Also, I've opened a PR with the proposed reflective shim, for anyone that is interested: https://github.com/apache/kafka/pull/16522
Thanks, Greg On Fri, Jul 5, 2024 at 3:17 PM Greg Harris <greg.har...@aiven.io> wrote: > Hi all, > > I've added Ismael's kip-less idea as a rejected alternative, with > appropriate justification. > I'm happy to discuss this alternative, as it appears to be the best > alternative, and will be what happens if the KIP vote does not succeed. > > Thanks, > Greg > > On Wed, Jul 3, 2024 at 10:34 AM Greg Harris <greg.har...@aiven.io> wrote: > >> Hi Ismael, >> >> Thanks for the question. >> >> > Can we not >> > use the SecurityManager when it's available and fallback when it's not? >> >> This is the strategy the KIP is proposing in the interim before we drop >> support for the SecurityManager. The KIP should be stating this idea, just >> more verbosely. >> >> > I'm not totally clear on why we need a KIP. >> >> Implementing the above strategy is IMHO tech debt, and I wanted to plan >> for eventually paying off that tech debt before incurring it. >> I think the only way to eliminate it is going to be removing our support >> for SecurityManager entirely. >> Since there may be Kafka users using the SecurityManager, this would >> represent a removal of functionality/breaking change for them, and >> therefore warrants a KIP. >> >> Please let me know if you have more questions, >> Greg >> >> On Wed, Jul 3, 2024 at 10:14 AM Ismael Juma <m...@ismaeljuma.com> wrote: >> >>> Hi Greg, >>> >>> Thanks for the KIP. I'm not totally clear on why we need a KIP. Can we >>> not >>> use the SecurityManager when it's available and fallback when it's not? >>> If >>> so, then it would mean that whether SecurityManager is used or not >>> depends >>> on the JDK and its configuration. >>> >>> Ismael >>> >>> On Mon, Nov 20, 2023 at 4:48 PM Greg Harris <greg.har...@aiven.io.invalid >>> > >>> wrote: >>> >>> > Hi all, >>> > >>> > I'd like to invite you all to discuss removing SecurityManager support >>> > from Kafka. This affects the client and server SASL mechanism, Tiered >>> > Storage, and Connect classloading. >>> > >>> > Find the KIP here: >>> > >>> > >>> https://cwiki.apache.org/confluence/display/KAFKA/KIP-1006%3A+Remove+SecurityManager+Support >>> > >>> > I think this is a "code higiene" effort that doesn't need to be dealt >>> > with urgently, but it would prevent a lot of headache later when Java >>> > does decide to remove support. >>> > >>> > If you are currently using the SecurityManager with Kafka, I'd really >>> > appreciate hearing how you're using it, and how you're planning around >>> > its removal. >>> > >>> > Thanks! >>> > Greg Harris >>> > >>> >>
