[
https://issues.apache.org/jira/browse/HADOOP-19212?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18015321#comment-18015321
]
ASF GitHub Bot commented on HADOOP-19212:
-----------------------------------------
stoty commented on code in PR #7886:
URL: https://github.com/apache/hadoop/pull/7886#discussion_r2289948065
##########
hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/util/SubjectUtil.java:
##########
@@ -0,0 +1,230 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.hadoop.util;
+
+import java.lang.invoke.MethodHandle;
+import java.lang.invoke.MethodHandles;
+import java.lang.invoke.MethodType;
+import java.lang.reflect.UndeclaredThrowableException;
+import java.security.PrivilegedAction;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
+import java.util.concurrent.Callable;
+import java.util.concurrent.CompletionException;
+
+import javax.security.auth.Subject;
+
+import org.apache.hadoop.classification.InterfaceAudience.Private;
+
+@Private
+public class SubjectUtil {
+ private static MethodHandle CALL_AS;
+ private static MethodHandle CURRENT;
+
+ static {
+ MethodHandles.Lookup lookup = MethodHandles.lookup();
+ try {
+ try {
+ // Subject.doAs() is deprecated for removal and replaced by
Subject.callAs().
+ // Lookup first the new API, since for Java versions where both exist,
the
+ // new API delegates to the old API (e.g. Java 18, 19 and 20).
+ // Otherwise (e.g. Java 17), lookup the old API.
+ CALL_AS = lookup.findStatic(Subject.class, "callAs",
+ MethodType.methodType(Object.class, Subject.class,
Callable.class));
+ } catch (NoSuchMethodException x) {
+ try {
+ // Lookup the old API.
+ MethodType oldSignature = MethodType.methodType(
+ Object.class, Subject.class, PrivilegedExceptionAction.class);
+ MethodHandle doAs = lookup.findStatic(Subject.class, "doAs",
oldSignature);
+ // Convert the Callable used in the new API to the PrivilegedAction
used
+ // in the old API.
+ MethodType convertSignature = MethodType.methodType(
+ PrivilegedExceptionAction.class, Callable.class);
+ MethodHandle converter = lookup.findStatic(
+ SubjectUtil.class, "callableToPrivilegedExceptionAction",
convertSignature);
+ CALL_AS = MethodHandles.filterArguments(doAs, 1, converter);
+ } catch (NoSuchMethodException e) {
+ throw new AssertionError(e);
+ }
+ }
+ } catch (IllegalAccessException e) {
+ throw new AssertionError(e);
+ }
+ }
+
+ static {
+ MethodHandles.Lookup lookup = MethodHandles.lookup();
+ try {
+ // Subject.getSubject(AccessControlContext) is deprecated for removal and
+ // replaced by Subject.current().
+ // Lookup first the new API, since for Java versions where both exists,
the
+ // new API delegates to the old API (e.g. Java 18, 19 and 20).
+ // Otherwise (e.g. Java 17), lookup the old API.
+ CURRENT = lookup.findStatic(
+ Subject.class, "current", MethodType.methodType(Subject.class));
+ } catch (NoSuchMethodException e) {
+ MethodHandle getContext = lookupGetContext();
+ MethodHandle getSubject = lookupGetSubject();
+ CURRENT = MethodHandles.filterReturnValue(getContext, getSubject);
+ } catch (IllegalAccessException e) {
+ throw new AssertionError(e);
+ }
+ }
+
+ private static MethodHandle lookupGetSubject() {
+ MethodHandles.Lookup lookup = MethodHandles.lookup();
+ try {
+ Class<?> contextKlass = ClassLoader.getSystemClassLoader()
+ .loadClass("java.security.AccessControlContext");
+ return lookup.findStatic(Subject.class,
+ "getSubject", MethodType.methodType(Subject.class, contextKlass));
+ } catch (ClassNotFoundException | NoSuchMethodException |
IllegalAccessException e) {
+ throw new AssertionError(e);
+ }
+ }
+
+ private static MethodHandle lookupGetContext() {
+ try {
+ // Use reflection to work with Java versions that have and don't have
+ // AccessController.
+ Class<?> controllerKlass = ClassLoader.getSystemClassLoader()
+ .loadClass("java.security.AccessController");
+ Class<?> contextKlass = ClassLoader.getSystemClassLoader()
+ .loadClass("java.security.AccessControlContext");
+
+ MethodHandles.Lookup lookup = MethodHandles.lookup();
+ return lookup.findStatic(
+ controllerKlass, "getContext", MethodType.methodType(contextKlass));
+ } catch (ClassNotFoundException | NoSuchMethodException |
IllegalAccessException e) {
+ throw new AssertionError(e);
+ }
+ }
+
+ /**
+ * Maps to Subject.callAs() if available, otherwise maps to Subject.doAs().
+ * It also wraps the Callable so that the Subject is propagated to the new
thread
+ * in all Java versions.
+ *
+ * @param subject the subject this action runs as
+ * @param action the action to run
+ * @return the result of the action
+ * @param <T> the type of the result
+ * @throws CompletionException if {@code action.call()} throws an exception.
+ * The cause of the {@code CompletionException} is set to the exception
+ * thrown by {@code action.call()}.
+ */
+ @SuppressWarnings("unchecked")
+ public static <T> T callAs(Subject subject, Callable<T> action) throws
CompletionException {
+ try {
+ return (T) CALL_AS.invoke(subject, action);
+ } catch (PrivilegedActionException e) {
+ throw new CompletionException(e.getCause());
+ } catch (Throwable t) {
+ throw sneakyThrow(t);
+ }
+ }
+
+ /**
+ * Maps action to a Callable, and delegates to callAs(). On older JVMs, the
+ * action may be double wrapped (into Callable, and then back into
+ * PrivilegedAction).
+ *
+ * @param subject the subject this action runs as
+ * @param action action the action to run
+ * @return the result of the action
+ * @param <T> the type of the result
+ */
+ public static <T> T doAs(Subject subject, PrivilegedAction<T> action) {
Review Comment:
https://github.com/openjdk/jdk21/blob/890adb6410dab4606a4f26a942aed02fb2f55387/src/java.base/share/classes/javax/security/auth/Subject.java#L375
https://github.com/openjdk/jdk24u/blob/b42f146edb8324bbb164bb706e8ad39d60aaf25b/src/java.base/share/classes/javax/security/auth/Subject.java#L327
So doAs() throws NPE and Security exceptions directly, and wraps Exceptions
from the Action in a PrivilegedExceptionAction , while
callAs() wraps every Exception in a CompletionException.
So yes, we do lose some information when using callAs(), as we can't
(easily) distinguish between NPEs and SecurityExceptions thrown in doAs itself
or in the callable.
However, UGI.doAs() unwraps PrivilegedActionExceptions anyway (and adds the
IOException constraint) so I can't really see any case when this would actually
matter.
So by shortcutting doAs() for older JDKs the only difference is that we're
throwing NPEs and SecurityExceptions from the doAs() method itself directly,
while in the wrapped case we're wrapping them in an
UndeclaredThrowableException, and even this is only matters in JDK 17, and
JDK18+ wraps all exceptions in a CompletionException anyway (just like
SubjectUtil does)
I support adding the shortcut, but more as optimization than a correctness
fix.
> [JDK23] org.apache.hadoop.security.UserGroupInformation use of Subject needs
> to move to replacement APIs
> --------------------------------------------------------------------------------------------------------
>
> Key: HADOOP-19212
> URL: https://issues.apache.org/jira/browse/HADOOP-19212
> Project: Hadoop Common
> Issue Type: Sub-task
> Components: security
> Affects Versions: 3.5.0
> Reporter: Alan Bateman
> Priority: Major
> Labels: pull-request-available
>
> `javax.security.auth.Subject.getSubject` and `Subject.doAs` were deprecated
> for removal in JDK 17. The replacement APIs are `Subject.current` and
> `callAs`. See [JEP 411]([https://openjdk.org/jeps/411]) for background.
> The `Subject.getSubject` API has been "degraded" in JDK 23 to throw
> `UnsupportedOperationException` if not running with the option to allow a
> SecurityManager. In a future JDK release, the `Subject.getSubject` API will
> be degraded further to throw`UnsupportedOperationException` unconditionally.
> [renaissance/issues/439]([https://github.com/renaissance-benchmarks/renaissance/issues/439])
> is a failure with a Spark benchmark due to the code in
> `org.apache.hadoop.security.UserGroupInformation` using the deprecated
> `Subject.getSubject` method. The maintainers of this code need to migrate
> this code to the replacement APIs to ensure that this code will continue to
> work once the security manager feature is removed.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org
