RFR: 8333344: JMX attaching of Subject does not work when security manager not allowed
Kevin Walls
kevinw at openjdk.org
Mon Jun 10 15:37:14 UTC 2024
On Mon, 10 Jun 2024 14:28:25 GMT, Alan Bateman <alanb at openjdk.org> wrote:
>> JMX uses APIs related to the Security Mananger which are deprecated. Use of AccessControlContext will be removed when Security Manager is removed.
>>
>> Until then, updates are needed to not require setting -Djava.security.manager=allow to use JMX authentication.
>
> src/java.management.rmi/share/classes/javax/management/remote/rmi/RMIConnectionImpl.java line 1634:
>
>> 1632: } else {
>> 1633: // We have ACC therefore SM is permitted, and Subject must be non-null:
>> 1634: return Subject.doAs(subject, (PrivilegedExceptionAction<T>) () -> AccessController.doPrivileged((PrivilegedExceptionAction<T>) () -> wrappedClass.cast(mo.get()), acc));
>
> This is not readable. If you create the PAEs explicitly then the casts will go away and it will be much easier to read.
Yes will simplify this!
This style was actually from the idea of moving to Subject.callAs, and nesting calls to keep the doPrivileged, but I don't think it will be necessary.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/19624#discussion_r1633455244
More information about the serviceability-dev
mailing list