...
Kafka has a compile-time dependency on the AccessController
class in clients
, core
, and connect:runtime
, and the removal of SecurityManager and it's accompanying classes would make these modules un-buildable with their current implementation.
Public Interfaces
The In a separate KIP, the Kafka project should define a major release in which SecurityManager support will be removed. It is not possible to remove support for this feature in a minor release, as it would constitute a breaking change.will choose a major version to drop support for Java 17, and make the minimum supported version 21. In this same release, we will drop support for the SecurityManager entirely from Kafka.
From this major version forward, Kafka operators will not be able to secure their clients, brokers, or connector runtimes with the SecurityManager. As soon as this KIP is approved, Kafka users should consider the SecurityManager deprecated, and begin migrating away from it to prepare for the removal.
Proposed Changes
There are two strategies for approaching the removal that we should pursue concurrently:
...
In an upcoming minor release after this KIP, the following deprecated calls will be changed to use reflection. If the legacy implementations are available and execute without throwing UnsupportedOperationException, they will be used. If not, the modern implementations will be called reflectively.
In the major release which removes SecurityManager support, the reflection will be replaced with direct calls to the modern implementations.
Proposed Changes
A static utility in clients
will reflectively examine the presence or absence of the legacy and modern implementations.
If it finds that the legacy implementation is available, it will use it. If not, the modern implementation is substituted. If the legacy implementation is used and throws an UnsupportedOperationException, the modern implementation will be used and further calls will always use the modern implementation.
Class | Legacy implementation | Modern implementation |
---|---|---|
SaslClientCallbackHandler OAuthBearerSaslClientCallbackHandler | Subject.getSubject | Subject.current |
SaslClientAuthenticator SaslServerAuthenticator | Subject#doAs | Subject#callAs |
ClassLoaderFactory PluginScanner RemoteLogManager SynchronizationTest | AccessController#doPrivileged | Pass-through/call runnable directly |
In the major release which removes SecurityManager support, the reflection will be replaced with direct calls to the modern implementations.
Compatibility, Deprecation, and Migration Plan
...