On Mon, 25 Oct 2021 20:02:14 GMT, Bernd <[email protected]> wrote:
>> Oh, it's needed. Otherwise the `AccessController.getContext()` call (which
>> is inside `current()`) will also be called in a clean privileged context and
>> there is no subject associated with it.
>>
>> On the other hand, it still needs to in some sort of doPriv. I don't want to
>> ignore `AuthPermission("getSubject")`.
>
> Hm yes i see why „withacombiner“ would be needed, just not sure why
> doPriveledged() is needed (especially since current() does it as well). But I
> admit i don’t see through that part, so ignore me if I don’t make sense.
Application code calling `Krb5Context::initSecContext` does not require a
`AuthPermission("getSubject")` because `getSubject` was called in a doPriv.
After switching to `current`, it still does not require this permission if we
call the new method in a doPrivWithCombiner.
-------------
PR: https://git.openjdk.java.net/jdk/pull/5024
