On Tue, 5 Mar 2024 19:56:58 GMT, Weijun Wang <wei...@openjdk.org> wrote:
>> This code change adds an alternative implementation of user-based >> authorization `Subject` APIs that doesn't depend on Security Manager APIs. >> Depending on if the Security Manager is allowed, the methods store the >> current subject differently. See the spec change in the `Subject.java` file >> for details. When the Security Manager APIs are finally removed in a future >> release, this new implementation will be only implementation for these >> methods. >> >> One major change in the new implementation is that `Subject.getSubject` >> always throws an `UnsupportedOperationException` since it has an >> `AccessControlContext` argument but the current subject is no longer >> associated with an `AccessControlContext` object. >> >> Now it's the time to migrate from the `getSubject` and `doAs` methods to >> `current` and `callAs`. If the user application is simply calling >> `getSubject(AccessController.getContext())`, then switching to `current()` >> would work. If the `AccessControlContext` argument is retrieved from an >> earlier `getContext()` call and the associated subject might be different >> from that of the current `AccessControlContext`, then instead of storing the >> previous `AccessControlContext` object and passing it into `getSubject` to >> get the "previous" subject, the application should store the `current()` >> return value directly. > > Weijun Wang has updated the pull request incrementally with one additional > commit since the last revision: > > revert changes to MBeanServerFileAccessController.java test/jdk/javax/security/auth/Subject/CallAsWithScopedValue.java line 29: > 27: * @enablePreview > 28: * @summary Implement Subject.current and Subject.callAs using scoped > values. > 29: * Need @enablePreview to use StructuredTaskScope. jtreg throws a `ParseException` because I think it tries to interpret it as an `@enablePreview` action. Suggest enclosing it in double quotes. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/17472#discussion_r1523838888
