RFR: 8333344: JMX attaching of Subject does not work when security manager not allowed [v4]
Daniel Fuchs
dfuchs at openjdk.org
Wed Jun 12 14:26:14 UTC 2024
On Wed, 12 Jun 2024 14:01:40 GMT, Kevin Walls <kevinw at openjdk.org> wrote:
>> JMX uses APIs related to the Security Mananger which are deprecated. Use of AccessControlContext will be removed when Security Manager is removed.
>>
>> Until then, updates are needed to not require setting -Djava.security.manager=allow to use JMX authentication.
>
> Kevin Walls has updated the pull request incrementally with one additional commit since the last revision:
>
> udpates
test/jdk/javax/management/remote/mandatory/notif/policy.negative line 7:
> 5: permission javax.management.MBeanPermission "[domain:type=NB,name=2]", "addNotificationListener";
> 6: permission javax.management.MBeanPermission "*", "removeNotificationListener";
> 7: permission javax.security.auth.AuthPermission "doAs";
I suspect that this means a doPrivileged is missing somewhere. We should not require the application to posess new permissions.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/19624#discussion_r1636573141
More information about the core-libs-dev
mailing list