K0K0V0K commented on code in PR #8522:
URL: https://github.com/apache/hadoop/pull/8522#discussion_r3371541190
##########
hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/util/SubjectUtil.java:
##########
@@ -335,9 +397,31 @@ public static <T> T doAs(
/**
* Maps to Subject.current() if available, otherwise maps to
Subject.getSubject().
*
+ * <p>On JDK 22+ also consults the Hadoop-managed
+ * {@link #CURRENT_SUBJECT_TL InheritableThreadLocal} so that platform
Threads which
+ * inherited a Subject from a parent's {@link #callAs} scope continue to
observe it.
+ * The JDK API {@code Subject.current()} (backed by {@code ScopedValue}) is
consulted
+ * first, so any future virtual-thread / {@code StructuredTaskScope} usage
that propagates
+ * the {@code ScopedValue} keeps working without falling back to the TLS
layer.
+ *
* @return the current subject
*/
public static Subject current() {
+ if (!THREAD_INHERITS_SUBJECT) {
+ // Prefer the JDK ScopedValue source of truth (forward-compatible with
virtual threads
+ // forked through StructuredTaskScope, which DO propagate ScopedValue).
+ Subject fromJdk = invokeJdkCurrent();
+ if (fromJdk != null) {
+ return fromJdk;
+ }
+ // Fallback: the Hadoop InheritableThreadLocal cascade for platform
Threads that inherited
+ // a Subject at construction time but are no longer inside any callAs
scope themselves.
+ return CURRENT_SUBJECT_TL.get();
Review Comment:
Seems good to me, thanks!
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
