smolnar82 opened a new pull request #55: KNOX-1162 - Logging stacktrace for FATAL messages and displaying a meaningful error message in case of missing/non-parsable JAAS configuration URL: https://github.com/apache/knox/pull/55 ## What changes were proposed in this pull request? When there is a misconfiguration in the supplied JAAS configuration (i.e. `conf/krb5JAASLogin.conf`) the server fails to start and the information in gateway.log wasn't at all helpful. To make it better the following changes have been made: - *all* `FATAL` messages are logged with the full stack trace - in case the supplied JAAS configuration file does not exist or cannot be parsed we wrap the `IOException` coming from security login configuration into our own `ConfigurationException` with a meaningful error message (an additional change is to fix a unit test case in `MatcherTest` to avoid compilation error; I'm not sure how it was working before but it constantly fails locally for me) ## How was this patch tested? Added new unit test cases and executed them (including integration tests): ``` [INFO] ------------------------------------------------------------------------ [INFO] BUILD SUCCESS [INFO] ------------------------------------------------------------------------ [INFO] Total time: 18:18 min (Wall Clock) [INFO] Finished at: 2019-02-15T23:48:43+01:00 [INFO] Final Memory: 265M/1643M [INFO] ------------------------------------------------------------------------ ``` In addition to unit testing the following manual test has been executed: 1. stopped the gateway server 2. built and deployed the new version of the gateway server (with my changes) 3. updated `/etc/knox/conf/krb5JAASLogin.conf`: removed surrounding quotes from the `keytab` property (which is invalid) 4. tried to start the gateway. As expected it failed to start 5. checked the log file if the enhanced error message appeared: ``` 2019-02-15 23:05:44,047 FATAL knox.gateway (GatewayServer.java:main(168)) - Failed to start gateway: org.apache.knox.gateway.services.ServiceLifecycleException: Error while configuring registry authentication org.apache.knox.gateway.services.ServiceLifecycleException: Error while configuring registry authentication at org.apache.knox.gateway.service.config.remote.zk.CuratorClientService.init(CuratorClientService.java:81) at org.apache.knox.gateway.services.DefaultGatewayServices.init(DefaultGatewayServices.java:79) at org.apache.knox.gateway.GatewayServer.main(GatewayServer.java:159) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.apache.knox.gateway.launcher.Invoker.invokeMainMethod(Invoker.java:68) at org.apache.knox.gateway.launcher.Invoker.invoke(Invoker.java:39) at org.apache.knox.gateway.launcher.Command.run(Command.java:99) at org.apache.knox.gateway.launcher.Launcher.run(Launcher.java:75) at org.apache.knox.gateway.launcher.Launcher.main(Launcher.java:52) Caused by: org.apache.knox.gateway.config.ConfigurationException: Error while getting secure configuration. This error usually indicates an issue within the supplied JAAS configuration: /etc/knox/conf/krb5JAASLogin.conf at org.apache.knox.gateway.service.config.remote.zk.RemoteConfigurationRegistryJAASConfig.<init>(RemoteConfigurationRegistryJAASConfig.java:71) at org.apache.knox.gateway.service.config.remote.zk.RemoteConfigurationRegistryJAASConfig.configure(RemoteConfigurationRegistryJAASConfig.java:61) at org.apache.knox.gateway.service.config.remote.zk.CuratorClientService.init(CuratorClientService.java:79) ... 11 more Caused by: java.lang.SecurityException: java.io.IOException: Configuration Error: Line 7: expected [option key] at sun.security.provider.ConfigFile$Spi.<init>(ConfigFile.java:137) at sun.security.provider.ConfigFile.<init>(ConfigFile.java:102) at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) at java.lang.reflect.Constructor.newInstance(Constructor.java:423) at java.lang.Class.newInstance(Class.java:442) at javax.security.auth.login.Configuration$2.run(Configuration.java:255) at javax.security.auth.login.Configuration$2.run(Configuration.java:247) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.login.Configuration.getConfiguration(Configuration.java:246) at org.apache.knox.gateway.service.config.remote.zk.RemoteConfigurationRegistryJAASConfig.<init>(RemoteConfigurationRegistryJAASConfig.java:66) ... 13 more Caused by: java.io.IOException: Configuration Error: Line 7: expected [option key] at sun.security.provider.ConfigFile$Spi.ioException(ConfigFile.java:666) at sun.security.provider.ConfigFile$Spi.match(ConfigFile.java:572) at sun.security.provider.ConfigFile$Spi.parseLoginEntry(ConfigFile.java:477) at sun.security.provider.ConfigFile$Spi.readConfig(ConfigFile.java:427) at sun.security.provider.ConfigFile$Spi.init(ConfigFile.java:329) at sun.security.provider.ConfigFile$Spi.init(ConfigFile.java:271) at sun.security.provider.ConfigFile$Spi.<init>(ConfigFile.java:135) ... 24 more ```
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] With regards, Apache Git Services
