This is an automated email from the ASF dual-hosted git repository.
baedke pushed a commit to branch issue/oak-11199
in repository https://gitbox.apache.org/repos/asf/jackrabbit-oak.git
The following commit(s) were added to refs/heads/issue/oak-11199 by this push:
new 7734562098 OAK-11199: getSubject is supported only if a security
manager is allowed
7734562098 is described below
commit 7734562098df73f23d2dd378efab8bade7b0748b
Author: Manfred Baedke <[email protected]>
AuthorDate: Mon Dec 9 18:02:38 2024 +0100
OAK-11199: getSubject is supported only if a security manager is allowed
Introduced helper class to handle the issue.
---
.../external/impl/jmx/Delegatee.java | 3 +-
.../external/AbstractExternalAuthTest.java | 3 +-
.../principal/ExternalIdentityImporterTest.java | 3 +-
.../AccessControlManagerLimitedSystemUserTest.java | 3 +-
.../impl/ReadablePathsAccessControlTest.java | 15 ++--
.../jackrabbit/oak/benchmark/AbstractTest.java | 3 +-
.../jackrabbit/oak/benchmark/CugOakTest.java | 3 +-
.../jackrabbit/oak/benchmark/LoginSystemTest.java | 3 +-
.../oak/commons/Java23Compatability.java | 93 ++++++++++++++++++++++
.../observation/ChangeCollectorProviderTest.java | 3 +-
.../LoginContextProviderImplTest.java | 3 +-
.../oak/security/authentication/PreAuthTest.java | 13 +--
.../authentication/user/LoginModuleImplTest.java | 3 +-
.../permission/RepoPolicyTreePermissionTest.java | 3 +-
.../security/user/CacheValidatorProviderTest.java | 3 +-
.../security/user/CachedGroupPrincipalTest.java | 3 +-
.../user/CachedPrincipalMembershipReaderTest.java | 3 +-
.../oak/security/user/PasswordExpiryAdminTest.java | 3 +-
.../oak/security/user/UserInitializerTest.java | 5 +-
.../user/UserPrincipalProviderWithCacheTest.java | 3 +-
.../security/authentication/preauthentication.md | 2 +-
.../apache/jackrabbit/j2ee/IndexInitializer.java | 3 +-
.../security/authentication/L9_NullLoginTest.java | 3 +-
.../principalbased/AbstractPrincipalBasedTest.java | 3 +-
.../oak/composite/blueGreen/Persistence.java | 3 +-
oak-security-spi/pom.xml | 5 ++
.../authentication/AbstractLoginModule.java | 3 +-
27 files changed, 159 insertions(+), 37 deletions(-)
diff --git
a/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/jmx/Delegatee.java
b/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/jmx/Delegatee.java
index cf8157a3be..6c7b3b70d9 100644
---
a/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/jmx/Delegatee.java
+++
b/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/jmx/Delegatee.java
@@ -23,6 +23,7 @@ import org.apache.jackrabbit.oak.api.CommitFailedException;
import org.apache.jackrabbit.oak.api.ContentRepository;
import org.apache.jackrabbit.oak.api.ContentSession;
import org.apache.jackrabbit.oak.api.Root;
+import org.apache.jackrabbit.oak.commons.Java23Compatability;
import org.apache.jackrabbit.oak.namepath.NamePathMapper;
import org.apache.jackrabbit.oak.plugins.value.jcr.ValueFactoryImpl;
import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
@@ -107,7 +108,7 @@ final class Delegatee {
int batchSize) {
ContentSession systemSession;
try {
- systemSession = Subject.doAs(SystemSubject.INSTANCE,
(PrivilegedExceptionAction<ContentSession>) () -> repository.login(null, null));
+ systemSession = Java23Compatability.doAs(SystemSubject.INSTANCE,
(PrivilegedExceptionAction<ContentSession>) () -> repository.login(null, null));
} catch (PrivilegedActionException e) {
throw new SyncRuntimeException(ERROR_CREATE_DELEGATEE, e);
}
diff --git
a/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/AbstractExternalAuthTest.java
b/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/AbstractExternalAuthTest.java
index 3fdc930c3a..7acbf31849 100644
---
a/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/AbstractExternalAuthTest.java
+++
b/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/AbstractExternalAuthTest.java
@@ -27,6 +27,7 @@ import org.apache.jackrabbit.oak.api.PropertyState;
import org.apache.jackrabbit.oak.api.Root;
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.api.Type;
+import org.apache.jackrabbit.oak.commons.Java23Compatability;
import org.apache.jackrabbit.oak.commons.collections.CollectionUtils;
import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
import org.apache.jackrabbit.oak.spi.security.authentication.SystemSubject;
@@ -213,7 +214,7 @@ public abstract class AbstractExternalAuthTest extends
AbstractSecurityTest {
@NotNull
protected Root getSystemRoot() throws Exception {
if (systemRoot == null) {
- systemSession = Subject.doAs(SystemSubject.INSTANCE,
(PrivilegedExceptionAction<ContentSession>) () ->
getContentRepository().login(null, null));
+ systemSession = Java23Compatability.doAs(SystemSubject.INSTANCE,
(PrivilegedExceptionAction<ContentSession>) () ->
getContentRepository().login(null, null));
systemRoot = systemSession.getLatestRoot();
}
return systemRoot;
diff --git
a/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/ExternalIdentityImporterTest.java
b/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/ExternalIdentityImporterTest.java
index c46e3a951c..2a587a01c6 100644
---
a/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/ExternalIdentityImporterTest.java
+++
b/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/ExternalIdentityImporterTest.java
@@ -27,6 +27,7 @@ import javax.jcr.SimpleCredentials;
import javax.security.auth.Subject;
import org.apache.jackrabbit.api.JackrabbitRepository;
+import org.apache.jackrabbit.oak.commons.Java23Compatability;
import org.apache.jackrabbit.oak.jcr.Jcr;
import org.apache.jackrabbit.oak.query.QueryEngineSettings;
import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
@@ -88,7 +89,7 @@ public class ExternalIdentityImporterTest {
Session createSession(Repository repo, boolean isSystem) throws Exception {
if (isSystem) {
- return Subject.doAs(SystemSubject.INSTANCE,
(PrivilegedExceptionAction<Session>) () -> repo.login(null, null));
+ return Java23Compatability.doAs(SystemSubject.INSTANCE,
(PrivilegedExceptionAction<Session>) () -> repo.login(null, null));
} else {
return repo.login(new
SimpleCredentials(UserConstants.DEFAULT_ADMIN_ID,
UserConstants.DEFAULT_ADMIN_ID.toCharArray()));
}
diff --git
a/oak-authorization-principalbased/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/principalbased/impl/AccessControlManagerLimitedSystemUserTest.java
b/oak-authorization-principalbased/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/principalbased/impl/AccessControlManagerLimitedSystemUserTest.java
index da697b6625..56a0d9ca2e 100644
---
a/oak-authorization-principalbased/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/principalbased/impl/AccessControlManagerLimitedSystemUserTest.java
+++
b/oak-authorization-principalbased/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/principalbased/impl/AccessControlManagerLimitedSystemUserTest.java
@@ -20,6 +20,7 @@ import org.apache.jackrabbit.api.security.user.Authorizable;
import org.apache.jackrabbit.api.security.user.User;
import org.apache.jackrabbit.oak.api.AuthInfo;
import org.apache.jackrabbit.oak.api.Root;
+import org.apache.jackrabbit.oak.commons.Java23Compatability;
import org.apache.jackrabbit.oak.spi.security.authentication.AuthInfoImpl;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
@@ -62,7 +63,7 @@ public class AccessControlManagerLimitedSystemUserTest
extends AccessControlMana
Set<Principal> principals = Set.of(testPrincipal);
AuthInfo authInfo = new AuthInfoImpl(UID, Collections.emptyMap(),
principals);
Subject subject = new Subject(true, principals, Set.of(authInfo),
Set.of());
- return Subject.doAsPrivileged(subject,
(PrivilegedExceptionAction<Root>) () -> getContentRepository().login(null,
null).getLatestRoot(), null);
+ return Java23Compatability.doAsPrivileged(subject,
(PrivilegedExceptionAction<Root>) () -> getContentRepository().login(null,
null).getLatestRoot(), null);
}
void grant(@NotNull Principal principal, @Nullable String path, @NotNull
String... privNames) throws Exception {
diff --git
a/oak-authorization-principalbased/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/principalbased/impl/ReadablePathsAccessControlTest.java
b/oak-authorization-principalbased/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/principalbased/impl/ReadablePathsAccessControlTest.java
index 68b68cd472..86c80aecf2 100644
---
a/oak-authorization-principalbased/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/principalbased/impl/ReadablePathsAccessControlTest.java
+++
b/oak-authorization-principalbased/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/principalbased/impl/ReadablePathsAccessControlTest.java
@@ -22,6 +22,7 @@ import org.apache.jackrabbit.guava.common.collect.Iterators;
import org.apache.jackrabbit.JcrConstants;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlManager;
import org.apache.jackrabbit.oak.api.ContentSession;
+import org.apache.jackrabbit.oak.commons.Java23Compatability;
import org.apache.jackrabbit.oak.commons.PathUtils;
import org.apache.jackrabbit.oak.commons.collections.CollectionUtils;
import
org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration;
@@ -84,7 +85,7 @@ public class ReadablePathsAccessControlTest extends
AbstractPrincipalBasedTest {
@Test
public void testHasPrivilege() throws Exception {
- try (ContentSession cs = Subject.doAsPrivileged(getTestSubject(),
(PrivilegedExceptionAction<ContentSession>) () ->
getContentRepository().login(null, null), null)) {
+ try (ContentSession cs =
Java23Compatability.doAsPrivileged(getTestSubject(),
(PrivilegedExceptionAction<ContentSession>) () ->
getContentRepository().login(null, null), null)) {
PrincipalBasedAccessControlManager testAcMgr = new
PrincipalBasedAccessControlManager(getMgrProvider(cs.getLatestRoot()),
getFilterProvider());
Set<Principal> principals = Collections.singleton(testPrincipal);
@@ -99,7 +100,7 @@ public class ReadablePathsAccessControlTest extends
AbstractPrincipalBasedTest {
@Test
public void testNotHasPrivilege() throws Exception {
- try (ContentSession cs = Subject.doAsPrivileged(getTestSubject(),
(PrivilegedExceptionAction<ContentSession>) () ->
getContentRepository().login(null, null), null)) {
+ try (ContentSession cs =
Java23Compatability.doAsPrivileged(getTestSubject(),
(PrivilegedExceptionAction<ContentSession>) () ->
getContentRepository().login(null, null), null)) {
PrincipalBasedAccessControlManager testAcMgr = new
PrincipalBasedAccessControlManager(getMgrProvider(cs.getLatestRoot()),
getFilterProvider());
Set<Principal> principals = Collections.singleton(testPrincipal);
@@ -140,7 +141,7 @@ public class ReadablePathsAccessControlTest extends
AbstractPrincipalBasedTest {
@Test
public void testGetPrivileges() throws Exception {
- try (ContentSession cs = Subject.doAsPrivileged(getTestSubject(),
(PrivilegedExceptionAction<ContentSession>) () ->
getContentRepository().login(null, null), null)) {
+ try (ContentSession cs =
Java23Compatability.doAsPrivileged(getTestSubject(),
(PrivilegedExceptionAction<ContentSession>) () ->
getContentRepository().login(null, null), null)) {
PrincipalBasedAccessControlManager testAcMgr = new
PrincipalBasedAccessControlManager(getMgrProvider(cs.getLatestRoot()),
getFilterProvider());
Privilege[] expected = privilegesFromNames(JCR_READ);
@@ -152,7 +153,7 @@ public class ReadablePathsAccessControlTest extends
AbstractPrincipalBasedTest {
@Test(expected = PathNotFoundException.class)
public void testGetPrivilegesAtRoot() throws Exception {
- try (ContentSession cs = Subject.doAsPrivileged(getTestSubject(),
(PrivilegedExceptionAction<ContentSession>) () ->
getContentRepository().login(null, null), null)) {
+ try (ContentSession cs =
Java23Compatability.doAsPrivileged(getTestSubject(),
(PrivilegedExceptionAction<ContentSession>) () ->
getContentRepository().login(null, null), null)) {
PrincipalBasedAccessControlManager testAcMgr = new
PrincipalBasedAccessControlManager(getMgrProvider(cs.getLatestRoot()),
getFilterProvider());
testAcMgr.getPrivileges(ROOT_PATH);
}
@@ -186,7 +187,7 @@ public class ReadablePathsAccessControlTest extends
AbstractPrincipalBasedTest {
@Test(expected = AccessDeniedException.class)
public void testGetEffectivePoliciesLimitedAccess() throws Exception {
- try (ContentSession cs = Subject.doAsPrivileged(getTestSubject(),
(PrivilegedExceptionAction<ContentSession>) () ->
getContentRepository().login(null, null), null)) {
+ try (ContentSession cs =
Java23Compatability.doAsPrivileged(getTestSubject(),
(PrivilegedExceptionAction<ContentSession>) () ->
getContentRepository().login(null, null), null)) {
PrincipalBasedAccessControlManager testAcMgr = new
PrincipalBasedAccessControlManager(getMgrProvider(cs.getLatestRoot()),
getFilterProvider());
testAcMgr.getEffectivePolicies(readablePaths.next());
}
@@ -201,7 +202,7 @@ public class ReadablePathsAccessControlTest extends
AbstractPrincipalBasedTest {
root.commit();
// test-session can read-ac at readable path but cannot access
principal-based policy
- try (ContentSession cs = Subject.doAsPrivileged(getTestSubject(),
(PrivilegedExceptionAction<ContentSession>) () ->
getContentRepository().login(null, null), null)) {
+ try (ContentSession cs =
Java23Compatability.doAsPrivileged(getTestSubject(),
(PrivilegedExceptionAction<ContentSession>) () ->
getContentRepository().login(null, null), null)) {
PrincipalBasedAccessControlManager testAcMgr = new
PrincipalBasedAccessControlManager(getMgrProvider(cs.getLatestRoot()),
getFilterProvider());
Set<AccessControlPolicy> effective =
ImmutableSet.copyOf(testAcMgr.getEffectivePolicies(path));
@@ -220,7 +221,7 @@ public class ReadablePathsAccessControlTest extends
AbstractPrincipalBasedTest {
root.commit();
// test-session can read-ac at readable path and at principal-based
policy
- try (ContentSession cs = Subject.doAsPrivileged(getTestSubject(),
(PrivilegedExceptionAction<ContentSession>) () ->
getContentRepository().login(null, null), null)) {
+ try (ContentSession cs =
Java23Compatability.doAsPrivileged(getTestSubject(),
(PrivilegedExceptionAction<ContentSession>) () ->
getContentRepository().login(null, null), null)) {
PrincipalBasedAccessControlManager testAcMgr = new
PrincipalBasedAccessControlManager(getMgrProvider(cs.getLatestRoot()),
getFilterProvider());
Set<AccessControlPolicy> effective =
CollectionUtils.toSet(testAcMgr.getEffectivePolicies(path));
diff --git
a/oak-benchmarks/src/main/java/org/apache/jackrabbit/oak/benchmark/AbstractTest.java
b/oak-benchmarks/src/main/java/org/apache/jackrabbit/oak/benchmark/AbstractTest.java
index ce8264b7d7..cac3dc66cc 100644
---
a/oak-benchmarks/src/main/java/org/apache/jackrabbit/oak/benchmark/AbstractTest.java
+++
b/oak-benchmarks/src/main/java/org/apache/jackrabbit/oak/benchmark/AbstractTest.java
@@ -37,6 +37,7 @@ import org.apache.jackrabbit.guava.common.base.Joiner;
import org.apache.commons.lang3.ArrayUtils;
import org.apache.commons.math3.stat.descriptive.DescriptiveStatistics;
import
org.apache.commons.math3.stat.descriptive.SynchronizedDescriptiveStatistics;
+import org.apache.jackrabbit.oak.commons.Java23Compatability;
import org.apache.jackrabbit.oak.commons.Profiler;
import org.apache.jackrabbit.oak.fixture.RepositoryFixture;
import org.apache.jackrabbit.oak.spi.security.authentication.SystemSubject;
@@ -588,7 +589,7 @@ public abstract class AbstractTest<T> extends Benchmark
implements CSVResultGene
protected Session loginSubject(@NotNull Subject subject) {
try {
- return Subject.doAsPrivileged(subject, new
PrivilegedExceptionAction<Session>() {
+ return Java23Compatability.doAsPrivileged(subject, new
PrivilegedExceptionAction<Session>() {
@Override
public Session run() throws Exception {
return getRepository().login(null, null);
diff --git
a/oak-benchmarks/src/main/java/org/apache/jackrabbit/oak/benchmark/CugOakTest.java
b/oak-benchmarks/src/main/java/org/apache/jackrabbit/oak/benchmark/CugOakTest.java
index 53ad214caf..3e417f4688 100644
---
a/oak-benchmarks/src/main/java/org/apache/jackrabbit/oak/benchmark/CugOakTest.java
+++
b/oak-benchmarks/src/main/java/org/apache/jackrabbit/oak/benchmark/CugOakTest.java
@@ -29,6 +29,7 @@ import org.apache.jackrabbit.oak.api.ContentRepository;
import org.apache.jackrabbit.oak.api.ContentSession;
import org.apache.jackrabbit.oak.api.PropertyState;
import org.apache.jackrabbit.oak.api.Root;
+import org.apache.jackrabbit.oak.commons.Java23Compatability;
import org.apache.jackrabbit.oak.fixture.JcrCreator;
import org.apache.jackrabbit.oak.fixture.OakRepositoryFixture;
import org.apache.jackrabbit.oak.fixture.RepositoryFixture;
@@ -89,7 +90,7 @@ public class CugOakTest extends CugTest {
if (singleSession) {
readSession = cs;
} else {
- readSession = Subject.doAs(subject, new
PrivilegedAction<ContentSession>() {
+ readSession = Java23Compatability.doAs(subject, new
PrivilegedAction<ContentSession>() {
@Override
public ContentSession run() {
try {
diff --git
a/oak-benchmarks/src/main/java/org/apache/jackrabbit/oak/benchmark/LoginSystemTest.java
b/oak-benchmarks/src/main/java/org/apache/jackrabbit/oak/benchmark/LoginSystemTest.java
index 5e3d291103..a072d5c0a1 100644
---
a/oak-benchmarks/src/main/java/org/apache/jackrabbit/oak/benchmark/LoginSystemTest.java
+++
b/oak-benchmarks/src/main/java/org/apache/jackrabbit/oak/benchmark/LoginSystemTest.java
@@ -25,6 +25,7 @@ import javax.jcr.Session;
import javax.security.auth.Subject;
import org.apache.jackrabbit.core.security.SystemPrincipal;
+import org.apache.jackrabbit.oak.commons.Java23Compatability;
import org.apache.jackrabbit.oak.jcr.repository.RepositoryImpl;
import org.apache.jackrabbit.oak.spi.security.authentication.SystemSubject;
@@ -46,7 +47,7 @@ public class LoginSystemTest extends AbstractLoginTest {
public void runTest() throws RepositoryException {
for (int i = 0; i < COUNT; i++) {
try {
- Subject.doAsPrivileged(subject, new
PrivilegedExceptionAction<Session>() {
+ Java23Compatability.doAsPrivileged(subject, new
PrivilegedExceptionAction<Session>() {
@Override
public Session run() throws Exception {
return getRepository().login(null, null);
diff --git
a/oak-commons/src/main/java/org/apache/jackrabbit/oak/commons/Java23Compatability.java
b/oak-commons/src/main/java/org/apache/jackrabbit/oak/commons/Java23Compatability.java
new file mode 100755
index 0000000000..0dc9796604
--- /dev/null
+++
b/oak-commons/src/main/java/org/apache/jackrabbit/oak/commons/Java23Compatability.java
@@ -0,0 +1,93 @@
+package org.apache.jackrabbit.oak.commons;
+
+import javax.security.auth.Subject;
+import java.lang.reflect.InvocationTargetException;
+import java.lang.reflect.Method;
+import java.security.AccessControlContext;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
+import java.util.concurrent.Callable;
+
+public class Java23Compatability {
+
+ static Method current, callAs;
+
+ static {
+ try {
+ current = Subject.class.getMethod("current", Subject.class);
+ callAs = Subject.class.getMethod("callAs", Subject.class,
Callable.class);
+ } catch (NoSuchMethodException ignored) {}
+ }
+
+ public static Subject getSubject() {
+ Subject result;
+ if (current != null) {
+ try {
+ result = (Subject) current.invoke(null);
+ } catch (InvocationTargetException | IllegalAccessException e) {
+ throw new SecurityException(e);
+ }
+ } else {
+ result = Subject.getSubject(AccessController.getContext());
+ }
+ return result;
+ }
+
+ public static <T> T doAs(Subject subject, PrivilegedAction<T> action) {
+ T result;
+ if (callAs != null) {
+ try {
+ result = (T) callAs.invoke(subject, action);
+ } catch (InvocationTargetException | IllegalAccessException e) {
+ throw new SecurityException(e);
+ }
+ } else {
+ result = Java23Compatability.doAs(subject, action);
+ }
+ return result;
+ }
+
+ public static <T> T doAsPrivileged(Subject subject, PrivilegedAction<T>
action, AccessControlContext acc) {
+ T result;
+ if (callAs != null) {
+ try {
+ result = (T) callAs.invoke(subject, action);
+ } catch (InvocationTargetException | IllegalAccessException e) {
+ throw new SecurityException(e);
+ }
+ } else {
+ result = Java23Compatability.doAsPrivileged(subject, action, acc);
+ }
+ return result;
+ }
+
+ public static <T> T doAs(Subject subject, PrivilegedExceptionAction<T>
action) throws PrivilegedActionException {
+ T result;
+ if (callAs != null) {
+ try {
+ result = (T) callAs.invoke(subject, action);
+ } catch (InvocationTargetException | IllegalAccessException e) {
+ throw new SecurityException(e);
+ }
+ } else {
+ result = Java23Compatability.doAs(subject, action);
+ }
+ return result;
+ }
+
+ public static <T> T doAsPrivileged(Subject subject,
PrivilegedExceptionAction<T> action, AccessControlContext acc) throws
PrivilegedActionException {
+ T result;
+ if (callAs != null) {
+ try {
+ result = (T) callAs.invoke(subject, action);
+ } catch (InvocationTargetException | IllegalAccessException e) {
+ throw new SecurityException(e);
+ }
+ } else {
+ result = Java23Compatability.doAsPrivileged(subject, action, acc);
+ }
+ return result;
+ }
+}
diff --git
a/oak-core/src/test/java/org/apache/jackrabbit/oak/plugins/observation/ChangeCollectorProviderTest.java
b/oak-core/src/test/java/org/apache/jackrabbit/oak/plugins/observation/ChangeCollectorProviderTest.java
index 21c4630ddc..64c8d075d8 100644
---
a/oak-core/src/test/java/org/apache/jackrabbit/oak/plugins/observation/ChangeCollectorProviderTest.java
+++
b/oak-core/src/test/java/org/apache/jackrabbit/oak/plugins/observation/ChangeCollectorProviderTest.java
@@ -48,6 +48,7 @@ import org.apache.jackrabbit.oak.api.Root;
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.api.Type;
import org.apache.jackrabbit.oak.InitialContent;
+import org.apache.jackrabbit.oak.commons.Java23Compatability;
import org.apache.jackrabbit.oak.security.internal.SecurityProviderBuilder;
import org.apache.jackrabbit.oak.spi.commit.CommitContext;
import org.apache.jackrabbit.oak.spi.commit.CommitInfo;
@@ -142,7 +143,7 @@ public class ChangeCollectorProviderTest {
.with(getSecurityProvider());
contentRepository = oak.createContentRepository();
- session = Subject.doAs(SystemSubject.INSTANCE, new
PrivilegedExceptionAction<ContentSession>() {
+ session = Java23Compatability.doAs(SystemSubject.INSTANCE, new
PrivilegedExceptionAction<ContentSession>() {
@Override
public ContentSession run() throws LoginException,
NoSuchWorkspaceException {
return contentRepository.login(null, null);
diff --git
a/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/LoginContextProviderImplTest.java
b/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/LoginContextProviderImplTest.java
index c94b7076f8..d04f8aed4d 100644
---
a/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/LoginContextProviderImplTest.java
+++
b/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/LoginContextProviderImplTest.java
@@ -33,6 +33,7 @@ import javax.security.auth.login.ConfigurationSpi;
import javax.security.auth.login.LoginException;
import org.apache.jackrabbit.oak.AbstractSecurityTest;
+import org.apache.jackrabbit.oak.commons.Java23Compatability;
import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
import
org.apache.jackrabbit.oak.spi.security.authentication.AuthenticationConfiguration;
import org.apache.jackrabbit.oak.spi.security.authentication.GuestLoginModule;
@@ -121,7 +122,7 @@ public class LoginContextProviderImplTest extends
AbstractSecurityTest {
@Test
public void testGetPreAuthLoginContext() {
Subject subject = new Subject(true, Set.of(), Set.of(), Set.of());
- LoginContext ctx = Subject.doAs(subject,
(PrivilegedAction<LoginContext>) () -> {
+ LoginContext ctx = Java23Compatability.doAs(subject,
(PrivilegedAction<LoginContext>) () -> {
try {
return lcProvider.getLoginContext(null, null);
} catch (LoginException e) {
diff --git
a/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/PreAuthTest.java
b/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/PreAuthTest.java
index 57577fa598..e7f5e6d6e9 100644
---
a/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/PreAuthTest.java
+++
b/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/PreAuthTest.java
@@ -30,6 +30,7 @@ import javax.security.auth.login.LoginException;
import org.apache.jackrabbit.oak.AbstractSecurityTest;
import org.apache.jackrabbit.oak.api.AuthInfo;
import org.apache.jackrabbit.oak.api.ContentSession;
+import org.apache.jackrabbit.oak.commons.Java23Compatability;
import org.apache.jackrabbit.oak.spi.security.authentication.AuthInfoImpl;
import org.apache.jackrabbit.oak.spi.security.authentication.SystemSubject;
import org.jetbrains.annotations.Nullable;
@@ -66,7 +67,7 @@ public class PreAuthTest extends AbstractSecurityTest {
@Test
public void testValidSubject() throws Exception {
final Subject subject = new Subject(true, principals,
Collections.<Object>emptySet(), Collections.<Object>emptySet());
- ContentSession cs = Subject.doAsPrivileged(subject, new
PrivilegedAction<ContentSession>() {
+ ContentSession cs = Java23Compatability.doAsPrivileged(subject, new
PrivilegedAction<ContentSession>() {
@Override
public @Nullable ContentSession run() {
try {
@@ -93,7 +94,7 @@ public class PreAuthTest extends AbstractSecurityTest {
public void testValidSubjectWithCredentials() throws Exception {
Set<SimpleCredentials> publicCreds = Collections.singleton(new
SimpleCredentials("testUserId", new char[0]));
final Subject subject = new Subject(false, principals, publicCreds,
Collections.<Object>emptySet());
- ContentSession cs = Subject.doAsPrivileged(subject, new
PrivilegedAction<ContentSession>() {
+ ContentSession cs = Java23Compatability.doAsPrivileged(subject, new
PrivilegedAction<ContentSession>() {
@Override
public @Nullable ContentSession run() {
try {
@@ -120,7 +121,7 @@ public class PreAuthTest extends AbstractSecurityTest {
public void testValidReadSubjectWithCredentials() throws Exception {
Set<SimpleCredentials> publicCreds = Collections.singleton(new
SimpleCredentials("testUserId", new char[0]));
final Subject subject = new Subject(true, principals, publicCreds,
Collections.<Object>emptySet());
- ContentSession cs = Subject.doAsPrivileged(subject, new
PrivilegedAction<ContentSession>() {
+ ContentSession cs = Java23Compatability.doAsPrivileged(subject, new
PrivilegedAction<ContentSession>() {
@Override
public @Nullable ContentSession run() {
try {
@@ -148,7 +149,7 @@ public class PreAuthTest extends AbstractSecurityTest {
AuthInfo info = new AuthInfoImpl("testUserId", Collections.<String,
Object>emptyMap(), Collections.<Principal>emptySet());
Set<AuthInfo> publicCreds = Collections.singleton(info);
final Subject subject = new Subject(false, Collections.singleton(new
TestPrincipal()), publicCreds, Collections.<Object>emptySet());
- ContentSession cs = Subject.doAsPrivileged(subject, new
PrivilegedAction<ContentSession>() {
+ ContentSession cs = Java23Compatability.doAsPrivileged(subject, new
PrivilegedAction<ContentSession>() {
@Override
public @Nullable ContentSession run() {
try {
@@ -171,7 +172,7 @@ public class PreAuthTest extends AbstractSecurityTest {
@Test
public void testSubjectAndCredentials() throws Exception {
final Subject subject = new Subject(true, principals,
Collections.<Object>emptySet(), Collections.<Object>emptySet());
- ContentSession cs = Subject.doAsPrivileged(subject, new
PrivilegedAction<ContentSession>() {
+ ContentSession cs = Java23Compatability.doAsPrivileged(subject, new
PrivilegedAction<ContentSession>() {
@Override
public @Nullable ContentSession run() {
ContentSession cs;
@@ -204,7 +205,7 @@ public class PreAuthTest extends AbstractSecurityTest {
@Test
public void testSystemSubject() throws Exception {
- ContentSession cs = Subject.doAsPrivileged(SystemSubject.INSTANCE, new
PrivilegedAction<ContentSession>() {
+ ContentSession cs =
Java23Compatability.doAsPrivileged(SystemSubject.INSTANCE, new
PrivilegedAction<ContentSession>() {
@Override
public @Nullable ContentSession run() {
try {
diff --git
a/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/user/LoginModuleImplTest.java
b/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/user/LoginModuleImplTest.java
index 6f2e98a492..209623d434 100644
---
a/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/user/LoginModuleImplTest.java
+++
b/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/user/LoginModuleImplTest.java
@@ -26,6 +26,7 @@ import org.apache.jackrabbit.oak.api.CommitFailedException;
import org.apache.jackrabbit.oak.api.ContentRepository;
import org.apache.jackrabbit.oak.api.ContentSession;
import org.apache.jackrabbit.oak.api.Root;
+import org.apache.jackrabbit.oak.commons.Java23Compatability;
import org.apache.jackrabbit.oak.commons.junit.LogCustomizer;
import org.apache.jackrabbit.oak.namepath.NamePathMapper;
import org.apache.jackrabbit.oak.security.internal.SecurityProviderBuilder;
@@ -674,7 +675,7 @@ public class LoginModuleImplTest extends
AbstractSecurityTest {
public void testLoginLogoutPreexistingReadonlySubject() throws Exception {
createTestUser();
Subject subject = new Subject(true, Collections.singleton(() ->
"JMXPrincipal: foo"), Collections.EMPTY_SET, Collections.EMPTY_SET);
- Subject.doAs(subject, (PrivilegedExceptionAction<Void>) () -> {
+ Java23Compatability.doAs(subject, (PrivilegedExceptionAction<Void>) ()
-> {
LogCustomizer logCustomizer = LogCustomizer
.forLogger("org.apache.jackrabbit.oak.core.ContentSessionImpl")
.enable(Level.ERROR)
diff --git
a/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/RepoPolicyTreePermissionTest.java
b/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/RepoPolicyTreePermissionTest.java
index d936435286..d0aee10b18 100644
---
a/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/RepoPolicyTreePermissionTest.java
+++
b/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/RepoPolicyTreePermissionTest.java
@@ -30,6 +30,7 @@ import org.apache.jackrabbit.oak.api.ContentSession;
import org.apache.jackrabbit.oak.api.PropertyState;
import org.apache.jackrabbit.oak.api.Root;
import org.apache.jackrabbit.oak.api.Tree;
+import org.apache.jackrabbit.oak.commons.Java23Compatability;
import org.apache.jackrabbit.oak.commons.PathUtils;
import org.apache.jackrabbit.oak.plugins.memory.EmptyNodeState;
import org.apache.jackrabbit.oak.plugins.memory.PropertyStates;
@@ -77,7 +78,7 @@ public class RepoPolicyTreePermissionTest extends
AbstractSecurityTest implement
accessSession = createTestSession();
Subject notAllowedSubject = new Subject(true,
Set.of(EveryonePrincipal.getInstance()), Set.of(), Set.of());
- noAccessSession = Subject.doAs(notAllowedSubject,
(PrivilegedAction<ContentSession>) () -> {
+ noAccessSession = Java23Compatability.doAs(notAllowedSubject,
(PrivilegedAction<ContentSession>) () -> {
try {
return getContentRepository().login(null, null);
} catch (Exception e) {
diff --git
a/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/CacheValidatorProviderTest.java
b/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/CacheValidatorProviderTest.java
index 41d72d6150..d5ee958b1b 100644
---
a/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/CacheValidatorProviderTest.java
+++
b/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/CacheValidatorProviderTest.java
@@ -27,6 +27,7 @@ import org.apache.jackrabbit.oak.api.PropertyState;
import org.apache.jackrabbit.oak.api.Root;
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.api.Type;
+import org.apache.jackrabbit.oak.commons.Java23Compatability;
import org.apache.jackrabbit.oak.commons.PathUtils;
import org.apache.jackrabbit.oak.plugins.memory.PropertyStates;
import org.apache.jackrabbit.oak.plugins.tree.TreeUtil;
@@ -89,7 +90,7 @@ public class CacheValidatorProviderTest extends
AbstractSecurityTest {
private Tree getCache(@NotNull Authorizable authorizable) throws Exception
{
// Creating CachedMembershipReader as this is the only class allowed
to write in rep:cache
- try (ContentSession cs = Subject.doAs(SystemSubject.INSTANCE,
(PrivilegedExceptionAction<ContentSession>) () -> login(null))) {
+ try (ContentSession cs =
Java23Compatability.doAs(SystemSubject.INSTANCE,
(PrivilegedExceptionAction<ContentSession>) () -> login(null))) {
Root r = cs.getLatestRoot();
Tree n = r.getTree(authorizable.getPath());
CachedMembershipReader reader = new
CachedPrincipalMembershipReader(
diff --git
a/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/CachedGroupPrincipalTest.java
b/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/CachedGroupPrincipalTest.java
index ab8d02941d..5706dbb2c3 100644
---
a/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/CachedGroupPrincipalTest.java
+++
b/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/CachedGroupPrincipalTest.java
@@ -24,6 +24,7 @@ import org.apache.jackrabbit.api.security.user.User;
import org.apache.jackrabbit.oak.AbstractSecurityTest;
import org.apache.jackrabbit.oak.api.ContentSession;
import org.apache.jackrabbit.oak.api.Root;
+import org.apache.jackrabbit.oak.commons.Java23Compatability;
import org.apache.jackrabbit.oak.namepath.NamePathMapper;
import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
import org.apache.jackrabbit.oak.spi.security.authentication.SystemSubject;
@@ -112,7 +113,7 @@ public class CachedGroupPrincipalTest extends
AbstractSecurityTest {
private ContentSession getSystemSession() throws Exception {
if (systemSession == null) {
- systemSession = Subject.doAs(SystemSubject.INSTANCE,
(PrivilegedExceptionAction<ContentSession>) () -> login(null));
+ systemSession = Java23Compatability.doAs(SystemSubject.INSTANCE,
(PrivilegedExceptionAction<ContentSession>) () -> login(null));
}
return systemSession;
}
diff --git
a/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/CachedPrincipalMembershipReaderTest.java
b/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/CachedPrincipalMembershipReaderTest.java
index e3059a87bf..90b6a641b5 100644
---
a/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/CachedPrincipalMembershipReaderTest.java
+++
b/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/CachedPrincipalMembershipReaderTest.java
@@ -60,6 +60,7 @@ import org.apache.jackrabbit.oak.api.PropertyState;
import org.apache.jackrabbit.oak.api.Root;
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.api.Type;
+import org.apache.jackrabbit.oak.commons.Java23Compatability;
import org.apache.jackrabbit.oak.commons.junit.LogCustomizer;
import
org.apache.jackrabbit.oak.spi.security.user.cache.CachedMembershipReader;
import org.apache.jackrabbit.oak.spi.security.user.cache.CacheLoader;
@@ -204,7 +205,7 @@ public class CachedPrincipalMembershipReaderTest extends
AbstractSecurityTest {
private Root getSystemRoot() throws Exception {
if (systemSession == null) {
- systemSession = Subject.doAs(SystemSubject.INSTANCE,
(PrivilegedExceptionAction<ContentSession>) () -> login(null));
+ systemSession = Java23Compatability.doAs(SystemSubject.INSTANCE,
(PrivilegedExceptionAction<ContentSession>) () -> login(null));
}
return systemSession.getLatestRoot();
}
diff --git
a/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/PasswordExpiryAdminTest.java
b/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/PasswordExpiryAdminTest.java
index 179892d196..e24207d3e0 100644
---
a/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/PasswordExpiryAdminTest.java
+++
b/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/PasswordExpiryAdminTest.java
@@ -23,6 +23,7 @@ import org.apache.jackrabbit.oak.api.ContentSession;
import org.apache.jackrabbit.oak.api.PropertyState;
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.api.Type;
+import org.apache.jackrabbit.oak.commons.Java23Compatability;
import org.apache.jackrabbit.oak.plugins.nodetype.ReadOnlyNodeTypeManager;
import org.apache.jackrabbit.oak.plugins.tree.TreeUtil;
import org.apache.jackrabbit.oak.spi.nodetype.NodeTypeConstants;
@@ -73,7 +74,7 @@ public class PasswordExpiryAdminTest extends
AbstractSecurityTest {
@Override
protected ContentSession createAdminSession(@NotNull ContentRepository
repository) {
try {
- return Subject.doAs(SystemSubject.INSTANCE,
(PrivilegedExceptionAction<ContentSession>) () -> repository.login(null, null));
+ return Java23Compatability.doAs(SystemSubject.INSTANCE,
(PrivilegedExceptionAction<ContentSession>) () -> repository.login(null, null));
} catch (PrivilegedActionException e) {
throw new RuntimeException(e);
}
diff --git
a/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserInitializerTest.java
b/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserInitializerTest.java
index 6e47ff5fcc..445bcd9930 100644
---
a/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserInitializerTest.java
+++
b/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserInitializerTest.java
@@ -27,6 +27,7 @@ import org.apache.jackrabbit.oak.api.ContentRepository;
import org.apache.jackrabbit.oak.api.ContentSession;
import org.apache.jackrabbit.oak.api.Root;
import org.apache.jackrabbit.oak.api.Tree;
+import org.apache.jackrabbit.oak.commons.Java23Compatability;
import org.apache.jackrabbit.oak.commons.PathUtils;
import org.apache.jackrabbit.oak.namepath.NamePathMapper;
import org.apache.jackrabbit.oak.plugins.index.IndexConstants;
@@ -173,7 +174,7 @@ public class UserInitializerTest extends
AbstractSecurityTest {
.with(sp)
.createContentRepository();
- try (ContentSession cs = Subject.doAs(SystemSubject.INSTANCE,
(PrivilegedExceptionAction<ContentSession>) () -> repo.login(null, null))) {
+ try (ContentSession cs =
Java23Compatability.doAs(SystemSubject.INSTANCE,
(PrivilegedExceptionAction<ContentSession>) () -> repo.login(null, null))) {
Root root = cs.getLatestRoot();
UserConfiguration uc =
sp.getConfiguration(UserConfiguration.class);
UserManager umgr = uc.getUserManager(root, NamePathMapper.DEFAULT);
@@ -210,7 +211,7 @@ public class UserInitializerTest extends
AbstractSecurityTest {
.with(sp)
.createContentRepository();
- try (ContentSession cs = Subject.doAs(SystemSubject.INSTANCE,
(PrivilegedExceptionAction<ContentSession>) () -> repo.login(null, null))) {
+ try (ContentSession cs =
Java23Compatability.doAs(SystemSubject.INSTANCE,
(PrivilegedExceptionAction<ContentSession>) () -> repo.login(null, null))) {
Root root = cs.getLatestRoot();
UserConfiguration uc =
sp.getConfiguration(UserConfiguration.class);
UserManager umgr = uc.getUserManager(root, NamePathMapper.DEFAULT);
diff --git
a/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserPrincipalProviderWithCacheTest.java
b/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserPrincipalProviderWithCacheTest.java
index bbe8179dc6..d8be995daf 100644
---
a/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserPrincipalProviderWithCacheTest.java
+++
b/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserPrincipalProviderWithCacheTest.java
@@ -28,6 +28,7 @@ import org.apache.jackrabbit.oak.api.PropertyState;
import org.apache.jackrabbit.oak.api.Root;
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.api.Type;
+import org.apache.jackrabbit.oak.commons.Java23Compatability;
import org.apache.jackrabbit.oak.plugins.memory.PropertyStates;
import org.apache.jackrabbit.oak.plugins.tree.TreeUtil;
import
org.apache.jackrabbit.oak.security.principal.AbstractPrincipalProviderTest;
@@ -111,7 +112,7 @@ public class UserPrincipalProviderWithCacheTest extends
AbstractPrincipalProvide
private ContentSession getSystemSession() throws Exception {
if (systemSession == null) {
- systemSession = Subject.doAs(SystemSubject.INSTANCE,
(PrivilegedExceptionAction<ContentSession>) () -> login(null));
+ systemSession = Java23Compatability.doAs(SystemSubject.INSTANCE,
(PrivilegedExceptionAction<ContentSession>) () -> login(null));
}
return systemSession;
}
diff --git
a/oak-doc/src/site/markdown/security/authentication/preauthentication.md
b/oak-doc/src/site/markdown/security/authentication/preauthentication.md
index b958ab7769..774c39659d 100644
--- a/oak-doc/src/site/markdown/security/authentication/preauthentication.md
+++ b/oak-doc/src/site/markdown/security/authentication/preauthentication.md
@@ -137,7 +137,7 @@ Example how to use this type of pre-authentication:
Subject subject = new Subject(true, principals,
Collections.singleton(authInfo), Collections.<Object>emptySet());
Session session;
try {
- session = Subject.doAsPrivileged(subject, new
PrivilegedExceptionAction<Session>() {
+ session = Java23Compatability.doAsPrivileged(subject, new
PrivilegedExceptionAction<Session>() {
@Override
public Session run() throws Exception {
return login(null, null);
diff --git
a/oak-examples/webapp/src/main/java/org/apache/jackrabbit/j2ee/IndexInitializer.java
b/oak-examples/webapp/src/main/java/org/apache/jackrabbit/j2ee/IndexInitializer.java
index 0808528ce9..8f7f83a1be 100644
---
a/oak-examples/webapp/src/main/java/org/apache/jackrabbit/j2ee/IndexInitializer.java
+++
b/oak-examples/webapp/src/main/java/org/apache/jackrabbit/j2ee/IndexInitializer.java
@@ -34,6 +34,7 @@ import javax.security.auth.Subject;
import org.apache.jackrabbit.JcrConstants;
import org.apache.jackrabbit.commons.JcrUtils;
import org.apache.jackrabbit.oak.api.AuthInfo;
+import org.apache.jackrabbit.oak.commons.Java23Compatability;
import org.apache.jackrabbit.oak.plugins.index.IndexConstants;
import org.apache.jackrabbit.oak.plugins.index.lucene.LuceneIndexConstants;
import org.apache.jackrabbit.oak.plugins.index.search.FulltextIndexConstants;
@@ -119,7 +120,7 @@ public class IndexInitializer {
Subject subject = new Subject(true, singleton(admin),
singleton(authInfo), Collections.emptySet());
Session adminSession;
try {
- adminSession = Subject.doAsPrivileged(subject, new
PrivilegedExceptionAction<Session>() {
+ adminSession = Java23Compatability.doAsPrivileged(subject, new
PrivilegedExceptionAction<Session>() {
@Override
public Session run() throws Exception {
return repository.login();
diff --git
a/oak-exercise/src/test/java/org/apache/jackrabbit/oak/exercise/security/authentication/L9_NullLoginTest.java
b/oak-exercise/src/test/java/org/apache/jackrabbit/oak/exercise/security/authentication/L9_NullLoginTest.java
index 5b722e9d0d..f410328751 100644
---
a/oak-exercise/src/test/java/org/apache/jackrabbit/oak/exercise/security/authentication/L9_NullLoginTest.java
+++
b/oak-exercise/src/test/java/org/apache/jackrabbit/oak/exercise/security/authentication/L9_NullLoginTest.java
@@ -25,6 +25,7 @@ import javax.jcr.Session;
import javax.security.auth.Subject;
import javax.security.auth.login.Configuration;
+import org.apache.jackrabbit.oak.commons.Java23Compatability;
import org.apache.jackrabbit.test.AbstractJCRTest;
/**
@@ -112,7 +113,7 @@ public class L9_NullLoginTest extends AbstractJCRTest {
Subject subject = null;
String expectedId = null;
- testSession = Subject.doAs(subject, new
PrivilegedExceptionAction<Session>() {
+ testSession = Java23Compatability.doAs(subject, new
PrivilegedExceptionAction<Session>() {
@Override
public Session run() throws RepositoryException {
return repository.login(null, null);
diff --git
a/oak-exercise/src/test/java/org/apache/jackrabbit/oak/exercise/security/authorization/principalbased/AbstractPrincipalBasedTest.java
b/oak-exercise/src/test/java/org/apache/jackrabbit/oak/exercise/security/authorization/principalbased/AbstractPrincipalBasedTest.java
index f788f99736..463a25a7ad 100644
---
a/oak-exercise/src/test/java/org/apache/jackrabbit/oak/exercise/security/authorization/principalbased/AbstractPrincipalBasedTest.java
+++
b/oak-exercise/src/test/java/org/apache/jackrabbit/oak/exercise/security/authorization/principalbased/AbstractPrincipalBasedTest.java
@@ -25,6 +25,7 @@ import org.apache.jackrabbit.api.security.user.Group;
import org.apache.jackrabbit.api.security.user.User;
import org.apache.jackrabbit.oak.AbstractSecurityTest;
import org.apache.jackrabbit.oak.api.ContentSession;
+import org.apache.jackrabbit.oak.commons.Java23Compatability;
import org.apache.jackrabbit.oak.commons.PathUtils;
import org.apache.jackrabbit.oak.composite.MountInfoProviderService;
import
org.apache.jackrabbit.oak.security.authorization.composite.CompositeAuthorizationConfiguration;
@@ -167,6 +168,6 @@ abstract class AbstractPrincipalBasedTest extends
AbstractSecurityTest {
@NotNull
ContentSession getTestSession(@NotNull Principal... principals) throws
Exception {
Subject subject = new Subject(true, ImmutableSet.copyOf(principals),
Set.of(), Set.of());
- return Subject.doAsPrivileged(subject,
(PrivilegedExceptionAction<ContentSession>) () ->
getContentRepository().login(null, null), null);
+ return Java23Compatability.doAsPrivileged(subject,
(PrivilegedExceptionAction<ContentSession>) () ->
getContentRepository().login(null, null), null);
}
}
\ No newline at end of file
diff --git
a/oak-lucene/src/test/java/org/apache/jackrabbit/oak/composite/blueGreen/Persistence.java
b/oak-lucene/src/test/java/org/apache/jackrabbit/oak/composite/blueGreen/Persistence.java
index 039a43e5c4..290fd7d83a 100644
---
a/oak-lucene/src/test/java/org/apache/jackrabbit/oak/composite/blueGreen/Persistence.java
+++
b/oak-lucene/src/test/java/org/apache/jackrabbit/oak/composite/blueGreen/Persistence.java
@@ -50,6 +50,7 @@ import org.apache.jackrabbit.oak.api.CommitFailedException;
import org.apache.jackrabbit.oak.api.ContentRepository;
import org.apache.jackrabbit.oak.api.ContentSession;
import org.apache.jackrabbit.oak.api.Root;
+import org.apache.jackrabbit.oak.commons.Java23Compatability;
import org.apache.jackrabbit.oak.composite.CompositeNodeStore;
import org.apache.jackrabbit.oak.jcr.Jcr;
import org.apache.jackrabbit.oak.namepath.NamePathMapper;
@@ -286,7 +287,7 @@ public class Persistence {
SecurityProvider securityProvider)
throws RepositoryException {
ContentSession cs = null;
try {
- cs = Subject.doAsPrivileged(SystemSubject.INSTANCE, new
PrivilegedExceptionAction<ContentSession>() {
+ cs = Java23Compatability.doAsPrivileged(SystemSubject.INSTANCE,
new PrivilegedExceptionAction<ContentSession>() {
@Override
public ContentSession run() throws Exception {
return repo.login(null, null);
diff --git a/oak-security-spi/pom.xml b/oak-security-spi/pom.xml
index 8c0680beff..a0109aebea 100644
--- a/oak-security-spi/pom.xml
+++ b/oak-security-spi/pom.xml
@@ -109,6 +109,11 @@
<artifactId>oak-jackrabbit-api</artifactId>
<version>${project.version}</version>
</dependency>
+ <dependency>
+ <groupId>org.apache.jackrabbit</groupId>
+ <artifactId>oak-commons</artifactId>
+ <version>${project.version}</version>
+ </dependency>
<dependency>
<groupId>org.apache.jackrabbit</groupId>
<artifactId>oak-shaded-guava</artifactId>
diff --git
a/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/AbstractLoginModule.java
b/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/AbstractLoginModule.java
index 0f334ac667..41a3b00d5a 100644
---
a/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/AbstractLoginModule.java
+++
b/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/AbstractLoginModule.java
@@ -42,6 +42,7 @@ import org.apache.jackrabbit.oak.api.AuthInfo;
import org.apache.jackrabbit.oak.api.ContentRepository;
import org.apache.jackrabbit.oak.api.ContentSession;
import org.apache.jackrabbit.oak.api.Root;
+import org.apache.jackrabbit.oak.commons.Java23Compatability;
import org.apache.jackrabbit.oak.namepath.NamePathMapper;
import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
@@ -475,7 +476,7 @@ public abstract class AbstractLoginModule implements
LoginModule {
final ContentRepository repository =
rcb.getContentRepository();
if (repository != null) {
- systemSession = Subject.doAs(SystemSubject.INSTANCE, new
PrivilegedExceptionAction<ContentSession>() {
+ systemSession =
Java23Compatability.doAs(SystemSubject.INSTANCE, new
PrivilegedExceptionAction<ContentSession>() {
@Override
public ContentSession run() throws LoginException,
NoSuchWorkspaceException {
return repository.login(null,
rcb.getWorkspaceName());
