[
https://issues.apache.org/jira/browse/HADOOP-19212?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18016430#comment-18016430
]
ASF GitHub Bot commented on HADOOP-19212:
-----------------------------------------
stoty commented on PR #7897:
URL: https://github.com/apache/hadoop/pull/7897#issuecomment-3226824363
> @stoty
>
> > The question whether we want to fully support Java 18+ in 3.4.3.
>
> My current goal is to make Hadoop "client" support Java 18+ in the next
3.4.x. version, fully Java 18+ support should target 3.5.
My problem with that is that I am not at all convinced that this patch alone
fixes the client fully.
The only reliable data point we have is that the Spark tests are running
with it.
Which parts does Spark even test ? HDFS ? MR/Yarn ? Do Spark tests use
secure mode / kerberos ? Do they use doAs/proxyUser ?
>
> > the large patch for Subject propagation ...
>
> I roughly understand what you are trying to fix, but I haven't seen real
failures caused by this, do you have a concrete example that is affected by the
lack of change? and is it must be fixed on Hadoop itself, and can not be
workarounded by downstream projects?
Just try and run the tests on JDK24/25 without the Thread fixes (i.e current
trunk). Many tests will fail without them.
Unfortunately I don't have notes on the specific tests, and it was a long
enough time ago that I can't remember.
>
> > * Merge just this patch, and release in 3.4.3 - This seems to be enough
for at least the Spark tests to pass
>
> I won't block 3.4.2 release if it's already in good shape, I prefer this
option.
I agree with not delaying 3.4.2 further, but have reservations about only
adding this patch in 3.4.3, as noted above.
Going for full JDK25 support in 3.4.3 doesn't block 3.4.2 either.
> [JDK23] org.apache.hadoop.security.UserGroupInformation use of Subject needs
> to move to replacement APIs
> --------------------------------------------------------------------------------------------------------
>
> Key: HADOOP-19212
> URL: https://issues.apache.org/jira/browse/HADOOP-19212
> Project: Hadoop Common
> Issue Type: Sub-task
> Components: security
> Affects Versions: 3.5.0
> Reporter: Alan Bateman
> Priority: Major
> Labels: pull-request-available
>
> `javax.security.auth.Subject.getSubject` and `Subject.doAs` were deprecated
> for removal in JDK 17. The replacement APIs are `Subject.current` and
> `callAs`. See [JEP 411]([https://openjdk.org/jeps/411]) for background.
> The `Subject.getSubject` API has been "degraded" in JDK 23 to throw
> `UnsupportedOperationException` if not running with the option to allow a
> SecurityManager. In a future JDK release, the `Subject.getSubject` API will
> be degraded further to throw`UnsupportedOperationException` unconditionally.
> [renaissance/issues/439]([https://github.com/renaissance-benchmarks/renaissance/issues/439])
> is a failure with a Spark benchmark due to the code in
> `org.apache.hadoop.security.UserGroupInformation` using the deprecated
> `Subject.getSubject` method. The maintainers of this code need to migrate
> this code to the replacement APIs to ensure that this code will continue to
> work once the security manager feature is removed.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org
