[jira] [Commented] (HADOOP-19212) [JDK23] org.apache.hadoop.security.UserGroupInformation use of Subject needs to move to replacement APIs

[ASF GitHub Bot (Jira)]

    [ 
https://issues.apache.org/jira/browse/HADOOP-19212?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18014146#comment-18014146
 ] 

ASF GitHub Bot commented on HADOOP-19212:
-----------------------------------------

pan3793 commented on PR #7434:
URL: https://github.com/apache/hadoop/pull/7434#issuecomment-3191760091

   @stoty Thanks for your detailed reply!
   
   Now, I mainly care use case of Spark, I have successfully run some internal 
Spark workloads with Hadoop 3.4.1 (of course, trunk works too) client on JDK 21 
and 22, but Spark fails to start on JDK 23+ with error
   
   ```
   25/08/15 23:11:12 ERROR SparkContext: Error initializing SparkContext.
   java.lang.UnsupportedOperationException: getSubject is not supported
        at java.base/javax.security.auth.Subject.getSubject(Subject.java:277)
        at 
org.apache.hadoop.security.UserGroupInformation.getCurrentUser(UserGroupInformation.java:588)
        at 
org.apache.hadoop.fs.FileSystem$Cache$Key.<init>(FileSystem.java:3888)
        at 
org.apache.hadoop.fs.FileSystem$Cache$Key.<init>(FileSystem.java:3878)
        at org.apache.hadoop.fs.FileSystem$Cache.get(FileSystem.java:3666)
        at org.apache.hadoop.fs.FileSystem.get(FileSystem.java:557)
        at org.apache.spark.util.Utils$.getHadoopFileSystem(Utils.scala:1850)
           ...
   ```
   
   So, instead of making the whole Hadoop compatible with JDK 23+ entirely, I'd 
like to have some changes to make Spark happy first. I will try to do that and 
test with some internal Spark workloads in the next few weeks.




> [JDK23] org.apache.hadoop.security.UserGroupInformation use of Subject needs 
> to move to replacement APIs
> --------------------------------------------------------------------------------------------------------
>
>                 Key: HADOOP-19212
>                 URL: https://issues.apache.org/jira/browse/HADOOP-19212
>             Project: Hadoop Common
>          Issue Type: Sub-task
>          Components: security
>    Affects Versions: 3.5.0
>            Reporter: Alan Bateman
>            Priority: Major
>              Labels: pull-request-available
>
> `javax.security.auth.Subject.getSubject` and `Subject.doAs` were deprecated 
> for removal in JDK 17. The replacement APIs are `Subject.current` and 
> `callAs`. See [JEP 411]([https://openjdk.org/jeps/411]) for background.
> The `Subject.getSubject` API has been "degraded" in JDK 23 to throw 
> `UnsupportedOperationException` if not running with the option to allow a 
> SecurityManager. In a future JDK release, the `Subject.getSubject` API will 
> be degraded further to throw`UnsupportedOperationException` unconditionally.
> [renaissance/issues/439]([https://github.com/renaissance-benchmarks/renaissance/issues/439])
>  is a failure with a Spark benchmark due to the code in 
> `org.apache.hadoop.security.UserGroupInformation` using the deprecated 
> `Subject.getSubject` method. The maintainers of this code need to migrate 
> this code to the replacement APIs to ensure that this code will continue to 
> work once the security manager feature is removed.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org