On Wed, 27 Oct 2021 14:52:47 GMT, Weijun Wang <wei...@openjdk.org> wrote:
>> New `Subject` APIs `current()` and `callAs()` are created to be replacements >> of `getSubject()` and `doAs()` since the latter two methods are now >> deprecated for removal. >> >> In this implementation, by default, `current()` returns the same value as >> `getSubject(AccessController.getCurrent())` and `callAs()` is implemented >> based on `doAs()`. This behavior is subject to change in the future once >> `SecurityManager` is removed. >> >> User can experiment a possible future mechanism by setting the system >> property `jdk.security.auth.subject.useTL` to `true`, where the `callAs()` >> method stores the subject into a `ThreadLocal` object and the `current()` >> method returns it (Note: this mechanism does not work with principal-based >> permissions). >> >> Inside JDK, we’ve switched from `getSubject()` to `current()` in JGSS and >> user can start switching to `callAs()` in their applications. Users can also >> switch to `current()` but please note that if you used to call >> `getSubject(acc)` in a `doPrivileged` call you might need to try calling >> `current()` in a `doPrivilegedWithCombiner` call to see if the >> `AccessControlContext` inside the call inherits the subject from the outer >> one. > > Weijun Wang has updated the pull request incrementally with one additional > commit since the last revision: > > address comments from Sean and Bernd src/java.base/share/classes/javax/security/auth/Subject.java line 381: > 379: * is equivalent to {@code action.call()} and the exception thrown is > 380: * modified to match the specification of this method. > 381: * If the system property {@code jdk.security.auth.subject.useTL} I would add a similar sentence before this, like in the `current` method: "This preserves compatibility with code that may still be calling {@code getSubject(AccessControlContext)} which retrieves the subject from an {@code AccessControlContext}." src/java.base/share/classes/javax/security/auth/Subject.java line 393: > 391: * of {@code action} > 392: * @return the value returned by the {@code call} method of {@code > action} > 393: * @throws NullPointerException if {@code code} is {@code null} s/code/action/ src/java.base/share/classes/javax/security/auth/Subject.java line 539: > 537: * and subject to removal in a future release. Instead, users > can > 538: * call {@link #callAs} to perform the same work, which is > based on > 539: * this method by default in this implementation. Same comment as above. ------------- PR: https://git.openjdk.java.net/jdk/pull/5024