[HADOOP-19212] [JDK23] org.apache.hadoop.security.UserGroupInformation use of Subject needs to move to replacement APIs - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Sub-task
Status: Open
Priority: Major
Resolution: Unresolved
Affects Version/s: 3.5.0
Fix Version/s: None
Component/s: security
Labels:
- pull-request-available

Description

`javax.security.auth.Subject.getSubject` and `Subject.doAs` were deprecated for removal in JDK 17. The replacement APIs are `Subject.current` and `callAs`. See [JEP 411](https://openjdk.org/jeps/411) for background.

The `Subject.getSubject` API has been "degraded" in JDK 23 to throw `UnsupportedOperationException` if not running with the option to allow a SecurityManager. In a future JDK release, the `Subject.getSubject` API will be degraded further to throw`UnsupportedOperationException` unconditionally.

[renaissance/issues/439](https://github.com/renaissance-benchmarks/renaissance/issues/439) is a failure with a Spark benchmark due to the code in `org.apache.hadoop.security.UserGroupInformation` using the deprecated `Subject.getSubject` method. The maintainers of this code need to migrate this code to the replacement APIs to ensure that this code will continue to work once the security manager feature is removed.

Attachments

Issue Links

is depended upon by

CALCITE-6587 Support JDK 23 and Guava 33.3.0

Closed

is duplicated by

HADOOP-19293 Avoid Subject.getSubject method on newer JVMs

Resolved

links to

GitHub Pull Request #7081

Activity

People

Assignee:: Unassigned

Reporter:: Alan Bateman

Votes:: 0 Vote for this issue

Watchers:: 7 Start watching this issue

Dates

Created:: 28/Jun/24 08:02

Updated:: 28/Oct/24 22:31