RFR: 8296244: Alternate implementation of user-based authorization Subject APIs that doesn’t depend on Security Manager APIs [v3]

[Kevin Walls]

On Tue, 5 Mar 2024 14:44:29 GMT, Weijun Wang <weijun at openjdk.org> wrote:

>> Right, this does not depend on the SM.   All we need to do is get the Subject.
>> This method implements the basic monitor (readonly) and control (readwrite) access.
>> accessMap maps identity String to Access, and the checkAccess() method here will check the Subject by using of its Principal names as keys in that map.
>
> Do you know where the subject is set? If it's set by a `doAs` call then it will co-operate with `current()` no matter if SM is allowed. I tried to search in the whole module and cannot find a `doAs` call. If it is also through `SubjectDomainCombiner` then it only works with SM.

Subject is stored in the RMIConnectionImpl: src/java.management.rmi/share/classes/javax/management/remote/rmi/RMIConnectionImpl.java

(That is complicated by SubjectDelegation, which we deprecated for removal.  I have the PR out to remove it:
https://github.com/openjdk/jdk/pull/18025 )

makeClient in RMIJRMPServerImpl creates RMIConnectionImpl

..and RMIServerImpl.java has a doNewClient method calling that.  This is what takes a Credentials Object and deals withJMXAuthenticator to get an authenticated Subject.  None of this requires the SM.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/17472#discussion_r1513164360