Code review request: 7178649: TEST BUG: BadKdc3.java needs improvement to ignore the unlikely but possible timeout
Weijun Wang
weijun.wang at oracle.com
Wed Jul 18 02:12:06 PDT 2012
Please take a review at
http://cr.openjdk.java.net/~weijun/7178649/webrev.00/
These tests are meant to verify the behavior of KDC fallback with
different bad policy settings. Suppose one KDC has a problem, the client
would try it several times each with a timeout, and then go on with the
next KDC.
As there are a lot of timeout, I have designed the default timeout value
to be very short to speed up the whole test. Every now and then, even a
good KDC might not be able to reply in this short period, and an
unexpected timeout appears, and the test fails.
This code change is meant to make the verification smarter, so that it
tolerates such kind of "real" timeout. Suppose KDC1 is off and KDC2 is
on, then with a max-retries of 3, ideally you will see 3 tries on KDC1
and 1 try on KDC2, but you might also see 2 tries on KDC2. I'm now using
the regex "1112{1,2}" to denote this possibility.
Please note that in some cases a single "real" timeout will make the
whole authentication fail if a KDC is only given max_retries as 1. This
is the case in BadKdc1.java's 4th and 5th rounds of test, where the
newly started KDC2 has max_retries being 1 (because of its bad history).
If a timeout happens on it, there is no way to try it again and the
whole authentication would fail. Thus I use "-" in the regex pattern as
a failure.
Thanks
Max
-------- Original Message --------
http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=7178649
7178649: TEST BUG: BadKdc3.java needs improvement to ignore the unlikely
but possible timeout
Product: java
Category: java
Subcategory: classes_security
=== *Description*
============================================================
sun/security/krb5/auto/BadKdc3.java
Test needs improvement to ignore the unlikely but possible timeout.
Currently it might fail due to such timeout.
sun/security/krb5/auto/BadKdc1.java
has similiar issue
More information about the security-dev
mailing list