Skip to content

[CALCITE-6590] Use reflection to handle Java SecurityManager deprecation in Avatica #251

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
stoty wants to merge 14 commits into from
Closed

[CALCITE-6590] Use reflection to handle Java SecurityManager deprecation in Avatica #251

stoty wants to merge 14 commits into from
+234 −23

Conversation

@stoty
Copy link
Contributor

@stoty stoty commented Sep 26, 2024

Also bump ByteBuddy version to 1.15.1

@stoty
Copy link
Contributor Author

stoty commented Sep 26, 2024

This is the alternate patch using reflection.

@stoty stoty requested a review from julianhyde September 26, 2024 18:39
@stoty stoty force-pushed the CALCITE-6590-reflection branch from 5a76c1d to 1b50792 Compare September 27, 2024 06:31
@stoty stoty changed the title [CALCITE-6590] Remove use of Java SecurityManager in Avatica [CALCITE-6590] Use reflection to handle Java SecurityManager deprecation in Avatica Sep 27, 2024
@stoty stoty changed the title [CALCITE-6590] Use reflection to handle Java SecurityManager deprecation in Avatica [CALCITE-6590] Use reflection to handle Java SecurityManager deprecation in Avatica Sep 27, 2024
@stoty stoty changed the title [CALCITE-6590] Use reflection to handle Java SecurityManager deprecation in Avatica [CALCITE-6590] Use reflection to handle Java SecurityManager deprecation in Avatica Sep 27, 2024
@stoty stoty force-pushed the CALCITE-6590-reflection branch from 1b50792 to b254987 Compare September 30, 2024 07:08
@stoty
Copy link
Contributor Author

stoty commented Oct 8, 2024

Have you been able to check this @julianhyde ?

stoty
stoty commented Oct 15, 2024
View reviewed changes
@stoty
Copy link
Contributor Author

stoty commented Jan 16, 2025

The approach here is directly lifted from Jetty (pruning some unused functions)

@stoty stoty requested review from F21 and zabetak January 16, 2025 13:45
@stoty
Copy link
Contributor Author

stoty commented Jan 16, 2025

rebased on main

chrisdennis
chrisdennis reviewed Jan 22, 2025
View reviewed changes
Copy link
Contributor

@chrisdennis chrisdennis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Since community review was requested I figured I'd cast an eye over this. The usage of SecurityUtils looks fine to me... the class itself has some issues for me though. Not sure how you want to approach that though, and obviously feel free to dismiss all of this if desired.

@zabetak zabetak mentioned this pull request Jan 23, 2025
Closed
zabetak
zabetak reviewed Jan 24, 2025
View reviewed changes
@chrisdennis
Copy link
Contributor

chrisdennis commented Jan 24, 2025

I realized my suggestions for SecurityUtils were getting a little involved so I coded up the result and PRed here: stoty#1

chrisdennis and others added 2 commits January 25, 2025 11:06
@stoty
Copy link
Contributor Author

stoty commented Jan 25, 2025

I have applied your PR, and made some minor changes. These are in different commits.
Please check them @chrisdennis .

@stoty stoty requested review from chrisdennis and zabetak January 25, 2025 10:59
chrisdennis
chrisdennis approved these changes Jan 25, 2025
View reviewed changes
Copy link
Contributor

@chrisdennis chrisdennis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me... you rightly point out that what we have makes some assumptions about the order of any future removals but I think they're reasonable assumptions.

zabetak
zabetak reviewed Jan 27, 2025
View reviewed changes
Copy link
Member

@zabetak zabetak left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Few small comments and I think we are ready to merge this.

@stoty
Copy link
Contributor Author

stoty commented Jan 27, 2025
edited
Loading

I have changed the name back to sneakyThrow().

Since we're going for perfection, we may also want to reconsider callAs().

Subject callAs() throws Exceptions, and the fallback path now also throws exceptions (wrapped in PrivilegedActionException).

We could change it to something like :

  public static <T> T callAs(Subject subject, Callable<T> action) throws Exception {
    try {
      return (T) CALL_AS.invoke(subject, action);
    } catch (PrivilegedActionException e) {
      e.getException();
    } catch (Exception e) {
      throw e;
    } catch (Throwable t) {
      throw sneakyThrow(t);
    }
  }

@chrisdennis
Copy link
Contributor

chrisdennis commented Jan 27, 2025

Since we're going for perfection, we may also want to reconsider callAs().

Apologies for triggering some (all?) of this bike-shedding.

Subject callAs() throws Exceptions, and the fallback path now also throws exceptions (wrapped in PrivilegedActionException).

I'm confused, Subject.callAs(...) throws CompletionException if the action throws, which is what the current code does, unwrapping any PrivilegedActionException and rewrapping it in case we're backed by the old doAs(...) method. The only tweak I'd make to the current code is that the Exception catch and rethrow is redundant given the sneakyThrow(t) call.

@stoty
Copy link
Contributor Author

stoty commented Jan 27, 2025

I'm confused, Subject.callAs(...) throws CompletionException if the action throws, which is what the current code does, unwrapping any PrivilegedActionException and rewrapping it in case we're backed by the old doAs(...) method. The only tweak I'd make to the current code is that the Exception catch and rethrow is redundant given the sneakyThrow(t) call.

You are right.

However, since Subject.callAs() explicitly throws CompletionException, shouldn't SecurityUtils.callAs() also explictly throw CompletionException ?

@chrisdennis
Copy link
Contributor

chrisdennis commented Jan 27, 2025

However, since Subject.callAs() explicitly throws CompletionException, shouldn't SecurityUtils.callAs() also explictly throw CompletionException ?

Yes, that would make sense.

@stoty
Copy link
Contributor Author

stoty commented Jan 28, 2025

This is as polished as it gets now. Can you do a final review @zabetak ?

zabetak
zabetak approved these changes Jan 28, 2025
View reviewed changes
Copy link
Member

@zabetak zabetak left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The changes in the PR LGTM!

I also run ./gradlew build with JDK23 locally and it passed without problems so I guess we are good to merge this.

@stoty
Copy link
Contributor Author

stoty commented Jan 28, 2025

Merged manually.
(Maybe we could enable squash merges...)

@stoty stoty closed this Jan 28, 2025
@F21
Copy link
Member

F21 commented Jan 28, 2025

Thanks for getting this in @stoty, @chrisdennis and @zabetak!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@zabetak zabetak zabetak approved these changes

@julianhyde julianhyde Awaiting requested review from julianhyde

@F21 F21 Awaiting requested review from F21

+1 more reviewer

@chrisdennis chrisdennis chrisdennis approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@stoty @chrisdennis @F21 @zabetak