Details
-
Bug
-
Resolution: Fixed
-
P4
-
8u101
-
b01
-
generic
-
generic
Backports
| Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
|---|---|---|---|---|---|---|
| JDK-8183793 | 8u161 | Ivan Gerasimov | P4 | Resolved | Fixed | b01 |
| JDK-8192534 | emb-8u161 | Ivan Gerasimov | P4 | Resolved | Fixed | b01 |
Description
FULL PRODUCT VERSION :
java version "1.8.0_101"
Java(TM) SE Runtime Environment (build 1.8.0_101-b13)
Java HotSpot(TM) 64-Bit Server VM (build 25.101-b13, mixed mode)
ADDITIONAL OS VERSION INFORMATION :
Linux <hostname> 4.2.0-42-generic #49-Ubuntu SMP Tue Jun 28 21:26:26 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux
A DESCRIPTION OF THE PROBLEM :
From sun/security/jgss/krb5/SubjectComber.java, method findAux(), upon finding an expired ticket:
if (!ticket.isCurrent()) {
...
ticket.destroy();
if (DEBUG) {
System.out.println("Removed and destroyed "
+ "the expired Ticket \n"
+ ticket);
...
The problem is that after ticket.destroy() call all methods of ticket object, including toSttring(), throw IllegalStateException, so if DEBUG == true, System.out.println() throws IllegalStateException.
For toString() throwing IllegalStateException makes no sense; we always want to print out the ticket info, expired or not.
Since there is no proper handling of IllegalStateException, the ticket does not get renewed.
Suggested fix: remove the following lines from from toString() method of javax.security.auth.kerberos.KerberosTicket class:
if (destroyed)
throw new IllegalStateException("This ticket is no longer valid");
REPRODUCIBILITY :
This bug can be reproduced always.
java version "1.8.0_101"
Java(TM) SE Runtime Environment (build 1.8.0_101-b13)
Java HotSpot(TM) 64-Bit Server VM (build 25.101-b13, mixed mode)
ADDITIONAL OS VERSION INFORMATION :
Linux <hostname> 4.2.0-42-generic #49-Ubuntu SMP Tue Jun 28 21:26:26 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux
A DESCRIPTION OF THE PROBLEM :
From sun/security/jgss/krb5/SubjectComber.java, method findAux(), upon finding an expired ticket:
if (!ticket.isCurrent()) {
...
ticket.destroy();
if (DEBUG) {
System.out.println("Removed and destroyed "
+ "the expired Ticket \n"
+ ticket);
...
The problem is that after ticket.destroy() call all methods of ticket object, including toSttring(), throw IllegalStateException, so if DEBUG == true, System.out.println() throws IllegalStateException.
For toString() throwing IllegalStateException makes no sense; we always want to print out the ticket info, expired or not.
Since there is no proper handling of IllegalStateException, the ticket does not get renewed.
Suggested fix: remove the following lines from from toString() method of javax.security.auth.kerberos.KerberosTicket class:
if (destroyed)
throw new IllegalStateException("This ticket is no longer valid");
REPRODUCIBILITY :
This bug can be reproduced always.
Attachments
Issue Links
- backported by
-
JDK-8183793 ticket renewal won't happen with debugging turned on
-
- Resolved
-
-
-
- Resolved
-
- relates to
-
JDK-8043071 Expose session key and KRB_CRED through extended GSS-API
-
- Closed
-