> This code change adds an alternative implementation of user-based > authorization `Subject` APIs that doesn't depend on Security Manager APIs. > Depending on if the Security Manager is allowed, the methods store the > current subject differently. See the spec change in the `Subject.java` file > for details. When the Security Manager APIs are finally removed in a future > release, this new implementation will be only implementation for these > methods. > > One major change in the new implementation is that `Subject.getSubject` > always throws an `UnsupportedOperationException` since it has an > `AccessControlContext` argument but the current subject is no longer > associated with an `AccessControlContext` object. > > Now it's the time to migrate from the `getSubject` and `doAs` methods to > `current` and `callAs`. If the user application is simply calling > `getSubject(AccessController.getContext())`, then switching to `current()` > would work. If the `AccessControlContext` argument is retrieved from an > earlier `getContext()` call and the associated subject might be different > from that of the current `AccessControlContext`, then instead of storing the > previous `AccessControlContext` object and passing it into `getSubject` to > get the "previous" subject, the application should store the `current()` > return value directly.
Weijun Wang has updated the pull request incrementally with one additional commit since the last revision: fix MBeanServerFileAccessController, more test in SM ------------- Changes: - all: https://git.openjdk.org/jdk/pull/17472/files - new: https://git.openjdk.org/jdk/pull/17472/files/a16472fb..8f270d09 Webrevs: - full: https://webrevs.openjdk.org/?repo=jdk&pr=17472&range=02 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=17472&range=01-02 Stats: 18 lines in 2 files changed: 8 ins; 0 del; 10 mod Patch: https://git.openjdk.org/jdk/pull/17472.diff Fetch: git fetch https://git.openjdk.org/jdk.git pull/17472/head:pull/17472 PR: https://git.openjdk.org/jdk/pull/17472
