On Mon, 4 Mar 2024 19:51:38 GMT, Weijun Wang <wei...@openjdk.org> wrote:
>> src/java.management/share/classes/com/sun/jmx/remote/security/MBeanServerFileAccessController.java >> line 309: >> >>> 307: final Subject s; >>> 308: if (!SharedSecrets.getJavaLangAccess().allowSecurityManager()) >>> { >>> 309: s = Subject.current(); >> >> We may not want to call `Subject.current()` here, as this may imply that we >> will support this functionality even if an SM is not enabled. > > I was not exactly sure if we will support this functionality. The class name > has `AccessControler` and the method names use `checkAccess`, but they > actually do not always depend on security manager. I think we need @kevinjwalls or @dfuch to help advise on this. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/17472#discussion_r1511721920