[CI] KerberosAuthenticationIT testLoginByUsernamePassword failing

[jbaiera]

Looks JDK 17 related. Fails infrequently (2 failures out of 181 tests today). Tried to reproduce locally but couldn't get it to happen.

Build scan:
https://gradle-enterprise.elastic.co/s/cvahumzluevq2/tests/:x-pack:qa:kerberos-tests:integTest/org.elasticsearch.xpack.security.authc.kerberos.KerberosAuthenticationIT/testLoginByUsernamePassword

Reproduction line:
./gradlew ':x-pack:qa:kerberos-tests:integTest' --tests "org.elasticsearch.xpack.security.authc.kerberos.KerberosAuthenticationIT.testLoginByUsernamePassword" -Dtests.seed=7D98DB14CF7C00EE -Dtests.locale=de-DE -Dtests.timezone=America/Toronto -Druntime.java=17

Applicable branches:
master

Reproduces locally?:
No

Failure history:
https://gradle-enterprise.elastic.co/scans/tests?tests.container=org.elasticsearch.xpack.security.authc.kerberos.KerberosAuthenticationIT&tests.test=testLoginByUsernamePassword

Failure excerpt:

java.lang.RuntimeException: javax.security.auth.login.LoginException: no supported default etypes for default_tkt_enctypes

  at __randomizedtesting.SeedInfo.seed([7D98DB14CF7C00EE:45B9D22D1EA00877]:0)
  at org.elasticsearch.xpack.security.authc.kerberos.SpnegoHttpClientConfigCallbackHandler.setupSpnegoAuthSchemeSupport(SpnegoHttpClientConfigCallbackHandler.java:142)
  at org.elasticsearch.xpack.security.authc.kerberos.SpnegoHttpClientConfigCallbackHandler.customizeHttpClient(SpnegoHttpClientConfigCallbackHandler.java:116)
  at org.elasticsearch.client.RestClientBuilder.createHttpClient(RestClientBuilder.java:291)
  at java.security.AccessController.doPrivileged(AccessController.java:312)
  at org.elasticsearch.client.RestClientBuilder.build(RestClientBuilder.java:266)
  at org.elasticsearch.xpack.security.authc.kerberos.KerberosAuthenticationIT.buildRestClientForKerberos(KerberosAuthenticationIT.java:191)
  at org.elasticsearch.xpack.security.authc.kerberos.KerberosAuthenticationIT.executeRequestAndVerifyResponse(KerberosAuthenticationIT.java:157)
  at org.elasticsearch.xpack.security.authc.kerberos.KerberosAuthenticationIT.testLoginByUsernamePassword(KerberosAuthenticationIT.java:108)
  at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(NativeMethodAccessorImpl.java:-2)
  at jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:78)
  at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
  at java.lang.reflect.Method.invoke(Method.java:568)
  at com.carrotsearch.randomizedtesting.RandomizedRunner.invoke(RandomizedRunner.java:1758)
  at com.carrotsearch.randomizedtesting.RandomizedRunner$8.evaluate(RandomizedRunner.java:946)
  at com.carrotsearch.randomizedtesting.RandomizedRunner$9.evaluate(RandomizedRunner.java:982)
  at com.carrotsearch.randomizedtesting.RandomizedRunner$10.evaluate(RandomizedRunner.java:996)
  at com.carrotsearch.randomizedtesting.rules.StatementAdapter.evaluate(StatementAdapter.java:36)
  at org.apache.lucene.util.TestRuleSetupTeardownChained$1.evaluate(TestRuleSetupTeardownChained.java:49)
  at org.apache.lucene.util.AbstractBeforeAfterRule$1.evaluate(AbstractBeforeAfterRule.java:45)
  at org.apache.lucene.util.TestRuleThreadAndTestName$1.evaluate(TestRuleThreadAndTestName.java:48)
  at org.apache.lucene.util.TestRuleIgnoreAfterMaxFailures$1.evaluate(TestRuleIgnoreAfterMaxFailures.java:64)
  at org.apache.lucene.util.TestRuleMarkFailure$1.evaluate(TestRuleMarkFailure.java:47)
  at com.carrotsearch.randomizedtesting.rules.StatementAdapter.evaluate(StatementAdapter.java:36)
  at com.carrotsearch.randomizedtesting.ThreadLeakControl$StatementRunner.run(ThreadLeakControl.java:375)
  at com.carrotsearch.randomizedtesting.ThreadLeakControl.forkTimeoutingTask(ThreadLeakControl.java:824)
  at com.carrotsearch.randomizedtesting.ThreadLeakControl$3.evaluate(ThreadLeakControl.java:475)
  at com.carrotsearch.randomizedtesting.RandomizedRunner.runSingleTest(RandomizedRunner.java:955)
  at com.carrotsearch.randomizedtesting.RandomizedRunner$5.evaluate(RandomizedRunner.java:840)
  at com.carrotsearch.randomizedtesting.RandomizedRunner$6.evaluate(RandomizedRunner.java:891)
  at com.carrotsearch.randomizedtesting.RandomizedRunner$7.evaluate(RandomizedRunner.java:902)
  at org.apache.lucene.util.AbstractBeforeAfterRule$1.evaluate(AbstractBeforeAfterRule.java:45)
  at com.carrotsearch.randomizedtesting.rules.StatementAdapter.evaluate(StatementAdapter.java:36)
  at org.apache.lucene.util.TestRuleStoreClassName$1.evaluate(TestRuleStoreClassName.java:41)
  at com.carrotsearch.randomizedtesting.rules.NoShadowingOrOverridesOnMethodsRule$1.evaluate(NoShadowingOrOverridesOnMethodsRule.java:40)
  at com.carrotsearch.randomizedtesting.rules.NoShadowingOrOverridesOnMethodsRule$1.evaluate(NoShadowingOrOverridesOnMethodsRule.java:40)
  at com.carrotsearch.randomizedtesting.rules.StatementAdapter.evaluate(StatementAdapter.java:36)
  at com.carrotsearch.randomizedtesting.rules.StatementAdapter.evaluate(StatementAdapter.java:36)
  at org.apache.lucene.util.TestRuleAssertionsRequired$1.evaluate(TestRuleAssertionsRequired.java:53)
  at org.apache.lucene.util.TestRuleMarkFailure$1.evaluate(TestRuleMarkFailure.java:47)
  at org.apache.lucene.util.TestRuleIgnoreAfterMaxFailures$1.evaluate(TestRuleIgnoreAfterMaxFailures.java:64)
  at org.apache.lucene.util.TestRuleIgnoreTestSuites$1.evaluate(TestRuleIgnoreTestSuites.java:54)
  at com.carrotsearch.randomizedtesting.rules.StatementAdapter.evaluate(StatementAdapter.java:36)
  at com.carrotsearch.randomizedtesting.ThreadLeakControl$StatementRunner.run(ThreadLeakControl.java:375)
  at com.carrotsearch.randomizedtesting.ThreadLeakControl.lambda$forkTimeoutingTask$0(ThreadLeakControl.java:831)
  at java.lang.Thread.run(Thread.java:831)

  Caused by: javax.security.auth.login.LoginException: no supported default etypes for default_tkt_enctypes

    at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:787)
    at com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:597)
    at javax.security.auth.login.LoginContext.invoke(LoginContext.java:726)
    at javax.security.auth.login.LoginContext$4.run(LoginContext.java:665)
    at javax.security.auth.login.LoginContext$4.run(LoginContext.java:663)
    at java.security.AccessController.doPrivileged(AccessController.java:691)
    at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:663)
    at javax.security.auth.login.LoginContext.login(LoginContext.java:574)
    at org.elasticsearch.xpack.security.authc.kerberos.SpnegoHttpClientConfigCallbackHandler.lambda$login$1(SpnegoHttpClientConfigCallbackHandler.java:169)
    at java.security.AccessController.doPrivileged(AccessController.java:554)
    at org.elasticsearch.xpack.security.authc.kerberos.SpnegoHttpClientConfigCallbackHandler.login(SpnegoHttpClientConfigCallbackHandler.java:156)
    at org.elasticsearch.xpack.security.authc.kerberos.SpnegoHttpClientConfigCallbackHandler.setupSpnegoAuthSchemeSupport(SpnegoHttpClientConfigCallbackHandler.java:127)
    at org.elasticsearch.xpack.security.authc.kerberos.SpnegoHttpClientConfigCallbackHandler.customizeHttpClient(SpnegoHttpClientConfigCallbackHandler.java:116)
    at org.elasticsearch.client.RestClientBuilder.createHttpClient(RestClientBuilder.java:291)
    at java.security.AccessController.doPrivileged(AccessController.java:312)
    at org.elasticsearch.client.RestClientBuilder.build(RestClientBuilder.java:266)
    at org.elasticsearch.xpack.security.authc.kerberos.KerberosAuthenticationIT.buildRestClientForKerberos(KerberosAuthenticationIT.java:191)
    at org.elasticsearch.xpack.security.authc.kerberos.KerberosAuthenticationIT.executeRequestAndVerifyResponse(KerberosAuthenticationIT.java:157)
    at org.elasticsearch.xpack.security.authc.kerberos.KerberosAuthenticationIT.testLoginByUsernamePassword(KerberosAuthenticationIT.java:108)
    at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(NativeMethodAccessorImpl.java:-2)
    at jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:78)
    at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:568)
    at com.carrotsearch.randomizedtesting.RandomizedRunner.invoke(RandomizedRunner.java:1758)
    at com.carrotsearch.randomizedtesting.RandomizedRunner$8.evaluate(RandomizedRunner.java:946)
    at com.carrotsearch.randomizedtesting.RandomizedRunner$9.evaluate(RandomizedRunner.java:982)
    at com.carrotsearch.randomizedtesting.RandomizedRunner$10.evaluate(RandomizedRunner.java:996)
    at com.carrotsearch.randomizedtesting.rules.StatementAdapter.evaluate(StatementAdapter.java:36)
    at org.apache.lucene.util.TestRuleSetupTeardownChained$1.evaluate(TestRuleSetupTeardownChained.java:49)
    at org.apache.lucene.util.AbstractBeforeAfterRule$1.evaluate(AbstractBeforeAfterRule.java:45)
    at org.apache.lucene.util.TestRuleThreadAndTestName$1.evaluate(TestRuleThreadAndTestName.java:48)
    at org.apache.lucene.util.TestRuleIgnoreAfterMaxFailures$1.evaluate(TestRuleIgnoreAfterMaxFailures.java:64)
    at org.apache.lucene.util.TestRuleMarkFailure$1.evaluate(TestRuleMarkFailure.java:47)
    at com.carrotsearch.randomizedtesting.rules.StatementAdapter.evaluate(StatementAdapter.java:36)
    at com.carrotsearch.randomizedtesting.ThreadLeakControl$StatementRunner.run(ThreadLeakControl.java:375)
    at com.carrotsearch.randomizedtesting.ThreadLeakControl.forkTimeoutingTask(ThreadLeakControl.java:824)
    at com.carrotsearch.randomizedtesting.ThreadLeakControl$3.evaluate(ThreadLeakControl.java:475)
    at com.carrotsearch.randomizedtesting.RandomizedRunner.runSingleTest(RandomizedRunner.java:955)
    at com.carrotsearch.randomizedtesting.RandomizedRunner$5.evaluate(RandomizedRunner.java:840)
    at com.carrotsearch.randomizedtesting.RandomizedRunner$6.evaluate(RandomizedRunner.java:891)
    at com.carrotsearch.randomizedtesting.RandomizedRunner$7.evaluate(RandomizedRunner.java:902)
    at org.apache.lucene.util.AbstractBeforeAfterRule$1.evaluate(AbstractBeforeAfterRule.java:45)
    at com.carrotsearch.randomizedtesting.rules.StatementAdapter.evaluate(StatementAdapter.java:36)
    at org.apache.lucene.util.TestRuleStoreClassName$1.evaluate(TestRuleStoreClassName.java:41)
    at com.carrotsearch.randomizedtesting.rules.NoShadowingOrOverridesOnMethodsRule$1.evaluate(NoShadowingOrOverridesOnMethodsRule.java:40)
    at com.carrotsearch.randomizedtesting.rules.NoShadowingOrOverridesOnMethodsRule$1.evaluate(NoShadowingOrOverridesOnMethodsRule.java:40)
    at com.carrotsearch.randomizedtesting.rules.StatementAdapter.evaluate(StatementAdapter.java:36)
    at com.carrotsearch.randomizedtesting.rules.StatementAdapter.evaluate(StatementAdapter.java:36)
    at org.apache.lucene.util.TestRuleAssertionsRequired$1.evaluate(TestRuleAssertionsRequired.java:53)
    at org.apache.lucene.util.TestRuleMarkFailure$1.evaluate(TestRuleMarkFailure.java:47)
    at org.apache.lucene.util.TestRuleIgnoreAfterMaxFailures$1.evaluate(TestRuleIgnoreAfterMaxFailures.java:64)
    at org.apache.lucene.util.TestRuleIgnoreTestSuites$1.evaluate(TestRuleIgnoreTestSuites.java:54)
    at com.carrotsearch.randomizedtesting.rules.StatementAdapter.evaluate(StatementAdapter.java:36)
    at com.carrotsearch.randomizedtesting.ThreadLeakControl$StatementRunner.run(ThreadLeakControl.java:375)
    at com.carrotsearch.randomizedtesting.ThreadLeakControl.lambda$forkTimeoutingTask$0(ThreadLeakControl.java:831)
    at java.lang.Thread.run(Thread.java:831)

    Caused by: sun.security.krb5.KrbException: no supported default etypes for default_tkt_enctypes

      at sun.security.krb5.Config.defaultEtype(Config.java:1014)
      at sun.security.krb5.internal.crypto.EType.getDefaults(EType.java:264)
      at sun.security.krb5.KrbAsReqBuilder.build(KrbAsReqBuilder.java:272)
      at sun.security.krb5.KrbAsReqBuilder.send(KrbAsReqBuilder.java:344)
      at sun.security.krb5.KrbAsReqBuilder.action(KrbAsReqBuilder.java:498)
      at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:749)
      at com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:597)
      at javax.security.auth.login.LoginContext.invoke(LoginContext.java:726)
      at javax.security.auth.login.LoginContext$4.run(LoginContext.java:665)
      at javax.security.auth.login.LoginContext$4.run(LoginContext.java:663)
      at java.security.AccessController.doPrivileged(AccessController.java:691)
      at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:663)
      at javax.security.auth.login.LoginContext.login(LoginContext.java:574)
      at org.elasticsearch.xpack.security.authc.kerberos.SpnegoHttpClientConfigCallbackHandler.lambda$login$1(SpnegoHttpClientConfigCallbackHandler.java:169)
      at java.security.AccessController.doPrivileged(AccessController.java:554)
      at org.elasticsearch.xpack.security.authc.kerberos.SpnegoHttpClientConfigCallbackHandler.login(SpnegoHttpClientConfigCallbackHandler.java:156)
      at org.elasticsearch.xpack.security.authc.kerberos.SpnegoHttpClientConfigCallbackHandler.setupSpnegoAuthSchemeSupport(SpnegoHttpClientConfigCallbackHandler.java:127)
      at org.elasticsearch.xpack.security.authc.kerberos.SpnegoHttpClientConfigCallbackHandler.customizeHttpClient(SpnegoHttpClientConfigCallbackHandler.java:116)
      at org.elasticsearch.client.RestClientBuilder.createHttpClient(RestClientBuilder.java:291)
      at java.security.AccessController.doPrivileged(AccessController.java:312)
      at org.elasticsearch.client.RestClientBuilder.build(RestClientBuilder.java:266)
      at org.elasticsearch.xpack.security.authc.kerberos.KerberosAuthenticationIT.buildRestClientForKerberos(KerberosAuthenticationIT.java:191)
      at org.elasticsearch.xpack.security.authc.kerberos.KerberosAuthenticationIT.executeRequestAndVerifyResponse(KerberosAuthenticationIT.java:157)
      at org.elasticsearch.xpack.security.authc.kerberos.KerberosAuthenticationIT.testLoginByUsernamePassword(KerberosAuthenticationIT.java:108)
      at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(NativeMethodAccessorImpl.java:-2)
      at jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:78)
      at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
      at java.lang.reflect.Method.invoke(Method.java:568)
      at com.carrotsearch.randomizedtesting.RandomizedRunner.invoke(RandomizedRunner.java:1758)
      at com.carrotsearch.randomizedtesting.RandomizedRunner$8.evaluate(RandomizedRunner.java:946)
      at com.carrotsearch.randomizedtesting.RandomizedRunner$9.evaluate(RandomizedRunner.java:982)
      at com.carrotsearch.randomizedtesting.RandomizedRunner$10.evaluate(RandomizedRunner.java:996)
      at com.carrotsearch.randomizedtesting.rules.StatementAdapter.evaluate(StatementAdapter.java:36)
      at org.apache.lucene.util.TestRuleSetupTeardownChained$1.evaluate(TestRuleSetupTeardownChained.java:49)
      at org.apache.lucene.util.AbstractBeforeAfterRule$1.evaluate(AbstractBeforeAfterRule.java:45)
      at org.apache.lucene.util.TestRuleThreadAndTestName$1.evaluate(TestRuleThreadAndTestName.java:48)
      at org.apache.lucene.util.TestRuleIgnoreAfterMaxFailures$1.evaluate(TestRuleIgnoreAfterMaxFailures.java:64)
      at org.apache.lucene.util.TestRuleMarkFailure$1.evaluate(TestRuleMarkFailure.java:47)
      at com.carrotsearch.randomizedtesting.rules.StatementAdapter.evaluate(StatementAdapter.java:36)
      at com.carrotsearch.randomizedtesting.ThreadLeakControl$StatementRunner.run(ThreadLeakControl.java:375)
      at com.carrotsearch.randomizedtesting.ThreadLeakControl.forkTimeoutingTask(ThreadLeakControl.java:824)
      at com.carrotsearch.randomizedtesting.ThreadLeakControl$3.evaluate(ThreadLeakControl.java:475)
      at com.carrotsearch.randomizedtesting.RandomizedRunner.runSingleTest(RandomizedRunner.java:955)
      at com.carrotsearch.randomizedtesting.RandomizedRunner$5.evaluate(RandomizedRunner.java:840)
      at com.carrotsearch.randomizedtesting.RandomizedRunner$6.evaluate(RandomizedRunner.java:891)
      at com.carrotsearch.randomizedtesting.RandomizedRunner$7.evaluate(RandomizedRunner.java:902)
      at org.apache.lucene.util.AbstractBeforeAfterRule$1.evaluate(AbstractBeforeAfterRule.java:45)
      at com.carrotsearch.randomizedtesting.rules.StatementAdapter.evaluate(StatementAdapter.java:36)
      at org.apache.lucene.util.TestRuleStoreClassName$1.evaluate(TestRuleStoreClassName.java:41)
      at com.carrotsearch.randomizedtesting.rules.NoShadowingOrOverridesOnMethodsRule$1.evaluate(NoShadowingOrOverridesOnMethodsRule.java:40)
      at com.carrotsearch.randomizedtesting.rules.NoShadowingOrOverridesOnMethodsRule$1.evaluate(NoShadowingOrOverridesOnMethodsRule.java:40)
      at com.carrotsearch.randomizedtesting.rules.StatementAdapter.evaluate(StatementAdapter.java:36)
      at com.carrotsearch.randomizedtesting.rules.StatementAdapter.evaluate(StatementAdapter.java:36)
      at org.apache.lucene.util.TestRuleAssertionsRequired$1.evaluate(TestRuleAssertionsRequired.java:53)
      at org.apache.lucene.util.TestRuleMarkFailure$1.evaluate(TestRuleMarkFailure.java:47)
      at org.apache.lucene.util.TestRuleIgnoreAfterMaxFailures$1.evaluate(TestRuleIgnoreAfterMaxFailures.java:64)
      at org.apache.lucene.util.TestRuleIgnoreTestSuites$1.evaluate(TestRuleIgnoreTestSuites.java:54)
      at com.carrotsearch.randomizedtesting.rules.StatementAdapter.evaluate(StatementAdapter.java:36)
      at com.carrotsearch.randomizedtesting.ThreadLeakControl$StatementRunner.run(ThreadLeakControl.java:375)
      at com.carrotsearch.randomizedtesting.ThreadLeakControl.lambda$forkTimeoutingTask$0(ThreadLeakControl.java:831)
      at java.lang.Thread.run(Thread.java:831)

[elasticmachine]

Pinging @elastic/es-security (Team:Security)

[jbaiera]

Also seems to fail concurrently with the testGetOauth2TokenInExchangeForKerberosTickets and testLoginByKeytab tests as well

[davidkyle]

Another one https://gradle-enterprise.elastic.co/s/ixrbo343zx7km

[cbuescher]

Another one on master: https://gradle-enterprise.elastic.co/s/y5ld5n36pkgxg
Edit: also looks related: https://gradle-enterprise.elastic.co/s/jqkezx2jrfzzq

[benwtrent]

Another failure: https://gradle-enterprise.elastic.co/s/owxoenkuuv3uc

Java 17 doesn't like this test (or vice versa). But, with Java 17 locally, it does not repeatably fail...

./gradlew ':x-pack:qa:kerberos-tests:integTest' --tests "org.elasticsearch.xpack.security.authc.kerberos.KerberosAuthenticationIT.testGetOauth2TokenInExchangeForKerberosTickets" -Dtests.seed=932F61D7EA0BE5A -Dtests.locale=zh -Dtests.timezone=Africa/Niamey -Druntime.java=17 -Dtests.fips.enabled=true

[ywangd]

Another two, also JDK 17:

• https://gradle-enterprise.elastic.co/s/fvwa72nsgpaty
• https://gradle-enterprise.elastic.co/s/lnfpnbtvtufey

[cbuescher]

These two today look related as well, although its also two other tests in that suite failing:

org.elasticsearch.xpack.security.authc.kerberos.KerberosAuthenticationIT testGetOauth2TokenInExchangeForKerberosTickets
org.elasticsearch.xpack.security.authc.kerberos.KerberosAuthenticationIT testLoginByKeytab
org.elasticsearch.xpack.security.authc.kerberos.KerberosAuthenticationIT testLoginByUsernamePassword

https://gradle-enterprise.elastic.co/s/nkbph5n6sqfuu
https://gradle-enterprise.elastic.co/s/krlso23jknd56

[BigPandaToo]

One more today:
https://gradle-enterprise.elastic.co/s/4xyqudebfd5z4/console-log?task=:x-pack:qa:kerberos-tests:integTest

[matriv]

One more failure, opened and closed the issue, but you can find the relevant info here: #73453

[matriv]

and once more: https://gradle-enterprise.elastic.co/s/hhhdrlwmwg6yy

[williamrandolph]

It will probably not surprise you to learn out that this happened again today, and again with Java 17-ea: https://gradle-enterprise.elastic.co/s/l6o2pyyidbuqa

=======================================
  | Elasticsearch Build Hamster says Hello!
  | Gradle Version        : 7.0.2
  | OS Info               : Linux 3.10.0-1160.25.1.el7.x86_64 (amd64)
  | Runtime JDK Version   : 17-ea (Oracle)
  | Runtime java.home     : /var/lib/jenkins/.java/openjdk17
  | Gradle JDK Version    : 15.0.2 (Oracle)
  | Gradle java.home      : /var/lib/jenkins/.java/openjdk-15.0.2+7-linux
  | Random Testing Seed   : F901676C1A1D9357
  | In FIPS 140 mode      : true
  | =======================================

Since this is moderately noisy, I'm going to mute for "17-ea".equals(System.getProperty("java.version")) only.