[jira] [Commented] (HADOOP-19212) [JDK23] org.apache.hadoop.security.UserGroupInformation use of Subject needs to move to replacement APIs

Fri, 26 Sep 2025 03:29:07 -0700 


    [ 
https://issues.apache.org/jira/browse/HADOOP-19212?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18023075#comment-18023075
 ] 

ASF GitHub Bot commented on HADOOP-19212:
-----------------------------------------

celtric commented on PR #7886:
URL: https://github.com/apache/hadoop/pull/7886#issuecomment-3337986136

   > I’ve discussed with @pan3793 offline, and we plan to release this PR in 
the next version, as additional PRs may be needed to ensure greater stability. 
Thank you all for your contributions to the 3.4.2 release!
   
   @slfan1989 do you have a rough idea of when will this next version be 
released, that contains this PR's fix?




> [JDK23] org.apache.hadoop.security.UserGroupInformation use of Subject needs 
> to move to replacement APIs
> --------------------------------------------------------------------------------------------------------
>
>                 Key: HADOOP-19212
>                 URL: https://issues.apache.org/jira/browse/HADOOP-19212
>             Project: Hadoop Common
>          Issue Type: Sub-task
>          Components: security
>    Affects Versions: 3.5.0
>            Reporter: Alan Bateman
>            Priority: Major
>              Labels: pull-request-available
>
> `javax.security.auth.Subject.getSubject` and `Subject.doAs` were deprecated 
> for removal in JDK 17. The replacement APIs are `Subject.current` and 
> `callAs`. See [JEP 411]([https://openjdk.org/jeps/411]) for background.
> The `Subject.getSubject` API has been "degraded" in JDK 23 to throw 
> `UnsupportedOperationException` if not running with the option to allow a 
> SecurityManager. In a future JDK release, the `Subject.getSubject` API will 
> be degraded further to throw`UnsupportedOperationException` unconditionally.
> [renaissance/issues/439]([https://github.com/renaissance-benchmarks/renaissance/issues/439])
>  is a failure with a Spark benchmark due to the code in 
> `org.apache.hadoop.security.UserGroupInformation` using the deprecated 
> `Subject.getSubject` method. The maintainers of this code need to migrate 
> this code to the replacement APIs to ensure that this code will continue to 
> work once the security manager feature is removed.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to