Philip Zampino created KNOX-3338:
------------------------------------
Summary: Java 23+ : java.lang.UnsupportedOperationException:
getSubject is not supported
Key: KNOX-3338
URL: https://issues.apache.org/jira/browse/KNOX-3338
Project: Apache Knox
Issue Type: Improvement
Components: KnoxCLI, KnoxShell, Server
Reporter: Philip Zampino
`javax.security.auth.Subject.getSubject` and `Subject.doAs` were deprecated for
removal in JDK 17. The replacement APIs are `Subject.current` and `callAs`. See
[JEP 411]([https://openjdk.org/jeps/411]) for background.
The `Subject.getSubject` API has been "degraded" in JDK 23 to throw
`UnsupportedOperationException` if not running with the option to allow a
SecurityManager. In a future JDK release, the `Subject.getSubject` API will be
degraded further to throw`UnsupportedOperationException` unconditionally.
{noformat}
Caused by: java.lang.UnsupportedOperationException: getSubject is not supported
at javax.security.auth.Subject.getSubject(Subject.java:277) ~[?:?]
at
org.apache.knox.gateway.security.SubjectUtils.getCurrentSubject(SubjectUtils.java:41)
~[gateway-spi-3.0.0-SNAPSHOT.jar:3.0.0-SNAPSHOT]
at
org.apache.knox.gateway.identityasserter.common.filter.CommonIdentityAssertionFilter.doFilter(CommonIdentityAssertionFilter.java:226)
~[gateway-provider-identity-assertion-common-3.0.0-SNAPSHOT.jar:3.0.0-SNAPSHOT]
at
org.apache.knox.gateway.GatewayFilter$Holder.doFilter(GatewayFilter.java:391)
~[gateway-server-3.0.0-SNAPSHOT.jar:3.0.0-SNAPSHOT]
at
org.apache.knox.gateway.GatewayFilter$Chain.doFilter(GatewayFilter.java:305)
~[gateway-server-3.0.0-SNAPSHOT.jar:3.0.0-SNAPSHOT]
at
org.apache.knox.gateway.filter.ShiroSubjectIdentityAdapter$CallableChain$1.run(ShiroSubjectIdentityAdapter.java:136)
~[gateway-provider-security-shiro-3.0.0-SNAPSHOT.jar:3.0.0-SNAPSHOT]
at
org.apache.knox.gateway.filter.ShiroSubjectIdentityAdapter$CallableChain$1.run(ShiroSubjectIdentityAdapter.java:133)
~[gateway-provider-security-shiro-3.0.0-SNAPSHOT.jar:3.0.0-SNAPSHOT]
at
jdk.internal.vm.ScopedValueContainer.callWithoutScope(ScopedValueContainer.java:162)
~[?:?]
at
jdk.internal.vm.ScopedValueContainer.call(ScopedValueContainer.java:147) ~[?:?]
at java.lang.ScopedValue$Carrier.call(ScopedValue.java:419) ~[?:?]
at javax.security.auth.Subject.callAs(Subject.java:331) ~[?:?]
at javax.security.auth.Subject.doAs(Subject.java:440) ~[?:?]
at
org.apache.knox.gateway.filter.ShiroSubjectIdentityAdapter$CallableChain.call(ShiroSubjectIdentityAdapter.java:214)
~[gateway-provider-security-shiro-3.0.0-SNAPSHOT.jar:3.0.0-SNAPSHOT]
at
org.apache.knox.gateway.filter.ShiroSubjectIdentityAdapter$CallableChain.call(ShiroSubjectIdentityAdapter.java:119)
~[gateway-provider-security-shiro-3.0.0-SNAPSHOT.jar:3.0.0-SNAPSHOT]
at
org.apache.shiro.subject.support.SubjectCallable.doCall(SubjectCallable.java:90)
~[shiro-core-1.13.0.jar:1.13.0]
at
org.apache.shiro.subject.support.SubjectCallable.call(SubjectCallable.java:83)
~[shiro-core-1.13.0.jar:1.13.0]
at
org.apache.shiro.subject.support.DelegatingSubject.execute(DelegatingSubject.java:387)
~[shiro-core-1.13.0.jar:1.13.0]
at
org.apache.knox.gateway.filter.ShiroSubjectIdentityAdapter.doFilter(ShiroSubjectIdentityAdapter.java:116)
~[gateway-provider-security-shiro-3.0.0-SNAPSHOT.jar:3.0.0-SNAPSHOT]
at
org.apache.knox.gateway.GatewayFilter$Holder.doFilter(GatewayFilter.java:391)
~[gateway-server-3.0.0-SNAPSHOT.jar:3.0.0-SNAPSHOT]
at
org.apache.knox.gateway.GatewayFilter$Chain.doFilter(GatewayFilter.java:305)
~[gateway-server-3.0.0-SNAPSHOT.jar:3.0.0-SNAPSHOT]
at
org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:61)
~[shiro-web-1.13.0.jar:1.13.0]
at
org.apache.shiro.web.servlet.AdviceFilter.executeChain(AdviceFilter.java:108)
~[shiro-web-1.13.0.jar:1.13.0]
at
org.apache.shiro.web.servlet.AdviceFilter.doFilterInternal(AdviceFilter.java:137)
~[shiro-web-1.13.0.jar:1.13.0]
... 74 more{noformat}
Knox must migrate to the newer version of the Subject class.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
