RFR: 8267108: Alternate Subject.getSubject and doAs APIs that do not depend on Security Manager APIs [v2]
Weijun Wang
weijun at openjdk.java.net
Wed Oct 27 14:40:17 UTC 2021
On Wed, 27 Oct 2021 13:49:18 GMT, Sean Mullan <mullan at openjdk.org> wrote:
>> src/java.base/share/classes/javax/security/auth/Subject.java line 296:
>>
>>> 294: * which is equivalent to
>>> 295: * {@code Subject.getSubject(AccessController.getContext())}
>>> 296: * by default in this implementation.
>>
>> I don't think you need the words "by default".
>
> I suggest changing the last sentence to two sentences: "However, obtaining a Subject is useful independent of the Security Manager. Thus, a replacement API named {@link #current()} has been added which can be used to obtain the current subject."
>
> I don't think you need to describe the default implementation here because it is hard to explain that succinctly -- just keep that info in `current`.
OK.
-------------
PR: https://git.openjdk.java.net/jdk/pull/5024
More information about the security-dev
mailing list