HADOOP-19212 [JDK23] org.apache.hadoop.security.UserGroupInformation use of Subject needs to move to replacement APIs

Author: stoty

hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/client/KerberosAuthenticator.java

@@ -19,6 +19,7 @@
 import org.apache.hadoop.security.authentication.server.HttpConstants;
 import org.apache.hadoop.security.authentication.util.AuthToken;
 import org.apache.hadoop.security.authentication.util.KerberosUtil;
+import org.apache.hadoop.util.SubjectUtil;
 import org.ietf.jgss.GSSContext;
 import org.ietf.jgss.GSSManager;
 import org.ietf.jgss.GSSName;
@@ -300,8 +301,7 @@ private boolean isNegotiate(HttpURLConnection conn) throws IOException {
   private void doSpnegoSequence(final AuthenticatedURL.Token token)
       throws IOException, AuthenticationException {
     try {
-      AccessControlContext context = AccessController.getContext();
-      Subject subject = Subject.getSubject(context);
+      Subject subject = SubjectUtil.current();
       if (subject == null
           || (!KerberosUtil.hasKerberosKeyTab(subject)
               && !KerberosUtil.hasKerberosTicket(subject))) {

hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/util/SubjectUtil.java

@@ -0,0 +1,188 @@
+package org.apache.hadoop.util;
+
+import java.lang.invoke.MethodHandle;
+import java.lang.invoke.MethodHandles;
+import java.lang.invoke.MethodType;
+import java.lang.reflect.UndeclaredThrowableException;
+import java.security.PrivilegedAction;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
+import java.util.concurrent.Callable;
+import java.util.concurrent.CompletionException;
+
+import javax.security.auth.Subject;
+
+import org.apache.hadoop.classification.InterfaceAudience;
+
+@InterfaceAudience.Private()
+public class SubjectUtil {
+	private static final MethodHandle CALL_AS = lookupCallAs();
+	private static final MethodHandle CURRENT = lookupCurrent();
+
+	private SubjectUtil() {
+	}
+
+	private static MethodHandle lookupCallAs() {
+		MethodHandles.Lookup lookup = MethodHandles.lookup();
+		try {
+			try {
+				// Subject.doAs() is deprecated for removal and replaced by Subject.callAs().
+				// Lookup first the new API, since for Java versions where both exist, the
+				// new API delegates to the old API (for example Java 18, 19 and 20).
+				// Otherwise (Java 17), lookup the old API.
+				return lookup.findStatic(Subject.class, "callAs",
+						MethodType.methodType(Object.class, Subject.class, Callable.class));
+			} catch (NoSuchMethodException x) {
+				try {
+					// Lookup the old API.
+					MethodType oldSignature = MethodType.methodType(Object.class, Subject.class,
+							PrivilegedExceptionAction.class);
+					MethodHandle doAs = lookup.findStatic(Subject.class, "doAs", oldSignature);
+					// Convert the Callable used in the new API to the PrivilegedAction used in the
+					// old
+					// API.
+					MethodType convertSignature = MethodType.methodType(PrivilegedExceptionAction.class,
+							Callable.class);
+					MethodHandle converter = lookup.findStatic(SubjectUtil.class, "callableToPrivilegedExceptionAction",
+							convertSignature);
+					return MethodHandles.filterArguments(doAs, 1, converter);
+				} catch (NoSuchMethodException e) {
+					throw new AssertionError(e);
+				}
+			}
+		} catch (IllegalAccessException e) {
+			throw new AssertionError(e);
+		}
+	}
+
+	private static MethodHandle lookupCurrent() {
+		MethodHandles.Lookup lookup = MethodHandles.lookup();
+		try {
+			// Subject.getSubject(AccessControlContext) is deprecated for removal and
+			// replaced by
+			// Subject.current().
+			// Lookup first the new API, since for Java versions where both exists, the
+			// new API delegates to the old API (for example Java 18, 19 and 20).
+			// Otherwise (Java 17), lookup the old API.
+			return lookup.findStatic(Subject.class, "current", MethodType.methodType(Subject.class));
+		} catch (NoSuchMethodException e) {
+			MethodHandle getContext = lookupGetContext();
+			MethodHandle getSubject = lookupGetSubject();
+			return MethodHandles.filterReturnValue(getContext, getSubject);
+		} catch (IllegalAccessException e) {
+			throw new AssertionError(e);
+		}
+	}
+
+	private static MethodHandle lookupGetSubject() {
+		MethodHandles.Lookup lookup = MethodHandles.lookup();
+		try {
+			Class<?> contextklass = ClassLoader.getSystemClassLoader().loadClass("java.security.AccessControlContext");
+			return lookup.findStatic(Subject.class, "getSubject", MethodType.methodType(Subject.class, contextklass));
+		} catch (ClassNotFoundException | NoSuchMethodException | IllegalAccessException e) {
+			throw new AssertionError(e);
+		}
+	}
+
+	private static MethodHandle lookupGetContext() {
+		try {
+			// Use reflection to work with Java versions that have and don't have
+			// AccessController.
+			Class<?> controllerKlass = ClassLoader.getSystemClassLoader().loadClass("java.security.AccessController");
+			Class<?> contextklass = ClassLoader.getSystemClassLoader().loadClass("java.security.AccessControlContext");
+
+			MethodHandles.Lookup lookup = MethodHandles.lookup();
+			return lookup.findStatic(controllerKlass, "getContext", MethodType.methodType(contextklass));
+		} catch (ClassNotFoundException | NoSuchMethodException | IllegalAccessException e) {
+			throw new AssertionError(e);
+		}
+	}
+
+	/**
+	 * Maps to Subject.callAs() if available, otherwise maps to Subject.doAs()
+	 * 
+	 * @param subject the subject this action runs as
+	 * @param action  the action to run
+	 * @return the result of the action
+	 * @param <T> the type of the result
+	 * @throws CompletionException
+	 */
+	public static <T> T callAs(Subject subject, Callable<T> action) throws CompletionException {
+		try {
+			return (T) CALL_AS.invoke(subject, action);
+		} catch (PrivilegedActionException e) {
+			throw new CompletionException(e.getCause());
+		} catch (Throwable t) {
+			throw sneakyThrow(t);
+		}
+	}
+
+	/**
+	 * Maps action to a Callable, and delegates to callAs(). On older JVMs, the
+	 * action may be double wrapped (into Callable, and then back into
+	 * PrivilegedAction).
+	 * 
+	 * @param subject the subject this action runs as
+	 * @param action action  the action to run
+	 * @return the result of the action
+	 */
+	public static <T> T doAs(Subject subject, PrivilegedAction<T> action) {
+		return callAs(subject, privilegedActionToCallable(action));
+	}
+
+	 /**
+   * Maps action to a Callable, and delegates to callAs(). On older JVMs, the
+   * action may be double wrapped (into Callable, and then back into
+   * PrivilegedAction).
+   * 
+   * @param subject the subject this action runs as
+   * @param action action  the action to run
+   * @return the result of the action
+   */
+	public static <T> T doAs(Subject subject, PrivilegedExceptionAction<T> action) throws PrivilegedActionException {
+		try {
+			return callAs(subject, privilegedExceptionActionToCallable(action));
+		} catch (CompletionException ce) {
+			try {
+				Exception cause = (Exception) (ce.getCause());
+				throw new PrivilegedActionException(cause);
+			} catch (ClassCastException castException) {
+				// This should never happen, as PrivilegedExceptionAction should not wrap
+				// non-checked exceptions
+				throw new PrivilegedActionException(new UndeclaredThrowableException(ce.getCause()));
+			}
+		}
+	}
+
+	/**
+	 * Maps to Subject.currect() is available, otherwise maps to
+	 * Subject.getSubject()
+	 * 
+	 * @return the current subject
+	 */
+	public static Subject current() {
+		try {
+			return (Subject) CURRENT.invoke();
+		} catch (Throwable t) {
+			throw sneakyThrow(t);
+		}
+	}
+
+	@SuppressWarnings("unused")
+	private static <T> PrivilegedExceptionAction<T> callableToPrivilegedExceptionAction(Callable<T> callable) {
+		return callable::call;
+	}
+
+	private static <T> Callable<T> privilegedExceptionActionToCallable(PrivilegedExceptionAction<T> action) {
+		return action::run;
+	}
+
+	private static <T> Callable<T> privilegedActionToCallable(PrivilegedAction<T> action) {
+		return action::run;
+	}
+
+	@SuppressWarnings("unchecked")
+	private static <E extends Throwable> RuntimeException sneakyThrow(Throwable e) throws E {
+		throw (E) e;
+	}
+}

hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/kms/KMSClientProvider.java

@@ -74,6 +74,7 @@
 import java.util.List;
 import java.util.Map;
 import java.util.Queue;
+import java.util.concurrent.Callable;
 import java.util.concurrent.ExecutionException;
 
 import org.apache.hadoop.crypto.key.KeyProviderCryptoExtension;
@@ -504,10 +505,10 @@ private HttpURLConnection createConnection(final URL url, String method)
     HttpURLConnection conn;
     try {
       final String doAsUser = getDoAsUser();
-      conn = getActualUgi().doAs(new PrivilegedExceptionAction
+      conn = getActualUgi().callAs(new Callable
           <HttpURLConnection>() {
         @Override
-        public HttpURLConnection run() throws Exception {
+        public HttpURLConnection call() throws Exception {
           DelegationTokenAuthenticatedURL authUrl =
               createAuthenticatedURL();
           return authUrl.openConnection(url, authToken, doAsUser);
@@ -1026,9 +1027,9 @@ public Token<?> getDelegationToken(final String renewer) throws IOException {
     Token<?> token = null;
     try {
       final String doAsUser = getDoAsUser();
-      token = getActualUgi().doAs(new PrivilegedExceptionAction<Token<?>>() {
+      token = getActualUgi().callAs(new Callable<Token<?>>() {
         @Override
-        public Token<?> run() throws Exception {
+        public Token<?> call() throws Exception {
           // Not using the cached token here.. Creating a new token here
           // everytime.
           LOG.debug("Getting new token from {}, renewer:{}", url, renewer);
@@ -1065,10 +1066,10 @@ public long renewDelegationToken(final Token<?> dToken) throws IOException {
           token, url, doAsUser);
       final DelegationTokenAuthenticatedURL authUrl =
           createAuthenticatedURL();
-      return getActualUgi().doAs(
-          new PrivilegedExceptionAction<Long>() {
+      return getActualUgi().callAs(
+          new Callable<Long>() {
             @Override
-            public Long run() throws Exception {
+            public Long call() throws Exception {
               return authUrl.renewDelegationToken(url, token, doAsUser);
             }
           }
@@ -1088,10 +1089,10 @@ public Void cancelDelegationToken(final Token<?> dToken) throws IOException {
       final String doAsUser = getDoAsUser();
       final DelegationTokenAuthenticatedURL.Token token =
           generateDelegationToken(dToken);
-      return getActualUgi().doAs(
-          new PrivilegedExceptionAction<Void>() {
+      return getActualUgi().callAs(
+          new Callable<Void>() {
             @Override
-            public Void run() throws Exception {
+            public Void call() throws Exception {
               final URL url = createURL(null, null, null, null);
               LOG.debug("Cancelling delegation token {} with url:{}, as:{}",
                   dToken, url, doAsUser);

hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/FileContext.java

@@ -22,7 +22,6 @@
 import java.io.InputStream;
 import java.io.OutputStream;
 import java.net.URI;
-import java.security.PrivilegedExceptionAction;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Collection;
@@ -35,6 +34,7 @@
 import java.util.Stack;
 import java.util.TreeSet;
 import java.util.Map.Entry;
+import java.util.concurrent.Callable;
 import java.util.concurrent.CompletableFuture;
 
 import javax.annotation.Nonnull;
@@ -340,9 +340,9 @@ private static AbstractFileSystem getAbstractFileSystem(
       UserGroupInformation user, final URI uri, final Configuration conf)
       throws UnsupportedFileSystemException, IOException {
     try {
-      return user.doAs(new PrivilegedExceptionAction<AbstractFileSystem>() {
+      return user.callAs(new Callable<AbstractFileSystem>() {
         @Override
-        public AbstractFileSystem run() throws UnsupportedFileSystemException {
+        public AbstractFileSystem call() throws UnsupportedFileSystemException {
           return AbstractFileSystem.get(uri, conf);
         }
       });

hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/FileSystem.java

@@ -25,7 +25,6 @@
 import java.lang.ref.ReferenceQueue;
 import java.net.URI;
 import java.net.URISyntaxException;
-import java.security.PrivilegedExceptionAction;
 import java.util.ArrayList;
 import java.util.Collection;
 import java.util.Collections;
@@ -43,6 +42,7 @@
 import java.util.Set;
 import java.util.Stack;
 import java.util.TreeSet;
+import java.util.concurrent.Callable;
 import java.util.concurrent.CompletableFuture;
 import java.util.concurrent.Semaphore;
 import java.util.concurrent.atomic.AtomicLong;
@@ -271,9 +271,9 @@ public static FileSystem get(final URI uri, final Configuration conf,
       conf.get(CommonConfigurationKeys.KERBEROS_TICKET_CACHE_PATH);
     UserGroupInformation ugi =
         UserGroupInformation.getBestUGI(ticketCachePath, user);
-    return ugi.doAs(new PrivilegedExceptionAction<FileSystem>() {
+    return ugi.callAs(new Callable<FileSystem>() {
       @Override
-      public FileSystem run() throws IOException {
+      public FileSystem call() throws IOException {
         return get(uri, conf);
       }
     });
@@ -574,9 +574,9 @@ public static FileSystem newInstance(final URI uri, final Configuration conf,
       conf.get(CommonConfigurationKeys.KERBEROS_TICKET_CACHE_PATH);
     UserGroupInformation ugi =
         UserGroupInformation.getBestUGI(ticketCachePath, user);
-    return ugi.doAs(new PrivilegedExceptionAction<FileSystem>() {
+    return ugi.callAs(new Callable<FileSystem>() {
       @Override
-      public FileSystem run() throws IOException {
+      public FileSystem call() throws IOException {
         return newInstance(uri, conf);
       }
     });

hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/viewfs/ViewFileSystem.java

@@ -28,14 +28,14 @@
 import static org.apache.hadoop.fs.viewfs.Constants.CONFIG_VIEWFS_TRASH_FORCE_INSIDE_MOUNT_POINT;
 import static org.apache.hadoop.fs.viewfs.Constants.CONFIG_VIEWFS_TRASH_FORCE_INSIDE_MOUNT_POINT_DEFAULT;
 
+import java.util.concurrent.Callable;
 import java.util.concurrent.ConcurrentHashMap;
 import java.util.concurrent.ConcurrentMap;
 import java.util.function.Function;
 import java.io.FileNotFoundException;
 import java.io.IOException;
 import java.net.URI;
 import java.net.URISyntaxException;
-import java.security.PrivilegedExceptionAction;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Collection;
@@ -328,9 +328,9 @@ protected Function<URI, FileSystem> initAndGetTargetFs() {
             public FileSystem apply(final URI uri) {
               FileSystem fs;
               try {
-                fs = ugi.doAs(new PrivilegedExceptionAction<FileSystem>() {
+                fs = ugi.callAs(new Callable<FileSystem>() {
                   @Override
-                  public FileSystem run() throws IOException {
+                  public FileSystem call() throws IOException {
                     if (enableInnerCache) {
                       synchronized (cache) {
                         return cache.get(uri, config);

hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/viewfs/ViewFs.java

@@ -26,7 +26,6 @@
 import java.io.IOException;
 import java.net.URI;
 import java.net.URISyntaxException;
-import java.security.PrivilegedExceptionAction;
 import java.util.ArrayList;
 import java.util.EnumSet;
 import java.util.HashSet;
@@ -35,6 +34,7 @@
 import java.util.Map.Entry;
 
 import java.util.Set;
+import java.util.concurrent.Callable;
 
 import org.apache.hadoop.util.Preconditions;
 import org.apache.hadoop.classification.InterfaceAudience;
@@ -247,10 +247,10 @@ protected Function<URI, AbstractFileSystem> initAndGetTargetFs() {
           public AbstractFileSystem apply(final URI uri) {
             AbstractFileSystem fs;
             try {
-              fs = ugi.doAs(
-                  new PrivilegedExceptionAction<AbstractFileSystem>() {
+              fs = ugi.callAs(
+                  new Callable<AbstractFileSystem>() {
                     @Override
-                    public AbstractFileSystem run() throws IOException {
+                    public AbstractFileSystem call() throws IOException {
                       return AbstractFileSystem.createFileSystem(uri, config);
                     }
                   });