On Thu, 5 Aug 2021 20:10:44 GMT, Weijun Wang <wei...@openjdk.org> wrote:
> New `Subject` APIs `current()` and `callAs()` are created to be replacements > of `getSubject()` and `doAs()` since the latter two methods are now > deprecated for removal. > > In this implementation, by default, `current()` returns the same value as > `getSubject(AccessController.getCurrent())` and `callAs()` is implemented > based on `doAs()`. This behavior is subject to change in the future once > `SecurityManager` is removed. > > User can experiment a possible future mechanism by setting the system > property `jdk.security.auth.subject.useTL` to `true`, where the `callAs()` > method stores the subject into a `ThreadLocal` object and the `current()` > method returns it (Note: this mechanism does not work with principal-based > permissions). > > Inside JDK, we’ve switched from `getSubject()` to `current()` in JGSS and > user can start switching to `callAs()` in their applications. Users can also > switch to `current()` but please note that if you used to call > `getSubject(acc)` in a `doPrivileged` call you might need to try calling > `current()` in a `doPrivilegedWithCombiner` call to see if the > `AccessControlContext` inside the call inherits the subject from the outer > one. test/jdk/javax/security/auth/Subject/FromACC.java line 9: > 7: * published by the Free Software Foundation. Oracle designates this > 8: * particular file as subject to the "Classpath" exception as provided > 9: * by Oracle in the LICENSE file that accompanied this code. Oops, no Classpath exception for this test. ------------- PR: https://git.openjdk.java.net/jdk/pull/5024