Closed sshuklao closed 2 years ago
pshipton
commented
2 years ago com.ibm.security.auth.module.JAASLoginModule is a class found in IBM Java 8, not Semeru. LIkely the App is incorrectly identifying the JVM as IBM Java 8 based on the "java.vendor" and assuming the class will be present. The app needs to be corrected to distinguish between IBM Java 8 and Semeru. In the meantime, see https://github.com/ibmruntimes/Semeru-Runtimes/issues/22#issuecomment-1118956905
krismarc
commented
1 year ago Hi @pshipton,
there's some inconsistency in java.vendor naming used with all Semeru runtimes. I've just checked all LTS open versions available in github. Seems like it's not general change between java 11 and 17.
while read line ; do rm -fr * ; curl -L "$line" -s | tar -xz --one-top-level=java --strip-components 1 ; ./java/bin/java -XshowSettings:properties -version 2>&1 | grep "java.vend
or.[=,v]" ; done < <(curl -L -H "$auth" "https://api.github.com/repos/ibmruntimes/semeru17-binaries/releases" -s | jq -r '.[].assets[].browser_download_url' | grep "open-jre.*x64_linux.*tar.gz$")
java.vendor = IBM Corporation
java.vendor.version = 17.0.7.0
java.vendor = IBM Corporation
java.vendor.version = 17.0.6.0
java.vendor = IBM Corporation
java.vendor.version = 17.0.5.0
java.vendor = IBM Corporation
java.vendor.version = 17.0.4.1
java.vendor = IBM Corporation
java.vendor.version = 17.0.4.0
java.vendor = IBM Corporation
java.vendor.version = 17.0.3.0
java.vendor = IBM Corporation
java.vendor.version = 17.0.2.0
java.vendor = IBM Corporation
java.vendor.version = 17.0.1.0
java.vendor = IBM Corporationwhile read line ; do rm -fr * ; curl -L "$line" -s | tar -xz --one-top-level=java --strip-components 1 ; ./java/bin/java -XshowSettings:properties -version 2>&1 | grep "java.vendor.[=,v]" ; done < <(curl -L -H "$auth" "https://api.github.com/repos/ibmruntimes/semeru11-binaries/releases" -s | jq -r '.[].assets[].browser_download_url' | grep "open-jre.*x64_linux.*tar.gz$")
java.vendor = IBM Corporation
java.vendor.version = 11.0.19.0
java.vendor = IBM Corporation
java.vendor.version = 11.0.18.0
java.vendor = IBM Corporation
java.vendor.version = 11.0.17.0
java.vendor = IBM Corporation
java.vendor.version = 11.0.16.1
java.vendor = IBM Corporation
java.vendor.version = 11.0.16.0
java.vendor = IBM Corporation
java.vendor.version = 11.0.15.0
java.vendor = International Business Machines Corporation
java.vendor.version = 11.0.14.1
java.vendor = International Business Machines Corporation
java.vendor.version = 11.0.14.0
java.vendor = International Business Machines Corporation
java.vendor.version = 11.0.13.0while read line ; do rm -fr * ; curl -L "$line" -s | tar -xz --one-top-level=java --strip-components 1 ; ./java/bin/java -XshowSettings:properties -version 2>&1 | grep "java.vendor.[=,v]\|java.version" ; done < <(curl -L -H "$auth" "https://api.github.com/repos/ibmruntimes/semeru8-binaries/releases" -s | jq -r '.[].assets[].browser_download_url' | grep "open-jre.*x64_linux.*tar.gz$")
java.vendor = IBM Corporation
java.version = 1.8.0_372
java.vendor = IBM Corporation
java.version = 1.8.0_362
java.vendor = IBM Corporation
java.version = 1.8.0_352
java.vendor = IBM Corporation
java.version = 1.8.0_352
java.vendor = IBM Corporation
java.version = 1.8.0_345
java.vendor = IBM Corporation
java.version = 1.8.0_345
java.vendor = IBM Corporation
java.version = 1.8.0_332
java.vendor = International Business Machines Corporation
java.version = 1.8.0_322
java.vendor = International Business Machines CorporationIt means, only old versions of java8 and java11 were using long IBM name (International Business Machines Corporation).
if you don't mind, please take a look at my issue with mssql jdbc https://github.com/microsoft/mssql-jdbc/issues/2139
Seems like similar story like you had with db2 driver: https://github.com/ibmruntimes/Semeru-Runtimes/issues/22
Actually, MSSQL jdbc driver is just checking if java.vendor starts with "IBM*" https://github.com/microsoft/mssql-jdbc/blob/7e476f4d22a9667a722c60d295519f9a1a30b1dc/src/main/java/com/microsoft/sqlserver/jdbc/Util.java#L51 https://github.com/microsoft/mssql-jdbc/blob/7e476f4d22a9667a722c60d295519f9a1a30b1dc/src/main/java/com/microsoft/sqlserver/jdbc/JaasConfiguration.java#L30
..if not, then com.sun. libs are used for Kerberos authentications. It means, with old java11 Semeru versions Kerberos login worked because "International Business Machines Corporation" didn't meet the condition and after that change it fails due to no module found
javax.security.auth.login.LoginException (No LoginModule found for com.ibm.security.auth.module.Krb5LoginModule)
..so since this name change introduction the driver is trying to use com.ibm. libs
krismarc
commented
1 year ago com.ibm.security.auth.module.JAASLoginModule is a class found in IBM Java 8, not Semeru. LIkely the App is incorrectly identifying the JVM as IBM Java 8 based on the "java.vendor" and assuming the class will be present. The app needs to be corrected to distinguish between IBM Java 8 and Semeru. In the meantime, see #22 (comment)
so.. if my understanding is correct, MSSQL jdbc driver maintainers shouldn't just check if the vendor name starts with IBM. They should rather check if it's Semeru runtime and use com.sun. libs in that case instead?
pshipton
commented
1 year ago The long name was used in some old releases as a temporary workaround for the problem, which was only needed in jdk8 and jdk11. The temporary workaround expired and the java.vendor was updated to the expected value "IBM Corporation". It's still possible, using the workaround I provided, to modify the java.vendor so that apps which make assumptions based on java.vendor can work.
MSSQL jdbc driver maintainers shouldn't just check if the vendor name starts with IBM. They should rather check if it's Semeru runtime and use com.sun. libs in that case instead?
Correct.
krismarc
commented
1 year ago Thank you for quick response! Well, workaround looks good. However, if there's anything else that relays on actual value then it could become broken. Their approach to relay on a substring of this value also looks to me bad. Would you mind to give them any advice on this in my issue https://github.com/microsoft/mssql-jdbc/issues/2139?
krismarc
commented
1 year ago Just to mention the impact to anyone else who's going to check this topic.
If application migrates from any lower Semeru version than 11.0.14.1 to higher 11+ or any 17 and uses MSSQL jdbc driver with Kerberos Authentication then it will fail with javax.security.auth.login.LoginException (No LoginModule found for com.ibm.security.auth.module.Krb5LoginModule)
pshipton
commented
1 year ago Would you mind to give them any advice on this in my issue https://github.com/microsoft/mssql-jdbc/issues/2139?
https://github.com/microsoft/mssql-jdbc/issues/2139#issuecomment-1577416466
We are getting below error when creating Spark context.
Java Version :