On Tue, 30 Jan 2024 16:41:28 GMT, Weijun Wang <wei...@openjdk.org> wrote:
>> src/java.management/share/classes/com/sun/jmx/remote/security/MBeanServerFileAccessController.java
>> line 307:
>>
>>> 305: AccessController.doPrivileged(new PrivilegedAction<>() {
>>> 306: public Subject run() {
>>> 307: return Subject.current();
>>
>> Is the `doPrivileged` still needed here? Is there a chance that
>> `Subject.current()` will throw a `SecurityException`, or return a different
>> result if a security manager is present and `doPrivileged` is not used?
>
> When a security manager is set, `current()` still calls `getSubject()` and it
> needs a permission unless it's called inside `doPrivileged`. But, see the
> comment above.
I fixed it in the latest commit. The original code change is simply wrong.
`AccessController.getContext()` would return different ACCs inside and outside
`doPriv`.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/17472#discussion_r1472043888
