RFR: 8267108: Alternate Subject.getSubject and doAs APIs that do not depend on Security Manager APIs [v2]

Weijun Wang weijun at openjdk.java.net
Mon Oct 25 18:30:11 UTC 2021


On Fri, 22 Oct 2021 22:13:51 GMT, Bernd <duke at openjdk.java.net> wrote:

>> src/java.security.jgss/share/classes/sun/security/jgss/krb5/Krb5Util.java line 107:
>> 
>>> 105:      */
>>> 106:     public static ServiceCreds getServiceCreds(GSSCaller caller,
>>> 107:             String serverPrincipal) throws LoginException {
>> 
>> What would be the new way to pass an authentication context on, passing the subject directly? (In case of Krb5AcceptCredential acc is actually the current one)
>
> What about the Kerberos cipher suite callsite mentioned in the comment? If no longer used, can this be made not Public (and remove the comment)

Yes, it's better to pass the subject directly. Whoever wants their code to continue working after the SecurityManager is completely removed should not use AccessControlContext anymore.

Yes, the JSSE comment is useless now. I thought it was still used by older TLS versions.

-------------

PR: https://git.openjdk.java.net/jdk/pull/5024


More information about the security-dev mailing list