On Tue, 5 Mar 2024 11:36:53 GMT, Kevin Walls <kev...@openjdk.org> wrote:
>> I think we need @kevinjwalls or @dfuch to help advise on this. > > Right, this does not depend on the SM. All we need to do is get the Subject. > This method implements the basic monitor (readonly) and control (readwrite) > access. > accessMap maps identity String to Access, and the checkAccess() method here > will check the Subject by using of its Principal names as keys in that map. Do you know where the subject is set? If it's set by a `doAs` call then it will co-operate with `current()` no matter if SM is allowed. I tried to search in the whole module and cannot find a `doAs` call. If it is also through `SubjectDomainCombiner` then it only works with SM. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/17472#discussion_r1512951092