Hi Konrad, On Wed, 2024-07-24 at 14:26 +0200, Konrad Windszus wrote: > Hi, > > Carsten mentioned this topic in the Felix Dev mailing list but Sling > is affected as well: > https://lists.apache.org/thread/37ll81kn39fd60jw9p3jz4dwy0z4w4hh > > Particularly the module > https://github.com/apache/sling-org-apache-sling-jcr-oak-server suffe > rs from deprecations, as it uses javax.security.auth.Subject which > has been modified and partially deprecated in Java 17/21 > (https://docs.oracle.com/en/java/javase/21/docs/api/java.base/javax/s > ecurity/auth/Subject.html). > The replacement > https://docs.oracle.com/en/java/javase/21/docs/api/java.base/javax/security/auth/Subject.html#callAs(javax.security.auth.Subject,java.util.concurrent.Callable) > is only available since Java 18 though… > > Any suggestion how and when to tackle this?
I skimmed the code and it's not entirely clear to me why we need to use Subject.doAsPrivileged. Is this because the Oak code we are calling needs to understand who the caller is and expects that information in a Subject? Thanks, Robert
