RFR: 8344420: Remove Security Manager dependencies from javax.security package

[Sean Mullan]

On Mon, 25 Nov 2024 18:01:08 GMT, Alan Bateman <alanb at openjdk.org> wrote:

>> Now that JEP 486 has been integrated, the `javax.security` package implementation dependencies on `System.getSecurityManager`, `AccessController.doPrivileged` and `AccessControlContext` can be removed.
>> 
>> Most of the changes are straightforward: removal of code calling `System.getSecurityManager()` and unwrapping of code inside `AccessController.doPrivileged`. However, two changes involved slightly more complicated work:
>> 
>> 1. `javax.security.auth.login.Configuration` and `javax.security.auth.login.LoginContext` do not need to capture the caller's access control context anymore.
>> 2. The `SecureSet` implementation in `javax.security.auth.Subject` is greatly simplified because it does not do security checks anymore.
>
> src/java.base/share/classes/javax/security/auth/Subject.java line 1012:
> 
>> 1010:             LinkedList<E> list = elements;
>> 1011:             return new Iterator<>() {
>> 1012:                 ListIterator<E> i = list.listIterator(0);
> 
> Did you mean the remove the final modifier from this field?

I was removing `final` from local variables where I thought it was no longer necessary or did not add much value - this was typically done when using them inside a `doPrivileged` block. I may have gotten a bit too aggressive though. Let me go back and clean this up a bit.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/22368#discussion_r1857157391