Uploaded image for project: 'Java Driver'
  1. Java Driver
  2. JAVA-2162

DefaultServerMonitor loses security context on creating directly new thread

XMLWordPrintableJSON

    • Type: Icon: Bug Bug
    • Resolution: Duplicate
    • Priority: Icon: Major - P3 Major - P3
    • None
    • Affects Version/s: 3.0.0
    • Component/s: Authentication
    • Labels:
      None

      When using Kerberos authentication and credentials are stored in Subject.
      Monitor thread is not able to authenticate as while creating
      Thread monitorThread = new Thread( monitor, "cluster-" + serverId.getClusterId() + "-" + serverId.getAddress() );
      Old AccessControlContext (which contains Kerberos credentials) is not inherited.

      So the only workaround is to set javax.security.auth.useSubjectCredsOnly=false and use system ticket (But this is not working in case of using different clusters with different principals at the same time).

      The simplest fix is just wrap ServerMonitorRunnable() with AccessController.doPrivileged().

        1. fastest_fix.txt
          0.9 kB
        2. stacktrace.txt
          2 kB

            Assignee:
            Unassigned Unassigned
            Reporter:
            stepanovdg@gmail.com Dzmitry Stsiapanau
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: