-
Sub-task
-
Resolution: Delivered
-
P3
-
23
The terminally deprecated method `Subject.getSubject(AccessControlContext)` has been respecified to throw `UnsupportedOperationException` if invoked when a Security Manager is not allowed.
When the Security Manager is removed in a future release, the `Subject.getSubject(AccessControlContext)` method will be degraded further to throw `UnsupportedOperationException` unconditionally.
Maintainers of code using `Subject.doAs` and `Subject.getSubject` are strongly encouraged to migrate this code to the replacement APIs, `Subject.callAs` and `Subject.current`, as soon as possible. The `jdeprscan` tool can be used to scan the class path for usages of deprecated APIs and may be useful to find usage of these two methods.
The temporary workaround in this release to keep older code working is to run with `-Djava.security.manager=allow` to allow a Security Manager to be set. The `Subject.getSubject` method does not depend on a Security Manager but requires the feature be "allowed" due to the `AccessControlContext` parameter.
As background, the changes in this release are to help applications prepare for the eventual removal of the Security Manager. For this release, subject authorization and the `Subject` APIs behave differently depending on whether a Security Manager is allowed or not:
- If a Security Manager is allowed, meaning the system property `java.security.manager` is set on the command line to the empty string, a class name, or the value "allow", then there is no behavior change when compared to previous releases.
- If a Security Manager is not allowed, the system property `java.security.manager` is not set on the command line or has been set on the command line to the value "disallow", then the `doAs` or `callAs` methods invoke an action with a `Subject` as the current subject for the bounded period execution of the action. The Subject can be obtained using the `Subject.current` method when invoked by code executed by the action. The `Subject.getSubject` method cannot obtain the Subject as that method will throw `UnsupportedOperationException`. The Subject is not inherited automatically when creating or starting new threads with the `Thread` API. The Subject is inherited by child threads when using [Structured Concurrency](https://openjdk.org/jeps/462).
As noted above, maintainers of code using `Subject.doAs` and `Subject.getSubject` are strongly encouraged to migrate the code to `Subject.callAs` and `Subject.current` as soon as possible.
Code that stores a Subject in an `AccessControlContext` and invokes `AccessController.doPrivileged` with that context should also be migrated as soon as possible as this code will cease to work when the Security Manager is removed.
Maintainers of code that uses the `Subject` API should also audit their code for any cases where it may depend on inheritance of the current Subject into newly created threads. This code should be modified to pass the Subject to the newly created thread or modified to make use of structured concurrency.
When the Security Manager is removed in a future release, the `Subject.getSubject(AccessControlContext)` method will be degraded further to throw `UnsupportedOperationException` unconditionally.
Maintainers of code using `Subject.doAs` and `Subject.getSubject` are strongly encouraged to migrate this code to the replacement APIs, `Subject.callAs` and `Subject.current`, as soon as possible. The `jdeprscan` tool can be used to scan the class path for usages of deprecated APIs and may be useful to find usage of these two methods.
The temporary workaround in this release to keep older code working is to run with `-Djava.security.manager=allow` to allow a Security Manager to be set. The `Subject.getSubject` method does not depend on a Security Manager but requires the feature be "allowed" due to the `AccessControlContext` parameter.
As background, the changes in this release are to help applications prepare for the eventual removal of the Security Manager. For this release, subject authorization and the `Subject` APIs behave differently depending on whether a Security Manager is allowed or not:
- If a Security Manager is allowed, meaning the system property `java.security.manager` is set on the command line to the empty string, a class name, or the value "allow", then there is no behavior change when compared to previous releases.
- If a Security Manager is not allowed, the system property `java.security.manager` is not set on the command line or has been set on the command line to the value "disallow", then the `doAs` or `callAs` methods invoke an action with a `Subject` as the current subject for the bounded period execution of the action. The Subject can be obtained using the `Subject.current` method when invoked by code executed by the action. The `Subject.getSubject` method cannot obtain the Subject as that method will throw `UnsupportedOperationException`. The Subject is not inherited automatically when creating or starting new threads with the `Thread` API. The Subject is inherited by child threads when using [Structured Concurrency](https://openjdk.org/jeps/462).
As noted above, maintainers of code using `Subject.doAs` and `Subject.getSubject` are strongly encouraged to migrate the code to `Subject.callAs` and `Subject.current` as soon as possible.
Code that stores a Subject in an `AccessControlContext` and invokes `AccessController.doPrivileged` with that context should also be migrated as soon as possible as this code will cease to work when the Security Manager is removed.
Maintainers of code that uses the `Subject` API should also audit their code for any cases where it may depend on inheritance of the current Subject into newly created threads. This code should be modified to pass the Subject to the newly created thread or modified to make use of structured concurrency.