Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8267108

Alternate Subject.getSubject API that does not depend on Security Manager APIs

    XMLWordPrintable

    Details

    • Type: Enhancement
    • Status: Open
    • Priority: P3
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: 18
    • Component/s: security-libs
    • Labels:
      None

      Description

      Subject.getSubject(AccessControlContext acc) retrieves a Subject associated with an AccessControlContext object (in its SubjectDomainCombiner) which was created earlier when one of the overloaded Subject.doAs() methods was called.

      While an AccessControlContext object is used here, this is actually not related to access control. The AccessControlContext object and the SubjectDomainCombiner object inside it are mainly used as a placeholder to store a Subject object (when doAs is called) that can be loaded later by the application code (the doAs method's action argument).

      This is the base of JAAS and we should continue to support this mechanism even after the Security Manager is deprecated for removal where both AccessControlContext and SubjectDomainCombiner will not exist. A new method is needed to retrieve the subject associated with the current running context.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              weijun Weijun Wang
              Reporter:
              weijun Weijun Wang
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated: