google-auth-library-java
google-auth-library-java copied to clipboard
googleapis
Method implementation and logic isOnGAEStandard7() is incorrect for java21 jetty which does not define the old jetty logging class.
An Appengine customer recently filed this bug:
We recently upgraded to Java 21 and noticed a change in behavior when calling GoogleCredentials.getApplicationDefault()
Before Java 21, it was returning us a ComputeEngineCredentials, which was expected.But now it is returning us an AppEngineCredentials so we have to set a environment to revert to the old behavior.
We suspect maybe one of the conditions changed in isOnGaeStandard7() on Java 21 runtime.
See https://github.com/googleapis/google-auth-library-java/blob/3a546fb21a747a2d596b24a530391b7aedd1ebc7/oauth2_http/java/com/google/auth/oauth2/DefaultCredentialsProvider.java#L319
return GAE_RUNTIME_VERSION != null
&& (SPECIFICATION_VERSION.equals("1.7") || RUNTIME_JETTY_LOGGER == null);
While it might have been true for GAE Java7 (now completely removed), for the GAE runtimes java8,11 and 17, RUNTIME_JETTY_LOGGER was never null, and customers expect anyway ComputeEngineCredentials, not AppEngineCredentials by default!
But the new GAE environment supporting Java21 GAE, RUNTIME_JETTY_LOGGER is now null, as Jetty12 entirely rewrote their logging logic and doe not define this Jetty internal property.
Currently, App Engine Java21 code had to defined again this property to avoid app regression, but we need to fix this auth-library bug for newer releases so we can avoid doing this ugly workaround for GAE customers. Maybe remove entirely the special case for GAE to avoid regression for existing GAE customers.
Google internal bug is b/328772995
Related temp PR https://github.com/GoogleCloudPlatform/appengine-java-standard/pull/100
