Return false when java.security.auth.login.config is unreadable

[devcsrj]

In the ZkClient#isZkSaslEnabled, the method fails when the file represented by java.security.auth.login.config is unreadable:

        String loginConfigFile = System.getProperty(JAVA_LOGIN_CONFIG_PARAM);
        if (loginConfigFile != null && loginConfigFile.length() > 0) {
            LOG.info("JAAS File name: " + loginConfigFile);
            File configFile = new File(loginConfigFile);
            if (!configFile.canRead()) {
                throw new IllegalArgumentException("File " + loginConfigFile + "cannot be read.");
            }
        ...

Another 3rd-party library I'm using in the classpath, unfortunately, sets the java.security.auth.login.config system property to gss.conf, which causes ZkClient to fail when checking whether Sasl is enabled.

Will it be alright to replace this with a logger warning instead (i.e., return false on cases where the config file is unreadable)? If not, what're your recommendations?

[jzillmann]

I see it that way:

• The check is executed only when 'zookeeper.sasl.client' is set to true.
• When the above is true, it's crucial that the file specified by 'java.security.auth.login.config' is readable

So even if you would go past that check by making it a warning, my expectation is you start to run into the real problem by not being able to connect to zookeeper!

Thoughts @fpj ?

[devcsrj]

The check is executed only when 'zookeeper.sasl.client' is set to true

Oh you're right, I didn't notice that just above those lines. Will it make sense though to default zookeeper.sasl.client to false?

[jzillmann]

Yes, i mean depends on your environment/setup!

[devcsrj]

Ah I just meant, because of the line:

boolean zkSaslEnabled = Boolean.parseBoolean(System.getProperty(ZK_SASL_CLIENT, "true"));

It defaults to true

[jzillmann]

Oh yes, i think that makes sense!

@fpj any concerns ?