Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8298967

Deprecate JMX Subject Delegation and the method JMXConnector.getMBeanServerConnection(Subject) for removal.

    XMLWordPrintable

Details

    • CSR
    • Resolution: Approved
    • P4
    • 21
    • core-svc
    • None
    • source, behavioral
    • minimal
    • Hide
      Deprecation tagging only. There is no evidence that Subject Delegation is in use. The deprecation of this feature will have no impact on other JMX features, the JMX agent used for local and remote monitoring, the built-in instrumentation of the Java virtual machine, or tooling that uses JMX.
      Show
      Deprecation tagging only. There is no evidence that Subject Delegation is in use. The deprecation of this feature will have no impact on other JMX features, the JMX agent used for local and remote monitoring, the built-in instrumentation of the Java virtual machine, or tooling that uses JMX.
    • Java API
    • SE

    Description

      Summary

      Deprecate the Java Management Extension (JMX) Subject Delegation feature, which means the method javax.management.remote.JMXConnector.getMBeanServerConnection(javax.security.auth.Subject), for removal in a future release.

      Problem

      Subject Delegation requires a security policy file to grant javax.management.remote.SubjectDelegationPermission, and the implementation relies on deprecated methods such as java.security.AccessController::checkPermission and java.security.AccessControlContext::checkPermission. These are deprecated for removal as part of JEP 411: the Security Manager is already considered a legacy feature and deprecated for removal.

      These deprecated methods will cease to be usable once the Security Manager is further degraded and eventually removed. If methods such as AccessController::checkPermission are degraded before this feature is removed (for example to throw an AccessControlException on any usage), then the SubjectDelegation feature will be unusable before it is removed.

      There is no known usage of this method based on a Maven corpus search.

      The interface javax.management.remote.rmi.RMIConnection contains methods which accept a Subject, to implement Subject Delegation. These methods are commonly called with a null Subject, for the previously authenticated principal to be used. User code does not normally interact with these methods, but when this feature is removed their existing use of SecurityException should be updated.

      Solution

      We will terminally deprecate the feature.

      When this feature is removed in the future, if a client connects to a new server that does not support this feature and request to perform an operation in the remote server with the delegation subject, SecurityException will be thrown per the specification of javax.management.remote.rmi.RMIConnection methods because the delegation subject has no permission to perform the operations.

      SecurityException - if the client, or the delegated Subject if any, does not have permission to perform this operation.

      The @throws SecurityException javadoc can be clarified when this feature is removed and the exception message at that time will make clear that the feature is not supported.

      Specification

      We will terminally deprecate, by annotating with @Deprecated(since="21", forRemoval=true), the method:

      • javax.management.remote.JMXConnector.getMBeanServerConnection(Subject delegationSubject)

      The commonly used no-argument getMBeanServerConnection() method is not affected.

      The API documentation will include the deprecation text:

      This method supported the legacy Subject Delegation feature, and is only useful in conjunction with other APIs which are deprecated and subject to removal in a future release. Consequently, this method is also deprecated and subject to removal. There is no replacement.

      Methods in the interface javax.management.remote.rmi.RMIConnection that take a delegationSubject parameter are not affected, but will throw a SecurityException if a non-null delegation subject is provided once the subject delegation feature is removed.

      Attachments

        Issue Links

          Activity

            People

              kevinw Kevin Walls
              kevinw Kevin Walls
              Daniel Fuchs, Mandy Chung, Roger Riggs
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: