JDK-8280491 and JEP411
Peter Firmstone
peter.firmstone at zeus.net.au
Fri Jun 16 02:48:17 UTC 2023
Release Note: Alternate Subject.getSubject and doAs APIs Created That
Do Not Depend on Security Manager APIs
https://bugs.openjdk.org/browse/JDK-8280491
Just wondering about the future implementation plans for these new API's?
The implementation depends on deprecated for removal API's in JEP411, so
this creates a level of indirection.
My understanding is developers are supposed to migrate to the new API,
so as not to depend on deprecated API, eg for establishing TLS
connections using Subject credentials.
As it isn't yet clear how a Subject context will be preserved across
threads in future version of OpenJDK, (currently we use the
AccessControlContext for that), for example we capture the existing
context, to establish TLS connections in call back communications for
network event listeners.
So it appears we can change to these methods now, and it will work using
the same methods as we use now, but it isn't clear whether it will still
behave in a compatible way in future. Will our TLS connections still be
able to obtain the authenticated subject? Will it still work if there
are multiple authenticated Subject threads, from remotely authenticated
connections, after the removal of deprecated API, will there be new API
to preserve an Authenticated subject across threads?
Thanks in adv.
--
Regards,
Peter
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/security-dev/attachments/20230616/60691701/attachment.htm>
More information about the security-dev
mailing list