[ https://issues.apache.org/jira/browse/CALCITE-6590?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17884578#comment-17884578 ]
Istvan Toth edited comment on CALCITE-6590 at 9/25/24 1:26 PM: --------------------------------------------------------------- bq. Looking at the code, getSubject() only seems to be called when Kerberos authentication is explicitly configured, bq. which typically means Hadoop-related environments, where this option will be needed anyway by the other libraries. This is not true. We call Subject.doAs every time we start the Avatica HTTP server. was (Author: stoty): bq. Looking at the code, getSubject() only seems to be called when Kerberos authentication is explicitly configured, bq. which typically means Hadoop-related environments, where this option will be needed anyway by the other libraries. This is not true. We call Subject.doAs every time we start the Avatica HTPP server. > Run tests with java.security.manager=allow on JDK23+ in Avatica > --------------------------------------------------------------- > > Key: CALCITE-6590 > URL: https://issues.apache.org/jira/browse/CALCITE-6590 > Project: Calcite > Issue Type: Bug > Reporter: Julian Hyde > Assignee: Istvan Toth > Priority: Major > Labels: pull-request-available > Fix For: 1.26.0 > > > Remove use of Java SecurityManager in Avatica. > Running Avatica on JDK 23 (or JRE 23) we get the following runtime errors: > {noformat} > Caused by: java.lang.UnsupportedOperationException: getSubject is supported > only if a security manager is allowed at > java.base/javax.security.auth.Subject.getSubject(Subject.java:347) at > org.apache.calcite.avatica.server.SubjectPreservingPrivilegedThreadFactory.newThread(SubjectPreservingPrivilegedThreadFactory.java:43) > {noformat} > We were warned - the {{getSubject}} method has been deprecated since JDK 18. > The deprecation did not cause a build failure, due to CALCITE-5136. > HADOOP-19212 is an issue with the same underlying cause. > The message "getSubject is supported only if a security manager is allowed" > implies that another solution would be to enable a security manager > (including during tests, and when Avatica is used in Calcite's tests). Should > we consider that? If so, please change the case summary. -- This message was sent by Atlassian Jira (v8.20.10#820010)