RFR: 8333344: JMX attaching of Subject does not work when security manager not allowed [v6]

[Kevin Walls]

On Wed, 12 Jun 2024 21:03:17 GMT, Sean Mullan <mullan at openjdk.org> wrote:

>> Kevin Walls has updated the pull request incrementally with one additional commit since the last revision:
>> 
>>    Undo test policy updates
>
> src/java.management.rmi/share/classes/javax/management/remote/rmi/RMIConnectionImpl.java line 1304:
> 
>> 1302:                 // No ACC, therefore no SM. May have a Subject:
>> 1303:                 if (subject != null) {
>> 1304:                     return Subject.doAs(subject, action);
> 
> Is it ever possible for acc to be `null` and `subject` not `null` and an SM to be enabled? Doesn't look like it, but if it ever could be, then the call above to `Subject.doAs` would trigger a permission check for an `AuthPermission("doAs")` permission.
> 
> I think following Weijun's advice above is cleaner and safer, so you do one or the other depending on the allowSM setting, and not whether certain variables are null or not.

Right, the only possible assignment to acc in this file is if we were given a Subject, and SM is permitted.

In future there will be a Subject, which can be null.  While we handle SM, we still use the ACC if RMIConnectionImpl was created with a Subject.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/19624#discussion_r1639610678