RFR: 8333344: JMX attaching of Subject does not work when security manager not allowed [v3]
Kevin Walls
kevinw at openjdk.org
Wed Jun 12 12:59:14 UTC 2024
On Tue, 11 Jun 2024 20:58:54 GMT, Sean Mullan <mullan at openjdk.org> wrote:
>> src/java.management.rmi/share/classes/javax/management/remote/rmi/RMIConnectionImpl.java line 1436:
>>
>>> 1434: } else {
>>> 1435: // ACC is present, we have a Subject and SM is permitted:
>>> 1436: return AccessController.doPrivileged((PrivilegedExceptionAction<Object>) () -> Subject.doAs(subject, op), acc);
>>
>> Why is it necessary to call both `doAs` and `doPrivileged`?
>
> Can you just call `AccessController.doPrivileged(op, acc)` as in the original code? `Subject.doAs` requires a permission, which is why I assume you are wrapping it in a `doPrivileged` but you are asserting all of the permissions of the `java.management` module, which means you probably want to use limited doPriv and only assert the `getSubject` permission but that is getting complicated. I'd go back to the original call as it should work in the SM allow case.
Yes, this can be simpler, thanks.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/19624#discussion_r1636417433
More information about the serviceability-dev
mailing list