On Fri, 14 Jun 2024 15:26:54 GMT, Kevin Walls <kev...@openjdk.org> wrote:
>> JMX uses APIs related to the Security Mananger which are deprecated. Use of
>> AccessControlContext will be removed when Security Manager is removed.
>>
>> Until then, updates are needed to not require setting
>> -Djava.security.manager=allow to use JMX authentication.
>
> Kevin Walls has updated the pull request incrementally with one additional
> commit since the last revision:
>
> Unnecessary catches to remove
src/java.management/share/classes/javax/management/monitor/Monitor.java line
1542:
> 1540: if
> (!SharedSecrets.getJavaLangAccess().allowSecurityManager()) {
> 1541: // No SecurityManager permitted:
> 1542: Subject.doAs(s, action); // s is permitted to be null
While `s` is permitted to be null, calling `Subject.doAs(null, action)`
actually sets the current subject to null while calling `action`. This is not
same as directly calling `action` where the current subject (could be non null)
is used.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/19624#discussion_r1641593366
