search

streamnative / pulsar-archived

Apache Pulsar - distributed pub-sub messaging system
https://pulsar.apache.org
Apache License 2.0
72 stars 25 forks source link

ISSUE-12868: java.lang.IllegalArgumentException: Malformed Kerberos name: broker/http://xxx@KRB5.COM #3289

Open sijie opened 3 years ago

sijie commented 3 years ago

Original Issue: apache/pulsar#12868

Describe the bug

  1. The version of puslar cluster is 2.7.0.
  2. Cluster uses kerberos for authentication.

  3. When use tools pulsar-admin to list topics under public/default, pulsar-admin shows the following exceptions:

    org.apache.pulsar.client.impl.auth.PulsarSaslClient - Using JAAS/SASL/GSSAPI auth to connect to server Principal broker/host12,
null
Reason: java.util.concurrent.TimeoutException

    and the broker shows the following exceptions:

    Caused by: java.lang.IllegalArgumentException: Malformed Kerberos name: broker/http://host14:8080/admin/v2/non-persistent/public/default/0x00000000_0x10000000@KRB5.COM
    at org.apache.pulsar.common.sasl.KerberosName.<init>(KerberosName.java:127) ~[org.apache.pulsar-pulsar-common-2.7.0.jar:2.7.0]
    at org.apache.pulsar.client.impl.auth.PulsarSaslClient.<init>(PulsarSaslClient.java:70) ~[org.apache.pulsar-pulsar-client-auth-sasl-2.7.0.jar:2.7.0]
    at org.apache.pulsar.client.impl.auth.AuthenticationSasl.getAuthData(AuthenticationSasl.java:100) ~[org.apache.pulsar-pulsar-client-auth-sasl-2.7.0.jar:2.7.0]
    at org.apache.pulsar.client.impl.auth.AuthenticationSasl.newRequestHeader(AuthenticationSasl.java:227) ~[org.apache.pulsar-pulsar-client-auth-sasl-2.7.0.jar:2.7.0]
    at org.apache.pulsar.client.impl.auth.AuthenticationSasl.newRequestBuilder(AuthenticationSasl.java:198) ~[org.apache.pulsar-pulsar-client-auth-sasl-2.7.0.jar:2.7.0]
    at org.apache.pulsar.client.impl.auth.AuthenticationSasl.authenticationStage(AuthenticationSasl.java:307) ~[org.apache.pulsar-pulsar-client-auth-sasl-2.7.0.jar:2.7.0]
    at org.apache.pulsar.client.impl.auth.AuthenticationSasl$1.completed(AuthenticationSasl.java:313) ~[org.apache.pulsar-pulsar-client-auth-sasl-2.7.0.jar:2.7.0]
    at org.apache.pulsar.client.impl.auth.AuthenticationSasl$1.completed(AuthenticationSasl.java:308) ~[org.apache.pulsar-pulsar-client-auth-sasl-2.7.0.jar:2.7.0]
    at org.glassfish.jersey.client.JerseyInvocation$1.completed(JerseyInvocation.java:814) ~[org.glassfish.jersey.core-jersey-client-2.31.jar:?]
    at org.glassfish.jersey.client.ClientRuntime.processResponse(ClientRuntime.java:229) ~[org.glassfish.jersey.core-jersey-client-2.31.jar:?]
    at org.glassfish.jersey.client.ClientRuntime.access$200(ClientRuntime.java:62) ~[org.glassfish.jersey.core-jersey-client-2.31.jar:?]
    at org.glassfish.jersey.client.ClientRuntime$2.lambda$response$0(ClientRuntime.java:173) ~[org.glassfish.jersey.core-jersey-client-2.31.jar:?]
    at org.glassfish.jersey.internal.Errors$1.call(Errors.java:248) ~[org.glassfish.jersey.core-jersey-common-2.31.jar:?]
    at org.glassfish.jersey.internal.Errors$1.call(Errors.java:244) ~[org.glassfish.jersey.core-jersey-common-2.31.jar:?]
    at org.glassfish.jersey.internal.Errors.process(Errors.java:292) ~[org.glassfish.jersey.core-jersey-common-2.31.jar:?]
    at org.glassfish.jersey.internal.Errors.process(Errors.java:274) ~[org.glassfish.jersey.core-jersey-common-2.31.jar:?]

    To Reproduce The bug happens occasionally.

Expect Behavior Kerberos client should use principal serverType/hostname@ream to connect the kdc server, in this case, it should be something like broker/host14@KRB5.COM instead of broker/http://host14:8080/admin/v2/non-persistent/public/default/0x00000000_0x10000000@KRB5.COM.

Possiable Reason When following the exception chain, I find the code below that in the file pulsar-client-auth-sasl\src\main\java\org\apache\pulsar\client\impl\auth\AuthenticationSasl.java, image

Maybe we should use target.getUri().getHost() instead of target.getUri().toString(). image

github-actions[bot] commented 2 years ago

The issue had no activity for 30 days, mark with Stale label.