Re: RFR: 8296244: Alternate implementation of user-based authorization Subject APIs that doesn’t depend on Security Manager APIs [v3]
Peter Firmstone
peter.firmstone at zeus.net.au
Thu Mar 7 12:35:13 UTC 2024
Good Evening,
Just noticed the comment below, this is a breaking change.
Recalling earlier discussions on this list about the removal of the
existing Authorization API post JEP411, it was going to be assigned
another overarching JEP.
Can we have the entire API destructed in one swift action? That is, all
API marked for removal under JEP411 should now throw
UnsupportedOperationException? Keeping the API around as unsupported
operation would also allow us to maintain a fork where the API remains
functional, without breaking compile time compatibility with Java, while
we figure out how to migrate our software over the longer term.
Thank you for retaining Java's Authorization API in Java 21 LTS.
Regards,
Peter.
>>> One major change in the new implementation is that `Subject.getSubject` always throws an `UnsupportedOperationException` since it has an `AccessControlContext` argument but the current subject is no longer associated with an `AccessControlContext` object.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/security-dev/attachments/20240307/570d169d/attachment.htm>
More information about the security-dev
mailing list