Skip to content
代码片段 群组 项目
未验证 提交 ad17ea10 编辑于 作者: Ron Dagostino's avatar Ron Dagostino 提交者: GitHub
浏览文件

KAFKA-10556: NPE if sasl.mechanism is unrecognized (#9356)

Reviewers: Rajini Sivaram <rajinisivaram@googlemail.com>
上级 901bf57c
No related branches found
No related tags found
无相关合并请求
......@@ -214,7 +214,11 @@ public class SaslClientAuthenticator implements Authenticator {
String[] mechs = {mechanism};
log.debug("Creating SaslClient: client={};service={};serviceHostname={};mechs={}",
clientPrincipalName, servicePrincipal, host, Arrays.toString(mechs));
return Sasl.createSaslClient(mechs, clientPrincipalName, servicePrincipal, host, configs, callbackHandler);
SaslClient retvalSaslClient = Sasl.createSaslClient(mechs, clientPrincipalName, servicePrincipal, host, configs, callbackHandler);
if (retvalSaslClient == null) {
throw new SaslAuthenticationException("Failed to create SaslClient with mechanism " + mechanism);
}
return retvalSaslClient;
});
} catch (PrivilegedActionException e) {
throw new SaslAuthenticationException("Failed to create SaslClient with mechanism " + mechanism, e.getCause());
......
......@@ -193,8 +193,11 @@ public class SaslServerAuthenticator implements Authenticator {
try {
saslServer = Subject.doAs(subject, (PrivilegedExceptionAction<SaslServer>) () ->
Sasl.createSaslServer(saslMechanism, "kafka", serverAddress().getHostName(), configs, callbackHandler));
if (saslServer == null) {
throw new SaslException("Kafka Server failed to create a SaslServer to interact with a client during session authentication with server mechanism " + saslMechanism);
}
} catch (PrivilegedActionException e) {
throw new SaslException("Kafka Server failed to create a SaslServer to interact with a client during session authentication", e.getCause());
throw new SaslException("Kafka Server failed to create a SaslServer to interact with a client during session authentication with server mechanism " + saslMechanism, e.getCause());
}
}
}
......
......@@ -1236,9 +1236,18 @@ public class SaslAuthenticatorTest {
saslClientConfigs.put(SaslConfigs.SASL_MECHANISM, "INVALID");
server = createEchoServer(securityProtocol);
createAndCheckClientConnectionFailure(securityProtocol, node);
server.verifyAuthenticationMetrics(0, 1);
server.verifyReauthenticationMetrics(0, 0);
try {
createAndCheckClientConnectionFailure(securityProtocol, node);
fail("Did not generate exception prior to creating channel");
} catch (IOException expected) {
server.verifyAuthenticationMetrics(0, 0);
server.verifyReauthenticationMetrics(0, 0);
Throwable underlyingCause = expected.getCause().getCause().getCause();
assertEquals(SaslAuthenticationException.class, underlyingCause.getClass());
assertEquals("Failed to create SaslClient with mechanism INVALID", underlyingCause.getMessage());
} finally {
closeClientConnectionIfNecessary();
}
}
/**
......
0% 加载中 .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册