FULL PRODUCT VERSION : java version "1.7.0_02" Java(TM) SE Runtime Environment (build 1.7.0_02-b13) Java HotSpot(TM) 64-Bit Server VM (build 22.0-b10, mixed mode) ADDITIONAL OS VERSION INFORMATION : Microsoft Windows [Version 6.1.7600] A DESCRIPTION OF THE PROBLEM : Under JDK6, sun.security.krb5.internal.ktab.KeyTab.getInstance() used to remove prefixes like "file:" from the keyTabName. Using JDK7 this is no longer the case. Passing a File URI like "file:/..." now results in an empty KeyTab. What happens, is a FileNotFoundException is thrown when reading from the FileInputStream in the constructor. The exception is caught in the constructor and the "isMissing" flag is set to true. However, when the default_keytab_name property is resolved in getDefaultTabName(), prefixes like "file:" *are* removed (by calling the parse method). STEPS TO FOLLOW TO REPRODUCE THE PROBLEM : 1. Construct a dummy keytab file using ktab.exe. ktab.exe -a host/user@DOMAIN password -k dummy.keytab 2. Construct a KeyTab using a File URI. KeyTab keyTab = KeyTab.getInstance("file:/C:/workspace/dummy.keytab"); 3. Retrieve the entries from the KeyTab. keyTab.getEntries() EXPECTED VERSUS ACTUAL BEHAVIOR : EXPECTED - keyTab.getEntries() should contain the entries of the keytab. ACTUAL - keyTab.getEntries() is always empty, i.e. keyTab.getEntries().length is always zero. However, when using with the absolute path to the same file, i.e. KeyTab.getInstance("C:/workspace/dummy.keytab"), it will correctly read its entries. REPRODUCIBILITY : This bug can be reproduced always. ---------- BEGIN SOURCE ---------- import static org.junit.Assert.assertTrue; import org.junit.Test; import sun.security.krb5.internal.ktab.KeyTab; public class KeyTabPrefixBug { private static final String PATH_TO_KEY_TAB = "C:/workspace/dummy.keytab"; @Test public void withUriPrefix() throws Exception { KeyTab keyTab = KeyTab.getInstance("file:/" + PATH_TO_KEY_TAB); assertTrue(keyTab.getEntries().length > 0); // fails } @Test public void withoutUriPrefix() throws Exception { KeyTab keyTab = KeyTab.getInstance(PATH_TO_KEY_TAB); assertTrue(keyTab.getEntries().length > 0); // succeeds } } ---------- END SOURCE ---------- CUSTOMER SUBMITTED WORKAROUND : Always use file paths (never URIs) when using the Kerberos API.
|