On Tue, 11 Jun 2024 20:58:54 GMT, Sean Mullan <mul...@openjdk.org> wrote:
>> src/java.management.rmi/share/classes/javax/management/remote/rmi/RMIConnectionImpl.java >> line 1436: >> >>> 1434: } else { >>> 1435: // ACC is present, we have a Subject and SM is >>> permitted: >>> 1436: return >>> AccessController.doPrivileged((PrivilegedExceptionAction<Object>) () -> >>> Subject.doAs(subject, op), acc); >> >> Why is it necessary to call both `doAs` and `doPrivileged`? > > Can you just call `AccessController.doPrivileged(op, acc)` as in the original > code? `Subject.doAs` requires a permission, which is why I assume you are > wrapping it in a `doPrivileged` but you are asserting all of the permissions > of the `java.management` module, which means you probably want to use limited > doPriv and only assert the `getSubject` permission but that is getting > complicated. I'd go back to the original call as it should work in the SM > allow case. Yes, this can be simpler, thanks. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/19624#discussion_r1636417433