On 02/05/2024 19:33, Chris Marshall wrote:
:
Last week I upgraded the application to be compiled by JDK22, and run
on JDK22. Immediately, we started to see failures from within the
User-SRP auth code /only when it was run on a virtual thread from
within a StructuredTaskScope./ The failures are merely that the code
appears to have calculated the wrong authentication response (i.e. AWS
Cognito returns a message to the effect that we have the wrong
username or password). It is not possible that this could be the case,
because the same application, using the same username/password combo
is able to successfully authenticate to AWS Cognito using User-SRP
auth from a platform thread.
Thanks for reporting a potential issue.
You say that the code was running correctly on JDK 21. Was this in the
context of virtual threads and using StructuredTaskScope? I'm trying to
understand from your mail if you were using virtual threads with JDK 21
and whether you were using StructuredTaskScope in JDK 21 too.
"wrong username or password" hints that maybe this is some kinda of
inheritance issue, I'm specifically thinking of the inherit access
control context. Would it be possible to search the code and libraries
that are in use here to see if they are using the
javax.security.auth.Subject API? It's just a wild guess at this point
but I think might give some clues as to where inheritance might be
coming from.
-Alan
