OAK-11199 getSubject is supported only if a security manager is allowed

oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/jmx/Delegatee.java

@@ -23,6 +23,7 @@
 import org.apache.jackrabbit.oak.api.ContentRepository;
 import org.apache.jackrabbit.oak.api.ContentSession;
 import org.apache.jackrabbit.oak.api.Root;
+import org.apache.jackrabbit.oak.commons.jdkcompat.Java23Security;
 import org.apache.jackrabbit.oak.namepath.NamePathMapper;
 import org.apache.jackrabbit.oak.plugins.value.jcr.ValueFactoryImpl;
 import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
@@ -46,7 +47,6 @@
 import org.slf4j.LoggerFactory;
 
 import javax.jcr.RepositoryException;
-import javax.security.auth.Subject;
 import java.io.IOException;
 import java.security.PrivilegedActionException;
 import java.security.PrivilegedExceptionAction;
@@ -107,7 +107,7 @@ static Delegatee createInstance(@NotNull final ContentRepository repository,
                                     int batchSize) {
         ContentSession systemSession;
         try {
-            systemSession = Subject.doAs(SystemSubject.INSTANCE, (PrivilegedExceptionAction<ContentSession>) () -> repository.login(null, null));
+            systemSession = Java23Security.doAs(SystemSubject.INSTANCE, (PrivilegedExceptionAction<ContentSession>) () -> repository.login(null, null));
         } catch (PrivilegedActionException e) {
             throw new SyncRuntimeException(ERROR_CREATE_DELEGATEE, e);
         }

oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/AbstractExternalAuthTest.java

@@ -27,6 +27,7 @@
 import org.apache.jackrabbit.oak.api.Root;
 import org.apache.jackrabbit.oak.api.Tree;
 import org.apache.jackrabbit.oak.api.Type;
+import org.apache.jackrabbit.oak.commons.jdkcompat.Java23Security;
 import org.apache.jackrabbit.oak.commons.collections.CollectionUtils;
 import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
 import org.apache.jackrabbit.oak.spi.security.authentication.SystemSubject;
@@ -44,7 +45,6 @@
 import org.junit.Rule;
 
 import javax.jcr.RepositoryException;
-import javax.security.auth.Subject;
 import java.security.PrivilegedExceptionAction;
 import java.util.Calendar;
 import java.util.Collections;
@@ -213,7 +213,7 @@ protected DefaultSyncHandler registerSyncHandler(@NotNull Map<String, Object> sy
     @NotNull
     protected Root getSystemRoot() throws Exception {
         if (systemRoot == null) {
-            systemSession = Subject.doAs(SystemSubject.INSTANCE, (PrivilegedExceptionAction<ContentSession>) () -> getContentRepository().login(null, null));
+            systemSession = Java23Security.doAs(SystemSubject.INSTANCE, (PrivilegedExceptionAction<ContentSession>) () -> getContentRepository().login(null, null));
             systemRoot = systemSession.getLatestRoot();
         }
         return systemRoot;

oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/ExternalIdentityImporterTest.java

@@ -24,9 +24,9 @@
 import javax.jcr.Repository;
 import javax.jcr.Session;
 import javax.jcr.SimpleCredentials;
-import javax.security.auth.Subject;
 
 import org.apache.jackrabbit.api.JackrabbitRepository;
+import org.apache.jackrabbit.oak.commons.jdkcompat.Java23Security;
 import org.apache.jackrabbit.oak.jcr.Jcr;
 import org.apache.jackrabbit.oak.query.QueryEngineSettings;
 import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
@@ -88,7 +88,7 @@ private static void shutdown(Repository repo) {
 
     Session createSession(Repository repo, boolean isSystem) throws Exception {
         if (isSystem) {
-            return Subject.doAs(SystemSubject.INSTANCE, (PrivilegedExceptionAction<Session>) () -> repo.login(null, null));
+            return Java23Security.doAs(SystemSubject.INSTANCE, (PrivilegedExceptionAction<Session>) () -> repo.login(null, null));
         } else {
             return repo.login(new SimpleCredentials(UserConstants.DEFAULT_ADMIN_ID, UserConstants.DEFAULT_ADMIN_ID.toCharArray()));
         }

oak-authorization-principalbased/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/principalbased/impl/AccessControlManagerLimitedSystemUserTest.java

@@ -20,6 +20,7 @@
 import org.apache.jackrabbit.api.security.user.User;
 import org.apache.jackrabbit.oak.api.AuthInfo;
 import org.apache.jackrabbit.oak.api.Root;
+import org.apache.jackrabbit.oak.commons.jdkcompat.Java23Security;
 import org.apache.jackrabbit.oak.spi.security.authentication.AuthInfoImpl;
 import org.jetbrains.annotations.NotNull;
 import org.jetbrains.annotations.Nullable;
@@ -62,7 +63,7 @@ Root createTestRoot() throws Exception {
         Set<Principal> principals = Set.of(testPrincipal);
         AuthInfo authInfo = new AuthInfoImpl(UID, Collections.emptyMap(), principals);
         Subject subject = new Subject(true, principals, Set.of(authInfo), Set.of());
-        return Subject.doAsPrivileged(subject, (PrivilegedExceptionAction<Root>) () -> getContentRepository().login(null, null).getLatestRoot(), null);
+        return Java23Security.doAsPrivileged(subject, (PrivilegedExceptionAction<Root>) () -> getContentRepository().login(null, null).getLatestRoot(), null);
     }
 
     void grant(@NotNull Principal principal, @Nullable String path, @NotNull String... privNames) throws Exception {

oak-authorization-principalbased/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/principalbased/impl/ReadablePathsAccessControlTest.java

@@ -22,6 +22,7 @@
 import org.apache.jackrabbit.JcrConstants;
 import org.apache.jackrabbit.api.security.JackrabbitAccessControlManager;
 import org.apache.jackrabbit.oak.api.ContentSession;
+import org.apache.jackrabbit.oak.commons.jdkcompat.Java23Security;
 import org.apache.jackrabbit.oak.commons.PathUtils;
 import org.apache.jackrabbit.oak.commons.collections.CollectionUtils;
 import org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration;
@@ -84,7 +85,7 @@ private Subject getTestSubject() {
 
     @Test
     public void testHasPrivilege() throws Exception {
-        try (ContentSession cs = Subject.doAsPrivileged(getTestSubject(), (PrivilegedExceptionAction<ContentSession>) () -> getContentRepository().login(null, null), null)) {
+        try (ContentSession cs = Java23Security.doAsPrivileged(getTestSubject(), (PrivilegedExceptionAction<ContentSession>) () -> getContentRepository().login(null, null), null)) {
             PrincipalBasedAccessControlManager testAcMgr = new PrincipalBasedAccessControlManager(getMgrProvider(cs.getLatestRoot()), getFilterProvider());
 
             Set<Principal> principals = Collections.singleton(testPrincipal);
@@ -99,7 +100,7 @@ public void testHasPrivilege() throws Exception {
 
     @Test
     public void testNotHasPrivilege() throws Exception {
-        try (ContentSession cs = Subject.doAsPrivileged(getTestSubject(), (PrivilegedExceptionAction<ContentSession>) () -> getContentRepository().login(null, null), null)) {
+        try (ContentSession cs = Java23Security.doAsPrivileged(getTestSubject(), (PrivilegedExceptionAction<ContentSession>) () -> getContentRepository().login(null, null), null)) {
             PrincipalBasedAccessControlManager testAcMgr = new PrincipalBasedAccessControlManager(getMgrProvider(cs.getLatestRoot()), getFilterProvider());
 
             Set<Principal> principals = Collections.singleton(testPrincipal);
@@ -140,7 +141,7 @@ public void testNotHasPrivilegePrincipal() throws Exception {
 
     @Test
     public void testGetPrivileges() throws Exception {
-        try (ContentSession cs = Subject.doAsPrivileged(getTestSubject(), (PrivilegedExceptionAction<ContentSession>) () -> getContentRepository().login(null, null), null)) {
+        try (ContentSession cs = Java23Security.doAsPrivileged(getTestSubject(), (PrivilegedExceptionAction<ContentSession>) () -> getContentRepository().login(null, null), null)) {
             PrincipalBasedAccessControlManager testAcMgr = new PrincipalBasedAccessControlManager(getMgrProvider(cs.getLatestRoot()), getFilterProvider());
 
             Privilege[] expected = privilegesFromNames(JCR_READ);
@@ -152,7 +153,7 @@ public void testGetPrivileges() throws Exception {
 
     @Test(expected = PathNotFoundException.class)
     public void testGetPrivilegesAtRoot() throws Exception {
-        try (ContentSession cs = Subject.doAsPrivileged(getTestSubject(), (PrivilegedExceptionAction<ContentSession>) () -> getContentRepository().login(null, null), null)) {
+        try (ContentSession cs = Java23Security.doAsPrivileged(getTestSubject(), (PrivilegedExceptionAction<ContentSession>) () -> getContentRepository().login(null, null), null)) {
             PrincipalBasedAccessControlManager testAcMgr = new PrincipalBasedAccessControlManager(getMgrProvider(cs.getLatestRoot()), getFilterProvider());
             testAcMgr.getPrivileges(ROOT_PATH);
         }
@@ -186,7 +187,7 @@ public void testGetEffectivePoliciesNullPath() throws Exception {
 
     @Test(expected = AccessDeniedException.class)
     public void testGetEffectivePoliciesLimitedAccess() throws Exception {
-        try (ContentSession cs = Subject.doAsPrivileged(getTestSubject(), (PrivilegedExceptionAction<ContentSession>) () -> getContentRepository().login(null, null), null)) {
+        try (ContentSession cs = Java23Security.doAsPrivileged(getTestSubject(), (PrivilegedExceptionAction<ContentSession>) () -> getContentRepository().login(null, null), null)) {
             PrincipalBasedAccessControlManager testAcMgr = new PrincipalBasedAccessControlManager(getMgrProvider(cs.getLatestRoot()), getFilterProvider());
             testAcMgr.getEffectivePolicies(readablePaths.next());
         }
@@ -201,7 +202,7 @@ public void testGetEffectivePoliciesLimitedAccess2() throws Exception {
         root.commit();
 
         // test-session can read-ac at readable path but cannot access principal-based policy
-        try (ContentSession cs = Subject.doAsPrivileged(getTestSubject(), (PrivilegedExceptionAction<ContentSession>) () -> getContentRepository().login(null, null), null)) {
+        try (ContentSession cs = Java23Security.doAsPrivileged(getTestSubject(), (PrivilegedExceptionAction<ContentSession>) () -> getContentRepository().login(null, null), null)) {
             PrincipalBasedAccessControlManager testAcMgr = new PrincipalBasedAccessControlManager(getMgrProvider(cs.getLatestRoot()), getFilterProvider());
             Set<AccessControlPolicy> effective = ImmutableSet.copyOf(testAcMgr.getEffectivePolicies(path));
 
@@ -220,7 +221,7 @@ public void testGetEffectivePoliciesLimitedAccess3() throws Exception {
         root.commit();
 
         // test-session can read-ac at readable path and at principal-based policy
-        try (ContentSession cs = Subject.doAsPrivileged(getTestSubject(), (PrivilegedExceptionAction<ContentSession>) () -> getContentRepository().login(null, null), null)) {
+        try (ContentSession cs = Java23Security.doAsPrivileged(getTestSubject(), (PrivilegedExceptionAction<ContentSession>) () -> getContentRepository().login(null, null), null)) {
             PrincipalBasedAccessControlManager testAcMgr = new PrincipalBasedAccessControlManager(getMgrProvider(cs.getLatestRoot()), getFilterProvider());
             Set<AccessControlPolicy> effective = CollectionUtils.toSet(testAcMgr.getEffectivePolicies(path));
 

oak-benchmarks/src/main/java/org/apache/jackrabbit/oak/benchmark/AbstractTest.java

@@ -37,6 +37,7 @@
 import org.apache.commons.lang3.ArrayUtils;
 import org.apache.commons.math3.stat.descriptive.DescriptiveStatistics;
 import org.apache.commons.math3.stat.descriptive.SynchronizedDescriptiveStatistics;
+import org.apache.jackrabbit.oak.commons.jdkcompat.Java23Security;
 import org.apache.jackrabbit.oak.commons.Profiler;
 import org.apache.jackrabbit.oak.fixture.RepositoryFixture;
 import org.apache.jackrabbit.oak.spi.security.authentication.SystemSubject;
@@ -588,7 +589,7 @@ protected Session systemLogin() {
     protected Session loginSubject(@NotNull Subject subject) {
         try {
 
-            return Subject.doAsPrivileged(subject, new PrivilegedExceptionAction<Session>() {
+            return Java23Security.doAsPrivileged(subject, new PrivilegedExceptionAction<Session>() {
                 @Override
                 public Session run() throws Exception {
                     return getRepository().login(null, null);

oak-benchmarks/src/main/java/org/apache/jackrabbit/oak/benchmark/CugOakTest.java

@@ -29,6 +29,7 @@
 import org.apache.jackrabbit.oak.api.ContentSession;
 import org.apache.jackrabbit.oak.api.PropertyState;
 import org.apache.jackrabbit.oak.api.Root;
+import org.apache.jackrabbit.oak.commons.jdkcompat.Java23Security;
 import org.apache.jackrabbit.oak.fixture.JcrCreator;
 import org.apache.jackrabbit.oak.fixture.OakRepositoryFixture;
 import org.apache.jackrabbit.oak.fixture.RepositoryFixture;
@@ -89,7 +90,7 @@ protected void runTest() throws Exception {
         if (singleSession) {
             readSession = cs;
         } else {
-            readSession = Subject.doAs(subject, new PrivilegedAction<ContentSession>() {
+            readSession = Java23Security.doAs(subject, new PrivilegedAction<ContentSession>() {
                 @Override
                 public ContentSession run() {
                     try {

oak-benchmarks/src/main/java/org/apache/jackrabbit/oak/benchmark/LoginSystemTest.java

@@ -25,6 +25,7 @@
 import javax.security.auth.Subject;
 
 import org.apache.jackrabbit.core.security.SystemPrincipal;
+import org.apache.jackrabbit.oak.commons.jdkcompat.Java23Security;
 import org.apache.jackrabbit.oak.jcr.repository.RepositoryImpl;
 import org.apache.jackrabbit.oak.spi.security.authentication.SystemSubject;
 
@@ -46,7 +47,7 @@ public void beforeSuite() throws Exception {
     public void runTest() throws RepositoryException {
         for (int i = 0; i < COUNT; i++) {
             try {
-                Subject.doAsPrivileged(subject, new PrivilegedExceptionAction<Session>() {
+                Java23Security.doAsPrivileged(subject, new PrivilegedExceptionAction<Session>() {
                     @Override
                     public Session run() throws Exception {
                         return getRepository().login(null, null);

oak-commons/pom.xml

@@ -55,7 +55,8 @@
               org.apache.jackrabbit.oak.commons.json,
               org.apache.jackrabbit.oak.commons.log,
               org.apache.jackrabbit.oak.commons.sort,
-              org.apache.jackrabbit.oak.commons.properties
+              org.apache.jackrabbit.oak.commons.properties,
+              org.apache.jackrabbit.oak.commons.jdkcompat
             </Export-Package>
           </instructions>
         </configuration>

oak-commons/src/main/java/org/apache/jackrabbit/oak/commons/jdkcompat/Java23Security.java

@@ -0,0 +1,115 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.commons.jdkcompat;
+
+import javax.security.auth.Subject;
+import java.lang.reflect.InvocationTargetException;
+import java.lang.reflect.Method;
+import java.security.AccessControlContext;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
+import java.util.concurrent.Callable;
+
+/**
+ * This class contains methods replacing the deprecated
+ * {@link Subject#getSubject(AccessControlContext)} 
+ * and associated methods, which changed their behavior
+ * with Java 23 (@see https://inside.java/2024/07/08/quality-heads-up).
+ */
+public class Java23Security {
+
+    static Method current, callAs;
+
+    static {
+        try {
+            current = Subject.class.getMethod("current");
+            callAs = Subject.class.getMethod("callAs", Subject.class, Callable.class);
+        } catch (NoSuchMethodException ignored) {}
+    }
+
+    public static Subject getSubject() {
+        Subject result;
+        if (current != null) {
+            try {
+                result = (Subject) current.invoke(null);
+            } catch (InvocationTargetException | IllegalAccessException e) {
+                throw new SecurityException(e);
+            }
+        } else {
+            result = Subject.getSubject(AccessController.getContext());
+        }
+        return result;
+    }
+
+    public static <T> T doAs(Subject subject, PrivilegedAction<T> action) {
+        T result;
+        if (callAs != null) {
+            try {
+                result = (T) callAs.invoke(null, subject, (Callable<T>) () -> action.run());
+            } catch (InvocationTargetException | IllegalAccessException e) {
+                throw new SecurityException(e);
+            }
+        } else {
+            result = Subject.doAs(subject, action);
+        }
+        return result;
+    }
+
+    public static <T> T doAsPrivileged(Subject subject, PrivilegedAction<T> action, AccessControlContext acc) {
+        T result;
+        if (callAs != null) {
+            try {
+                result = (T) callAs.invoke(null, subject, (Callable<T>) () -> action.run());
+            } catch (InvocationTargetException | IllegalAccessException e) {
+                throw new SecurityException(e);
+            }
+        } else {
+            result = Subject.doAsPrivileged(subject, action, acc);
+        }
+        return result;
+    }
+
+    public static <T> T doAs(Subject subject, PrivilegedExceptionAction<T> action) throws PrivilegedActionException {
+        T result;
+        if (callAs != null) {
+            try {
+                result = (T) callAs.invoke(null, subject, (Callable<T>) () -> action.run());
+            } catch (InvocationTargetException | IllegalAccessException e) {
+                throw new SecurityException(e);
+            }
+        } else {
+            result = Subject.doAs(subject, action);
+        }
+        return result;
+    }
+
+    public static <T> T doAsPrivileged(Subject subject, PrivilegedExceptionAction<T> action, AccessControlContext acc) throws PrivilegedActionException {
+        T result;
+        if (callAs != null) {
+            try {
+                result = (T) callAs.invoke(null, subject, (Callable<T>) () -> action.run());
+            } catch (InvocationTargetException | IllegalAccessException e) {
+                throw new SecurityException(e);
+            }
+        } else {
+            result = Subject.doAsPrivileged(subject, action, acc);
+        }
+        return result;
+    }
+}

oak-commons/src/main/java/org/apache/jackrabbit/oak/commons/jdkcompat/package-info.java

@@ -0,0 +1,28 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+/**
+ * Package containing utilities to handle incompatible JDK changes.
+ */
+@Internal
+@Version("1.0.0")
+package org.apache.jackrabbit.oak.commons.jdkcompat;
+
+import org.apache.jackrabbit.oak.commons.annotations.Internal;
+import org.osgi.annotation.versioning.Version;