RFR: 8344420: Remove Security Manager dependencies from javax.security package
Sean Mullan
mullan at openjdk.org
Mon Nov 25 17:45:49 UTC 2024
Now that JEP 486 has been integrated, the `javax.security` package implementation dependencies on `System.getSecurityManager`, `AccessController.doPrivileged` and `AccessControlContext` can be removed.
Most of the changes are straightforward: removal of code calling `System.getSecurityManager()` and unwrapping of code inside `AccessController.doPrivileged`. However, two changes involved slightly more complicated work:
1. `javax.security.auth.login.Configuration` and `javax.security.auth.login.LoginContext` do not need to capture the caller's access control context anymore.
2. The `SecureSet` implementation in `javax.security.auth.Subject` is greatly simplified because it does not do security checks anymore.
-------------
Commit messages:
- More cleanup.
- Merge
- Initial cleanup.
Changes: https://git.openjdk.org/jdk/pull/22368/files
Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=22368&range=00
Issue: https://bugs.openjdk.org/browse/JDK-8344420
Stats: 608 lines in 10 files changed: 1 ins; 514 del; 93 mod
Patch: https://git.openjdk.org/jdk/pull/22368.diff
Fetch: git fetch https://git.openjdk.org/jdk.git pull/22368/head:pull/22368
PR: https://git.openjdk.org/jdk/pull/22368
More information about the security-dev
mailing list