I tested with *JDK 17* with *mTLS enabled* on Mac. Storm successfully
connected to ZooKeeper, which is configured to accept only mTLS
connections. Everything worked as expected.
*+1 (binding)*
While testing with *JDK 23*, I noticed that mTLS does not work due to
a *SecurityManager
check* introduced in JDK 23. This change causes the following error:
java.lang.UnsupportedOperationException: getSubject is supported only
if a security manager is allowed
at java.base/javax.security.auth.Subject.getSubject(Subject.java:347) ~[?:?]
at org.apache.storm.security.auth.ReqContext.<init>(ReqContext.java:51)
~[storm-client-2.8.0.jar:2.8.0]
...
The issue is related to the removal and deprecation of certain
security-related methods in JDK 23, as outlined in the Oracle documentation
<https://docs.oracle.com/en/java/javase/23/security/migrating-deprecated-removal-methods-subject-getsubject-and-subject-doas-subject-current-and-subje.html>
.
I will create a Jira ticket to track this issue and investigate a possible
workaround or fix.
Thanks,
On Mon, Jan 20, 2025 at 11:31 PM Alexandre Vermeerbergen <
[email protected]> wrote:
> +1 (binding)
>
> Tested with 10+ topologies running on a cluster with 6 supervisor VMs
> on RedHat Linux 8 with IBM Semeru Java 21.0.5 (topologies have been
> rebuilt with Storm 2.8.0 JARs)
> => found no function nor performance issues, thanks a lot for the good job
> !
>
> Kind regards,
> Alexandre
>
> Le lun. 20 janv. 2025 à 14:27, Richard Zowalla <[email protected]> a écrit :
> >
> > Thanks!
> >
> > - Checked binaries and sources
> > - Validated hashes and signatures
> > - Build from source
> > - Run topologies locally and remote
> >
> > +1 (binding)
> >
> > Note: log4j2 bindings need to be updated on the user side for slf4j2 to
> work correctly. Just a heads up for testers ;-)
> >
> > Gruß
> > Richard
> >
> >
> > On 2025/01/19 17:09:57 Rui Abreu wrote:
> > > Hi folks,
> > >
> > > I have posted a 1st release candidate for the Apache Storm 2.8.0
> > > release and it is ready for testing.
> > >
> > > The Nexus staging repository is here:
> > >
> https://repository.apache.org/content/repositories/orgapachestorm-1117
> > >
> > > Storm Source and Binary Release with sha512 signature files are here:
> > >
> https://dist.apache.org/repos/dist/dev/storm/apache-storm-2.8.0-rc1/
> > > The release artifacts are signed with the following key:
> > >
> https://keyserver.ubuntu.com/pks/lookup?op=index&fingerprint=on&search=rabreu
> > > in this file https://www.apache.org/dist/storm/KEYS
> > >
> > > The release was made from the Apache Storm 2.8.0 tag at:
> > >
> > > https://github.com/apache/storm/tree/v2.8.0
> > >
> > > Full list of changes in this release:
> > >
> https://dist.apache.org/repos/dist/dev/storm/apache-storm-2.8.0-rc1/RELEASE_NOTES.html
> > >
> > > To use it in a maven build set the version for Storm to 2.8.0 and add
> > > the following URL to your settings.xml file:
> > >
> > > https://repository.apache.org/content/repositories/orgapachestorm-1117
> > >
> > > The release was made using the Storm release process, documented on
> > > the GitHub repository:
> > > https://github.com/apache/storm/blob/master/RELEASING.md
> > >
> > > Please vote on releasing these packages as Apache Storm 2.8.0. The
> > > vote is open for at least the next 72 hours.
> > >
> > > "How to vote" is described here:
> > >
> https://github.com/apache/storm/blob/master/RELEASING.md#how-to-vote-on-a-release-candidate
> > > When voting, please list the actions taken to verify the release.
> > >
> > > Only votes from the Storm PMC are binding, but everyone is welcome to
> > > check the release candidate and vote.
> > > The vote passes if at least three binding +1 votes are cast.
> > >
> > > [ ] +1 Release this package as Apache Storm 2.8.0
> > > [ ] 0 No opinion
> > > [ ] -1 Do not release this package because...
> > >
> > > Thanks to everyone who contributed to this release.
> > >
> > > Thanks!
> > >
>
