RFR: 8333344: JMX attaching of Subject does not work when security manager not allowed
Kevin Walls
kevinw at openjdk.org
Mon Jun 10 14:28:34 UTC 2024
On Mon, 10 Jun 2024 11:28:28 GMT, Kevin Walls <kevinw at openjdk.org> wrote:
> JMX uses APIs related to the Security Mananger which are deprecated. Use of AccessControlContext will be removed when Security Manager is removed.
>
> Until then, updates are needed to not require setting -Djava.security.manager=allow to use JMX authentication.
When SecurityManager is not permitted, which is the default, use the Subject.current() call.
If SM is permitted, due to -Djava.security.manager=allow then the old Subject.getSubject(AccessController.getContext()) call is used.
Tests are updated to not require -Djava.security.manager=allow and will test with and without that setting.
Also additionally update tests to use Subject.current(), but also have a setting to test the old Subject.getSubject(AccessController.getContext()) call with -Djava.security.manager=allow (see ThreadPoolAccTest and test/jdk/javax/management/remote/mandatory/passwordAuthenticator).
-------------
PR Comment: https://git.openjdk.org/jdk/pull/19624#issuecomment-2158515271
More information about the core-libs-dev
mailing list