[
https://issues.apache.org/jira/browse/KNOX-3338?focusedWorklogId=1026697&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-1026697
]
ASF GitHub Bot logged work on KNOX-3338:
----------------------------------------
Author: ASF GitHub Bot
Created on: 24/Jun/26 21:21
Start Date: 24/Jun/26 21:21
Worklog Time Spent: 10m
Work Description: github-actions[bot] commented on PR #1277:
URL: https://github.com/apache/knox/pull/1277#issuecomment-4793775571
## Test Results
28 tests 28 ✅ 2s ⏱️
1 suites 0 💤
1 files 0 ❌
Results for commit 11cc435a.
[test-results]:data:application/gzip;base64,H4sIAExKPGoC/12Myw7CIBQFf6Vh7QJKEfBnDF4gubEthsfK+O/SVrF1d2ZOMk/icXSJXDp26kgqmBvYEk3GMFfsK9YjL1evvnBNBeDP3PFRDW3CGxwPwsUY4sfEMrfisg/BTfx6K+9yK+9rEKYJcwXCGMDAhXFnqixIJ4xmN6u91NwbsEIwySmnirzev6N5u/8AAAA=
Issue Time Tracking
-------------------
Worklog Id: (was: 1026697)
Time Spent: 20m (was: 10m)
> Java 23+ : java.lang.UnsupportedOperationException: getSubject is not
> supported
> -------------------------------------------------------------------------------
>
> Key: KNOX-3338
> URL: https://issues.apache.org/jira/browse/KNOX-3338
> Project: Apache Knox
> Issue Type: Improvement
> Components: KnoxCLI, KnoxShell, Server
> Reporter: Philip Zampino
> Priority: Major
> Time Spent: 20m
> Remaining Estimate: 0h
>
> `javax.security.auth.Subject.getSubject` and `Subject.doAs` were deprecated
> for removal in JDK 17. The replacement APIs are `Subject.current` and
> `callAs`. See [JEP 411]([https://openjdk.org/jeps/411]) for background.
> The `Subject.getSubject` API has been "degraded" in JDK 23 to throw
> `UnsupportedOperationException` if not running with the option to allow a
> SecurityManager. In a future JDK release, the `Subject.getSubject` API will
> be degraded further to throw`UnsupportedOperationException` unconditionally.
> {noformat}
> Caused by: java.lang.UnsupportedOperationException: getSubject is not
> supported
> at javax.security.auth.Subject.getSubject(Subject.java:277) ~[?:?]
> at
> org.apache.knox.gateway.security.SubjectUtils.getCurrentSubject(SubjectUtils.java:41)
> ~[gateway-spi-3.0.0-SNAPSHOT.jar:3.0.0-SNAPSHOT]
> at
> org.apache.knox.gateway.identityasserter.common.filter.CommonIdentityAssertionFilter.doFilter(CommonIdentityAssertionFilter.java:226)
>
> ~[gateway-provider-identity-assertion-common-3.0.0-SNAPSHOT.jar:3.0.0-SNAPSHOT]
> at
> org.apache.knox.gateway.GatewayFilter$Holder.doFilter(GatewayFilter.java:391)
> ~[gateway-server-3.0.0-SNAPSHOT.jar:3.0.0-SNAPSHOT]
> at
> org.apache.knox.gateway.GatewayFilter$Chain.doFilter(GatewayFilter.java:305)
> ~[gateway-server-3.0.0-SNAPSHOT.jar:3.0.0-SNAPSHOT]
> at
> org.apache.knox.gateway.filter.ShiroSubjectIdentityAdapter$CallableChain$1.run(ShiroSubjectIdentityAdapter.java:136)
> ~[gateway-provider-security-shiro-3.0.0-SNAPSHOT.jar:3.0.0-SNAPSHOT]
> at
> org.apache.knox.gateway.filter.ShiroSubjectIdentityAdapter$CallableChain$1.run(ShiroSubjectIdentityAdapter.java:133)
> ~[gateway-provider-security-shiro-3.0.0-SNAPSHOT.jar:3.0.0-SNAPSHOT]
> at
> jdk.internal.vm.ScopedValueContainer.callWithoutScope(ScopedValueContainer.java:162)
> ~[?:?]
> at
> jdk.internal.vm.ScopedValueContainer.call(ScopedValueContainer.java:147)
> ~[?:?]
> at java.lang.ScopedValue$Carrier.call(ScopedValue.java:419) ~[?:?]
> at javax.security.auth.Subject.callAs(Subject.java:331) ~[?:?]
> at javax.security.auth.Subject.doAs(Subject.java:440) ~[?:?]
> at
> org.apache.knox.gateway.filter.ShiroSubjectIdentityAdapter$CallableChain.call(ShiroSubjectIdentityAdapter.java:214)
> ~[gateway-provider-security-shiro-3.0.0-SNAPSHOT.jar:3.0.0-SNAPSHOT]
> at
> org.apache.knox.gateway.filter.ShiroSubjectIdentityAdapter$CallableChain.call(ShiroSubjectIdentityAdapter.java:119)
> ~[gateway-provider-security-shiro-3.0.0-SNAPSHOT.jar:3.0.0-SNAPSHOT]
> at
> org.apache.shiro.subject.support.SubjectCallable.doCall(SubjectCallable.java:90)
> ~[shiro-core-1.13.0.jar:1.13.0]
> at
> org.apache.shiro.subject.support.SubjectCallable.call(SubjectCallable.java:83)
> ~[shiro-core-1.13.0.jar:1.13.0]
> at
> org.apache.shiro.subject.support.DelegatingSubject.execute(DelegatingSubject.java:387)
> ~[shiro-core-1.13.0.jar:1.13.0]
> at
> org.apache.knox.gateway.filter.ShiroSubjectIdentityAdapter.doFilter(ShiroSubjectIdentityAdapter.java:116)
> ~[gateway-provider-security-shiro-3.0.0-SNAPSHOT.jar:3.0.0-SNAPSHOT]
> at
> org.apache.knox.gateway.GatewayFilter$Holder.doFilter(GatewayFilter.java:391)
> ~[gateway-server-3.0.0-SNAPSHOT.jar:3.0.0-SNAPSHOT]
> at
> org.apache.knox.gateway.GatewayFilter$Chain.doFilter(GatewayFilter.java:305)
> ~[gateway-server-3.0.0-SNAPSHOT.jar:3.0.0-SNAPSHOT]
> at
> org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:61)
> ~[shiro-web-1.13.0.jar:1.13.0]
> at
> org.apache.shiro.web.servlet.AdviceFilter.executeChain(AdviceFilter.java:108)
> ~[shiro-web-1.13.0.jar:1.13.0]
> at
> org.apache.shiro.web.servlet.AdviceFilter.doFilterInternal(AdviceFilter.java:137)
> ~[shiro-web-1.13.0.jar:1.13.0]
> ... 74 more{noformat}
> Knox must migrate to the newer version of the Subject class.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)