Re: jmx-dev RFR: 8296244: Alternate implementation of user-based authorization Subject APIs that doesn’t depend on Security Manager APIs

Tue, 30 Jan 2024 09:10:06 -0800 

On Tue, 30 Jan 2024 13:56:53 GMT, Daniel Fuchs <[email protected]> wrote:

>> This code change adds an alternative implementation of user-based 
>> authorization `Subject` APIs that doesn't depend on Security Manager APIs. 
>> Depending on if the Security Manager is allowed, the methods store the 
>> current subject differently. See the spec change in the `Subject.java` file 
>> for details. When the Security Manager APIs are finally removed in a future 
>> release, this new implementation will be only implementation for these 
>> methods.
>> 
>> One major change in the new implementation is that `Subject.getSubject` 
>> always throws an `UnsupportedOperationException` since it has an 
>> `AccessControlContext` argument but the current subject is no longer 
>> associated with an `AccessControlContext` object.
>> 
>> Now it's the time to migrate from the `getSubject` and `doAs` methods to 
>> `current` and `callAs`. If the user application is simply calling 
>> `getSubject(AccessController.getContext())`, then switching to `current()` 
>> would work. If the `AccessControlContext` argument is retrieved from an 
>> earlier `getContext()` call and the associated subject might be different 
>> from that of the current `AccessControlContext`, then instead of storing the 
>> previous `AccessControlContext` object and passing it into `getSubject` to 
>> get the "previous" subject, the application should store the `current()` 
>> return value directly.
>
> src/java.management/share/classes/com/sun/jmx/remote/security/MBeanServerFileAccessController.java
>  line 307:
> 
>> 305:             AccessController.doPrivileged(new PrivilegedAction<>() {
>> 306:                     public Subject run() {
>> 307:                         return Subject.current();
> 
> Is the `doPrivileged` still needed here? Is there a chance that 
> `Subject.current()` will throw a `SecurityException`, or return a different 
> result if a security manager is present and `doPrivileged` is not used?

When a security manager is set, `current()` still calls `getSubject()` and it 
needs a permission unless it's called inside `doPrivileged`. But, see the 
comment above.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/17472#discussion_r1471585097

Reply via email to