RFR: 8296244: Alternate implementation of user-based authorization Subject APIs that doesn’t depend on Security Manager APIs [v3]
Kevin Walls
kevinw at openjdk.org
Tue Mar 5 11:39:48 UTC 2024
On Mon, 4 Mar 2024 19:57:25 GMT, Sean Mullan <mullan at openjdk.org> wrote:
>> I was not exactly sure if we will support this functionality when there is no SM. The class name has `AccessControler` and the method names use `checkAccess`, but they actually do not always depend on security manager.
>
> I think we need @kevinjwalls or @dfuch to help advise on this.
Right, this does not depend on the SM. All we need to do is get the Subject.
This method implements the basic monitor (readonly) and control (readwrite) access.
accessMap maps identity String to Access, and the checkAccess() method here will check the Subject by using of its Principal names as keys in that map.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/17472#discussion_r1512676642
More information about the serviceability-dev
mailing list