On Mon, 25 Oct 2021 20:02:14 GMT, Bernd <d...@openjdk.java.net> wrote:
>> Oh, it's needed. Otherwise the `AccessController.getContext()` call (which >> is inside `current()`) will also be called in a clean privileged context and >> there is no subject associated with it. >> >> On the other hand, it still needs to in some sort of doPriv. I don't want to >> ignore `AuthPermission("getSubject")`. > > Hm yes i see why „withacombiner“ would be needed, just not sure why > doPriveledged() is needed (especially since current() does it as well). But I > admit i don’t see through that part, so ignore me if I don’t make sense. Application code calling `Krb5Context::initSecContext` does not require a `AuthPermission("getSubject")` because `getSubject` was called in a doPriv. After switching to `current`, it still does not require this permission if we call the new method in a doPrivWithCombiner. ------------- PR: https://git.openjdk.java.net/jdk/pull/5024