[ 
https://issues.apache.org/jira/browse/HADOOP-19212?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18015320#comment-18015320
 ] 

ASF GitHub Bot commented on HADOOP-19212:
-----------------------------------------

pan3793 commented on code in PR #7886:
URL: https://github.com/apache/hadoop/pull/7886#discussion_r2289946280


##########
hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/util/SubjectUtil.java:
##########
@@ -0,0 +1,232 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.hadoop.util;
+
+import java.lang.invoke.MethodHandle;
+import java.lang.invoke.MethodHandles;
+import java.lang.invoke.MethodType;
+import java.lang.reflect.UndeclaredThrowableException;
+import java.security.PrivilegedAction;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
+import java.util.concurrent.Callable;
+import java.util.concurrent.CompletionException;
+
+import javax.security.auth.Subject;
+
+import org.apache.hadoop.classification.InterfaceAudience.Private;
+
+@Private
+public class SubjectUtil {
+  private static MethodHandle CALL_AS;
+  private static MethodHandle CURRENT;
+
+  static {
+    MethodHandles.Lookup lookup = MethodHandles.lookup();
+    try {
+      try {
+        // Subject.doAs() is deprecated for removal and replaced by 
Subject.callAs().
+        // Lookup first the new API, since for Java versions where both exist, 
the
+        // new API delegates to the old API (e.g. Java 18, 19 and 20).
+        // Otherwise (e.g. Java 17), lookup the old API.
+        CALL_AS = lookup.findStatic(Subject.class, "callAs",
+            MethodType.methodType(Object.class, Subject.class, 
Callable.class));
+      } catch (NoSuchMethodException x) {
+        try {
+          // Lookup the old API.
+          MethodType oldSignature = MethodType.methodType(
+              Object.class, Subject.class, PrivilegedExceptionAction.class);
+          MethodHandle doAs = lookup.findStatic(Subject.class, "doAs", 
oldSignature);
+          // Convert the Callable used in the new API to the PrivilegedAction 
used
+          // in the old API.
+          MethodType convertSignature = MethodType.methodType(
+              PrivilegedExceptionAction.class, Callable.class);
+          MethodHandle converter = lookup.findStatic(
+              SubjectUtil.class, "callableToPrivilegedExceptionAction", 
convertSignature);
+          CALL_AS = MethodHandles.filterArguments(doAs, 1, converter);
+        } catch (NoSuchMethodException e) {
+          throw new AssertionError(e);

Review Comment:
   thanks for suggestion, adopted





> [JDK23] org.apache.hadoop.security.UserGroupInformation use of Subject needs 
> to move to replacement APIs
> --------------------------------------------------------------------------------------------------------
>
>                 Key: HADOOP-19212
>                 URL: https://issues.apache.org/jira/browse/HADOOP-19212
>             Project: Hadoop Common
>          Issue Type: Sub-task
>          Components: security
>    Affects Versions: 3.5.0
>            Reporter: Alan Bateman
>            Priority: Major
>              Labels: pull-request-available
>
> `javax.security.auth.Subject.getSubject` and `Subject.doAs` were deprecated 
> for removal in JDK 17. The replacement APIs are `Subject.current` and 
> `callAs`. See [JEP 411]([https://openjdk.org/jeps/411]) for background.
> The `Subject.getSubject` API has been "degraded" in JDK 23 to throw 
> `UnsupportedOperationException` if not running with the option to allow a 
> SecurityManager. In a future JDK release, the `Subject.getSubject` API will 
> be degraded further to throw`UnsupportedOperationException` unconditionally.
> [renaissance/issues/439]([https://github.com/renaissance-benchmarks/renaissance/issues/439])
>  is a failure with a Spark benchmark due to the code in 
> `org.apache.hadoop.security.UserGroupInformation` using the deprecated 
> `Subject.getSubject` method. The maintainers of this code need to migrate 
> this code to the replacement APIs to ensure that this code will continue to 
> work once the security manager feature is removed.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org

Reply via email to