Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8267108

Alternate Subject.getSubject and doAs APIs that do not depend on Security Manager APIs



    • Enhancement
    • Status: Resolved
    • P3
    • Resolution: Fixed
    • None
    • 18
    • security-libs


      Subject.getSubject(AccessControlContext acc) retrieves a Subject associated with an AccessControlContext object (in its SubjectDomainCombiner) which was created earlier when one of the overloaded Subject.doAs() methods was called.

      While an AccessControlContext object is used here, this is actually not related to access control. The AccessControlContext object and the SubjectDomainCombiner object inside it are mainly used as a placeholder to store a Subject object (when doAs is called) that can be loaded later by the application code (the doAs method's action argument).

      This is the base of JAAS and we should continue to support this mechanism even after the Security Manager is deprecated for removal where both AccessControlContext and SubjectDomainCombiner will not exist. A new method is needed to retrieve the subject associated with the current running context.

      Similarly, Subject::doAs can be used as a mechanism to transport credentials across API boundaries by attaching them to the thread’s AccessControlContext, serving a purpose similar to a ThreadLocal. These credentials can be used for purposes other than code-based access control without enabling the Security Manager. However, they depend on APIs tightly related to the Security Manager, such as AccessController and DomainCombiner.

      We should also continue to support this important use case if the Security Manager is deprecated for removal. Decoupling this behavior from the Security Manager APIs and defining new APIs seems like the best way forward.


        Issue Links



              weijun Weijun Wang
              weijun Weijun Wang
              0 Vote for this issue
              4 Start watching this issue