.getEntries() is always empty, i.e. keyTab.getEntries().length is always zero.
However, when using with the absolute path to the same file, i.e. KeyTab.getInstance("C:/workspace/dummy.keytab"), it will correctly read its entries.
REPRODUCIBILITY :
This bug can be reproduced always.
---------- BEGIN SOURCE ----------
import static org.junit.Assert.assertTrue;
import org.junit.Test;
import sun.security.krb5.internal.ktab.KeyTab;
public class KeyTabPrefixBug {
private static final String PATH_TO_KEY_TAB = "C:/workspace/dummy.keytab";
@Test
public void withUriPrefix() throws Exception {
KeyTab keyTab = KeyTab.getInstance("file:/" + PATH_TO_KEY_TAB);
assertTrue(keyTab.getEntries().length > 0); // fails
}
@Test
public void withoutUriPrefix() throws Exception {
KeyTab keyTab = KeyTab.getInstance(PATH_TO_KEY_TAB);
assertTrue(keyTab.getEntries().length > 0); // succeeds
}
}
---------- END SOURCE ----------
CUSTOMER SUBMITTED WORKAROUND :
Always use file paths (never URIs) when using the Kerberos API.
java version "1.7.0_02"
Java(TM) SE Runtime Environment (build 1.7.0_02-b13)
Java HotSpot(TM) 64-Bit Server VM (build 22.0-b10, mixed mode)
ADDITIONAL OS VERSION INFORMATION :
Microsoft Windows [Version 6.1.7600]
A DESCRIPTION OF THE PROBLEM :
Under JDK6, sun.security.krb5.internal.ktab.KeyTab.getInstance() used to remove prefixes like "file:" from the keyTabName.
Using JDK7 this is no longer the case. Passing a File URI like "file:/..." now results in an empty KeyTab. What happens, is a FileNotFoundException is thrown when reading from the FileInputStream in the constructor. The exception is caught in the constructor and the "isMissing" flag is set to true.
However, when the default_keytab_name property is resolved in getDefaultTabName(), prefixes like "file:" *are* removed (by calling the parse method).
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
1. Construct a dummy keytab file using ktab.exe.
ktab.exe -a host/user@DOMAIN password -k dummy.keytab
2. Construct a KeyTab using a File URI.
KeyTab keyTab = KeyTab.getInstance("file:/C:/workspace/dummy.keytab");
3. Retrieve the entries from the KeyTab.
keyTab.getEntries()
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
keyTab.getEntries() should contain the entries of the keytab.
ACTUAL -
keyTab.getEntries() is always empty, i.e. keyTab.getEntries().length is always zero.
However, when using with the absolute path to the same file, i.e. KeyTab.getInstance("C:/workspace/dummy.keytab"), it will correctly read its entries.
REPRODUCIBILITY :
This bug can be reproduced always.
---------- BEGIN SOURCE ----------
import static org.junit.Assert.assertTrue;
import org.junit.Test;
import sun.security.krb5.internal.ktab.KeyTab;
public class KeyTabPrefixBug {
private static final String PATH_TO_KEY_TAB = "C:/workspace/dummy.keytab";
@Test
public void withUriPrefix() throws Exception {
KeyTab keyTab = KeyTab.getInstance("file:/" + PATH_TO_KEY_TAB);
assertTrue(keyTab.getEntries().length > 0); // fails
}
@Test
public void withoutUriPrefix() throws Exception {
KeyTab keyTab = KeyTab.getInstance(PATH_TO_KEY_TAB);
assertTrue(keyTab.getEntries().length > 0); // succeeds
}
}
---------- END SOURCE ----------
CUSTOMER SUBMITTED WORKAROUND :
Always use file paths (never URIs) when using the Kerberos API.
- backported by
-
JDK-2221392 KeyTab.getInstance(String) no longer handles keyTabNames with "file:" prefix
-
- Closed
-