Uploaded image for project: 'Java Driver'
  1. Java Driver
  2. JAVA-2162

DefaultServerMonitor loses security context on creating directly new thread

    XMLWordPrintableJSON

Details

    • Icon: Bug Bug
    • Resolution: Duplicate
    • Icon: Major - P3 Major - P3
    • None
    • 3.0.0
    • Authentication
    • None

    Description

      When using Kerberos authentication and credentials are stored in Subject.
      Monitor thread is not able to authenticate as while creating
      Thread monitorThread = new Thread( monitor, "cluster-" + serverId.getClusterId() + "-" + serverId.getAddress() );
      Old AccessControlContext (which contains Kerberos credentials) is not inherited.

      So the only workaround is to set javax.security.auth.useSubjectCredsOnly=false and use system ticket (But this is not working in case of using different clusters with different principals at the same time).

      The simplest fix is just wrap ServerMonitorRunnable() with AccessController.doPrivileged().

      Attachments

        1. fastest_fix.txt
          0.9 kB
        2. stacktrace.txt
          2 kB

        Activity

          People

            Unassigned Unassigned
            stepanovdg@gmail.com Dzmitry Stsiapanau
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: