On Wed, 27 Oct 2021 14:52:47 GMT, Weijun Wang <wei...@openjdk.org> wrote:

>> New `Subject` APIs `current()` and `callAs()` are created to be replacements 
>> of `getSubject()` and `doAs()` since the latter two methods are now 
>> deprecated for removal.
>> 
>> In this implementation, by default, `current()` returns the same value as 
>> `getSubject(AccessController.getCurrent())` and `callAs()` is implemented 
>> based on `doAs()`. This behavior is subject to change in the future once 
>> `SecurityManager` is removed.
>> 
>> User can experiment a possible future mechanism by setting the system 
>> property `jdk.security.auth.subject.useTL` to `true`, where the `callAs()` 
>> method stores the subject into a `ThreadLocal` object and the `current()` 
>> method returns it (Note: this mechanism does not work with principal-based 
>> permissions).
>> 
>> Inside JDK, we’ve switched from `getSubject()` to `current()` in JGSS and 
>> user can start switching to `callAs()` in their applications. Users can also 
>> switch to `current()` but please note that if you used to call 
>> `getSubject(acc)` in a `doPrivileged` call you might need to try calling 
>> `current()` in a `doPrivilegedWithCombiner` call to see if the 
>> `AccessControlContext` inside the call inherits the subject from the outer 
>> one.
>
> Weijun Wang has updated the pull request incrementally with one additional 
> commit since the last revision:
> 
>   address comments from Sean and Bernd

src/java.base/share/classes/javax/security/auth/Subject.java line 381:

> 379:      * is equivalent to {@code action.call()} and the exception thrown is
> 380:      * modified to match the specification of this method.
> 381:      * If the system property {@code jdk.security.auth.subject.useTL}

I would add a similar sentence before this, like in the `current` method: "This 
preserves compatibility with code that may still be calling {@code 
getSubject(AccessControlContext)} which retrieves the subject from an {@code 
AccessControlContext}."

src/java.base/share/classes/javax/security/auth/Subject.java line 393:

> 391:      *            of {@code action}
> 392:      * @return the value returned by the {@code call} method of {@code 
> action}
> 393:      * @throws NullPointerException if {@code code} is {@code null}

s/code/action/

src/java.base/share/classes/javax/security/auth/Subject.java line 539:

> 537:      *       and subject to removal in a future release. Instead, users 
> can
> 538:      *       call {@link #callAs} to perform the same work, which is 
> based on
> 539:      *       this method by default in this implementation.

Same comment as above.

-------------

PR: https://git.openjdk.java.net/jdk/pull/5024

Reply via email to