Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8233222

Clarify system property usage in KerberosPrincipal instantiation

XMLWordPrintable

      Noticed that KerberosPrincipal instantiation with OpenJDK could violate the specification:
      https://docs.oracle.com/en/java/javase/13/docs/api/java.security.jgss/javax/security/auth/kerberos/KerberosPrincipal.html#%3Cinit%3E(java.lang.String)

      >"The default realm can be specified either in a Kerberos configuration file or via the java.security.krb5.realm system property"
      >"IllegalArgumentException - if name is improperly formatted, if name is null, or if name does not contain the realm to use and the default realm is not specified in either a Kerberos configuration file or via the java.security.krb5.realm system property"

      If there was a "KeyTab.getInstance().exists()" call before the instantiation attempt IAE is thrown no matter that the property was set as the specification requires.

      Consider the following example:

      =========================
              KeyTab.getInstance().exists();
              
              System.out.println("Initially java.security.krb5.kdc = " + System.getProperty("java.security.krb5.kdc"));
              System.setProperty("java.security.krb5.kdc", "example.com");
              System.out.println("After setting java.security.krb5.kdc = " + System.getProperty("java.security.krb5.kdc"));

              System.out.println("Initially java.security.krb5.realm = " + System.getProperty("java.security.krb5.realm"));
              System.setProperty("java.security.krb5.realm", "Hello");
              System.out.println("After setting java.security.krb5.realm = " + System.getProperty("java.security.krb5.realm"));

              new KerberosPrincipal("Hi");
      =========================

      The output is:

      Initially java.security.krb5.kdc = null
      After setting java.security.krb5.kdc = example.com
      Initially java.security.krb5.realm = null
      After setting java.security.krb5.realm = Hello
      Exception in thread "main" java.lang.IllegalArgumentException: KrbException: Cannot locate default realm
      at java.security.jgss/javax.security.auth.kerberos.KerberosPrincipal.<init>(KerberosPrincipal.java:179)
      at java.security.jgss/javax.security.auth.kerberos.KerberosPrincipal.<init>(KerberosPrincipal.java:130)

      It's clearly seen that the properties are defined correctly however IllegalArgumentException is still thrown

            weijun Weijun Wang
            dbessono Dmitry Bessonov
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: