JEP 411: Documentation on the new way to establish TLS connections
Peter Firmstone
peter.firmstone at zeus.net.au
Fri Jun 4 04:22:14 UTC 2021
Could someone please advise the recommended way now to preserve the
Subject in Executors to establish a TLS connection?
I am unable to find the documentation.
We use Executors and we preserve the calling Subject across them, to use
for authentication our TLS endpoints.
This is now deprecated in Java 17, because it uses AccessController and
AccessControlContext methods.
I would like to do this in a way that's not deprecated?
Just wondering if anyone has any suggestions?
Ron mentioned on Reddit this morning that there are no new API's being
developed.
https://bugs.openjdk.java.net/browse/JDK-8267108
Is the assumption that the JDK will be a single user process, so the
subject just needs to be stored in a Static variable and accessed from
there instead?
Just wondering what the use case scenario is?
This really sux for us, because we authenticate TLS connections, then we
run the users with their calling Subjects.
Thank you.
https://github.com/pfirmstone/JGDMS/blob/trunk/JGDMS/jgdms-jeri/src/main/java/net/jini/jeri/ssl/FilterX509TrustManager.java
<https://github.com/pfirmstone/JGDMS/blob/trunk/JGDMS/jgdms-jeri/src/main/java/net/jini/jeri/ssl/FilterX509TrustManager.java>
https://github.com/pfirmstone/JGDMS/blob/trunk/JGDMS/jgdms-jeri/src/main/java/net/jini/jeri/ssl/SubjectCredentials.java
<https://github.com/pfirmstone/JGDMS/blob/trunk/JGDMS/jgdms-jeri/src/main/java/net/jini/jeri/ssl/SubjectCredentials.java>
I'm kinda getting the feeling that I'm no longer welcome here.
I recognize that I'm pushing back, and people don't like that, however
I'm doing so because I am impacted by the recent decision, I can assure
you I have no personal grudges against anyone.
I'm not looking for assurances that that isn't the case, I just want
some guidance, I think our whole code base and how we use Java, just bit
the dust.
--
Regards,
Peter.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/security-dev/attachments/20210604/b597fee8/attachment.htm>
More information about the security-dev
mailing list