On Thu, 5 Aug 2021 20:10:44 GMT, Weijun Wang <wei...@openjdk.org> wrote:

> New `Subject` APIs `current()` and `callAs()` are created to be replacements 
> of `getSubject()` and `doAs()` since the latter two methods are now 
> deprecated for removal.
> 
> In this implementation, by default, `current()` returns the same value as 
> `getSubject(AccessController.getCurrent())` and `callAs()` is implemented 
> based on `doAs()`. This behavior is subject to change in the future once 
> `SecurityManager` is removed.
> 
> User can experiment a possible future mechanism by setting the system 
> property `jdk.security.auth.subject.useTL` to `true`, where the `callAs()` 
> method stores the subject into a `ThreadLocal` object and the `current()` 
> method returns it (Note: this mechanism does not work with principal-based 
> permissions).
> 
> Inside JDK, we’ve switched from `getSubject()` to `current()` in JGSS and 
> user can start switching to `callAs()` in their applications. Users can also 
> switch to `current()` but please note that if you used to call 
> `getSubject(acc)` in a `doPrivileged` call you might need to try calling 
> `current()` in a `doPrivilegedWithCombiner` call to see if the 
> `AccessControlContext` inside the call inherits the subject from the outer 
> one.

This pull request has now been integrated.

Changeset: a5c160c7
Author:    Weijun Wang <wei...@openjdk.org>
URL:       
https://git.openjdk.java.net/jdk/commit/a5c160c711a3f66db18c75973f4efdea63332863
Stats:     665 lines in 20 files changed: 449 ins; 96 del; 120 mod

8267108: Alternate Subject.getSubject and doAs APIs that do not depend on 
Security Manager APIs

Reviewed-by: mullan

-------------

PR: https://git.openjdk.java.net/jdk/pull/5024

Reply via email to