[
https://issues.apache.org/jira/browse/ARTEMIS-5711?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Justin Bertram updated ARTEMIS-5711:
------------------------------------
Description:
The Java SecurityManager was deprecated in Java 17 for removal, with no aim to
replace the functionality. The Subject class also uses parts of the
{{SecurityManager}} API, but it has its own usages beyond the
{{SecurityManager}} functionality, so replacement functionality for the
affected methods were added in Java 18 in the {{Subject.current()}} and
{{Subject.callAs(..)}} methods.
Java 23 began the process for removing the {{SecurityManager}} implementation,
reimplementing the Subject methods with both the old and newer behaviours, and
making {{Subject.getSubject(..)}} throw {{UnsupportedOperationException}}
unless an option flag is used to enable support for a {{SecurityManager}}
(still without actually needing to have an SM in use). [Java 24 actually
removed the SecurityManager implementation|https://openjdk.org/jeps/486] , and
made {{Subject.getSubject()}} always throw {{UnsupportedOperationException}}.
As a result of these changes, building and testing Artemis does not work on
Java 23+ currently, and there are issues running on Java 23+ without at least
disabling the AuditLogging functionality that uses {{Subject.getSubject(..)}}.
These issues can be seen discussed in the referenced ARTEMIS-4975 and
ARTEMIS-5374. Though the other SecurityManager APIs are still present and
'functional' (effectively passthroughs), the APIs will be removed in a future
JDK which will itself present another issue to building and running on those
JDKs
This Jira seeks to enable building/testing and running on Java 25 and beyond by
addressing these issues. To achieve this, references to the {{SecurityManager}}
/ {{Subject}} APIs affected will be contained to a wrapper shim, with an
implementation using the old methods targeting Java 17-23, and a second shim
implementation using the new Subject methods (and not using any
{{SecurityManager}} methods at all) targeting Java 24+ and thus enabling Java
25 support and avoiding issues when the old APIs are later removed. (NOTE: on
Java 23 this approach will still requiring either the flag to enable
{{SecurityManager}} support, or disabling the audit logging to avoid it calling
{{Subject.getSubject(..)}}, if not just upgrading to e.g a supported Java 25
release)
Whilst it will still be possible to run/build/test on Java 17+, a side effect
of this approach will be requiring that releases are created using Java 25,
which was [discussed and agreed on the mailing
lists|https://lists.apache.org/thread/7vspfpmfnfqd6fmvpjzm0kr59b5dm9j2].
was:
The Java SecurityManager was deprecated in Java 17 for removal, with no aim to
replace the functionality. The Subject class also uses parts of the
SecurityManager API, but it has its own usages beyond the SecurityManager
functionality, so replacement functionality for the affected methods were added
in Java 18 in the Subject.current() and Subject.callAs(..) methods.
Java 23 began the process for removing the SecurityManager implementation,
reimplementing the Subject methods with both the old and newer behaviours, and
making Subject.getSubject(..) throw UnsupportedOperationException unless an
option flag is used to enable support for a SecurityManager (still without
actually needing to have an SM in use). [Java 24 actually removed the
SecurityManager implementation|https://openjdk.org/jeps/486] , and made
Subject.getSubject() always throw UnsupportedOperationException. As a result of
these changes, building and testing Artemis does not work on Java 23+
currently, and there are issues running on Java 23+ without at least disabling
the AuditLogging functionality that uses Subject.getSubject(..). These issues
can be seen discussed in the referenced ARTEMIS-4975 and ARTEMIS-5374. Though
the other SecurityManager APIs are still present and 'functional' (effectively
passthroughs), the APIs will be removed in a future JDK which will itself
present another issue to building and running on those JDKs
This Jira seeks to enable building/testing and running on Java 25 and beyond by
addressing these issues. To achieve this, references to the SecurityManager /
Subject APIs affected will be contained to a wrapper shim, with an
implementation using the old methods targeting Java 17-23, and a second shim
implementation using the new Subject methods (and not using any SecurityManager
methods at all) targeting Java 24+ and thus enabling Java 25 support and
avoiding issues when the old APIs are later removed. (NOTE: on Java 23 this
approach will still requiring either the flag to enable SecurityManager
support, or disabling the audit logging to avoid it calling
Subject.getSubject(..), if not just upgrading to e.g a supported Java 25
release)
Whilst it will still be possible to run/build/test on Java 17+, a side effect
of this approach will be requiring that releases are created using Java 25,
which was [discussed and agreed on the mailing
lists|https://lists.apache.org/thread/7vspfpmfnfqd6fmvpjzm0kr59b5dm9j2].
> Enable support for building and running on Java 25
> --------------------------------------------------
>
> Key: ARTEMIS-5711
> URL: https://issues.apache.org/jira/browse/ARTEMIS-5711
> Project: ActiveMQ Artemis
> Issue Type: Improvement
> Affects Versions: 2.43.0
> Reporter: Robbie Gemmell
> Assignee: Robbie Gemmell
> Priority: Major
> Labels: pull-request-available
> Fix For: 2.44.0
>
> Time Spent: 3h
> Remaining Estimate: 0h
>
> The Java SecurityManager was deprecated in Java 17 for removal, with no aim
> to replace the functionality. The Subject class also uses parts of the
> {{SecurityManager}} API, but it has its own usages beyond the
> {{SecurityManager}} functionality, so replacement functionality for the
> affected methods were added in Java 18 in the {{Subject.current()}} and
> {{Subject.callAs(..)}} methods.
> Java 23 began the process for removing the {{SecurityManager}}
> implementation, reimplementing the Subject methods with both the old and
> newer behaviours, and making {{Subject.getSubject(..)}} throw
> {{UnsupportedOperationException}} unless an option flag is used to enable
> support for a {{SecurityManager}} (still without actually needing to have an
> SM in use). [Java 24 actually removed the SecurityManager
> implementation|https://openjdk.org/jeps/486] , and made
> {{Subject.getSubject()}} always throw {{UnsupportedOperationException}}. As a
> result of these changes, building and testing Artemis does not work on Java
> 23+ currently, and there are issues running on Java 23+ without at least
> disabling the AuditLogging functionality that uses
> {{Subject.getSubject(..)}}. These issues can be seen discussed in the
> referenced ARTEMIS-4975 and ARTEMIS-5374. Though the other SecurityManager
> APIs are still present and 'functional' (effectively passthroughs), the APIs
> will be removed in a future JDK which will itself present another issue to
> building and running on those JDKs
> This Jira seeks to enable building/testing and running on Java 25 and beyond
> by addressing these issues. To achieve this, references to the
> {{SecurityManager}} / {{Subject}} APIs affected will be contained to a
> wrapper shim, with an implementation using the old methods targeting Java
> 17-23, and a second shim implementation using the new Subject methods (and
> not using any {{SecurityManager}} methods at all) targeting Java 24+ and thus
> enabling Java 25 support and avoiding issues when the old APIs are later
> removed. (NOTE: on Java 23 this approach will still requiring either the flag
> to enable {{SecurityManager}} support, or disabling the audit logging to
> avoid it calling {{Subject.getSubject(..)}}, if not just upgrading to e.g a
> supported Java 25 release)
> Whilst it will still be possible to run/build/test on Java 17+, a side effect
> of this approach will be requiring that releases are created using Java 25,
> which was [discussed and agreed on the mailing
> lists|https://lists.apache.org/thread/7vspfpmfnfqd6fmvpjzm0kr59b5dm9j2].
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
For further information, visit: https://activemq.apache.org/contact
