RFR: 8333344: JMX attaching of Subject does not work when security manager not allowed [v13]
Weijun Wang
weijun at openjdk.org
Sun Jun 16 01:57:23 UTC 2024
On Fri, 14 Jun 2024 15:26:54 GMT, Kevin Walls <kevinw at openjdk.org> wrote:
>> JMX uses APIs related to the Security Mananger which are deprecated. Use of AccessControlContext will be removed when Security Manager is removed.
>>
>> Until then, updates are needed to not require setting -Djava.security.manager=allow to use JMX authentication.
>
> Kevin Walls has updated the pull request incrementally with one additional commit since the last revision:
>
> Unnecessary catches to remove
src/java.management/share/classes/javax/management/monitor/Monitor.java line 1542:
> 1540: if (!SharedSecrets.getJavaLangAccess().allowSecurityManager()) {
> 1541: // No SecurityManager permitted:
> 1542: Subject.doAs(s, action); // s is permitted to be null
While `s` is permitted to be null, calling `Subject.doAs(null, action)` actually sets the current subject to null while calling `action`. This is not same as directly calling `action` where the current subject (could be non null) is used.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/19624#discussion_r1641593366
More information about the serviceability-dev
mailing list