Details
-
Sub-task
-
Status: Resolved
-
Minor
-
Resolution: Won't Fix
-
4.0.0
-
None
-
None
Description
* @deprecated This class is only useful in conjunction with * {@linkplain SecurityManager the Security Manager}, which is deprecated * and subject to removal in a future release. Consequently, this class * is also deprecated and subject to removal. There is no replacement for * the Security Manager or this class. */ @Deprecated(since="17", forRemoval=true) public final class AccessController { * @deprecated This class is only useful in conjunction with * {@linkplain SecurityManager the Security Manager}, which is deprecated * and subject to removal in a future release. Consequently, this class * is also deprecated and subject to removal. There is no replacement for * the Security Manager or this class. */ @Deprecated(since="17", forRemoval=true) public final class AccessControlContext {
`AccessControlContext` and `AccessController` are marked as deprecated in Java 17, with `forRemoval` set to true. From the Javadoc, it can be seen that they do not have corresponding replacements.
In Spark, there are three files that use AccessControlContext or AccessController:
private[serializer] var enableDebugging: Boolean = { !AccessController.doPrivileged(new sun.security.action.GetBooleanAction( "sun.io.serialization.extendedDebugInfo")).booleanValue() }
public void open() throws TTransportException { try { AccessControlContext context = AccessController.getContext(); Subject subject = Subject.getSubject(context); Subject.doAs(subject, (PrivilegedExceptionAction<Void>) () -> { try { wrapped.open(); } catch (TTransportException tte) { // Wrap the transport exception in an RTE, since Subject.doAs() then goes // and unwraps this for us out of the doAs block. We then unwrap one // more time in our catch clause to get back the TTE. (ugh) throw new RuntimeException(tte); } return null; }); } catch (PrivilegedActionException ioe) { throw new RuntimeException("Received an ioe we never threw!", ioe); } catch (RuntimeException rte) { if (rte.getCause() instanceof TTransportException) { throw (TTransportException) rte.getCause(); } else { throw rte; } } }
public static String getKerberosServiceTicket(String principal, String host, String serverHttpUrl, boolean assumeSubject) throws Exception { String serverPrincipal = ShimLoader.getHadoopThriftAuthBridge().getServerPrincipal(principal, host); if (assumeSubject) { // With this option, we're assuming that the external application, // using the JDBC driver has done a JAAS kerberos login already AccessControlContext context = AccessController.getContext(); Subject subject = Subject.getSubject(context); if (subject == null) { throw new Exception("The Subject is not set"); } return Subject.doAs(subject, new HttpKerberosClientAction(serverPrincipal, serverHttpUrl)); } else { // JAAS login from ticket cache to setup the client UserGroupInformation UserGroupInformation clientUGI = ShimLoader.getHadoopThriftAuthBridge().getCurrentUGIWithConf("kerberos"); return clientUGI.doAs(new HttpKerberosClientAction(serverPrincipal, serverHttpUrl)); } }