<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
</head>
<body>
<h1 id="summary-val" style="margin: 0px 0px 0px -5px; padding: 2px
30px 2px 5px; font-size: 24px; line-height: 1.25; letter-spacing:
-0.01em; font-weight: 500; text-transform: none; color: rgb(23,
43, 77); z-index: 1; font-family: "DejaVu Sans",
sans-serif; font-style: normal; font-variant-ligatures: normal;
font-variant-caps: normal; orphans: 2; text-align: left;
text-indent: 0px; widows: 2; word-spacing: 0px;
-webkit-text-stroke-width: 0px; white-space: normal;
background-color: rgb(255, 255, 255); text-decoration-thickness:
initial; text-decoration-style: initial; text-decoration-color:
initial;">Release Note: Alternate Subject.getSubject and doAs APIs
Created That Do Not Depend on Security Manager APIs</h1>
<p></p>
<p><a class="moz-txt-link-freetext" href="https://bugs.openjdk.org/browse/JDK-8280491">https://bugs.openjdk.org/browse/JDK-8280491</a></p>
<p>Just wondering about the future implementation plans for these
new API's?</p>
<p>The implementation depends on deprecated for removal API's in
JEP411, so this creates a level of indirection.<br>
</p>
<p>My understanding is developers are supposed to migrate to the new
API, so as not to depend on deprecated API, eg for establishing
TLS connections using Subject credentials.</p>
<p>As it isn't yet clear how a Subject context will be preserved
across threads in future version of OpenJDK, (currently we use the
AccessControlContext for that), for example we capture the
existing context, to establish TLS connections in call back
communications for network event listeners.</p>
<p>So it appears we can change to these methods now, and it will
work using the same methods as we use now, but it isn't clear
whether it will still behave in a compatible way in future. Will
our TLS connections still be able to obtain the authenticated
subject? Will it still work if there are multiple authenticated
Subject threads, from remotely authenticated connections, after
the removal of deprecated API, will there be new API to preserve
an Authenticated subject across threads?</p>
<p>Thanks in adv.<br>
</p>
<pre class="moz-signature" cols="72">--
Regards,
Peter</pre>
</body>
</html>