reta commented on PR #1972: URL: https://github.com/apache/cxf/pull/1972#issuecomment-2488550074
> Even before upgrading the baseline, we could perhaps avoid calling `Subject.getSubject(AccessController.getContext())` if the current Java Runtime is 18+ and `System.getSecurityManager()` returns null. That might be faster. WDYT? My apologies @ppalaga , took me a bit more time to look into it. AFAIK, there is no relation between `System.getSecurityManager()` returning `null` and `Subject.getSubject(AccessController.getContext())` . The only setting that matters is `-Djava.security.manager=allow` which is sadly is hidden inside `System::allowSecurityManager()` class, having access to it would have been helpful to not call `Subject.getSubject()` at all. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@cxf.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
