-
Bug
-
Resolution: Fixed
-
P4
-
24
-
b15
The method description of com.sun.security.jgss.GSSUtil.createSubject says:
"Typically this would be done by a server that wants to impersonate a client thread at the Java level by setting a client Subject in the current access control context. If the server is merely interested in using a principal based policy in its local JVM, then it only needs to provide the GSSName of the client."
This text should be updated to remove/replace "access control context" and "principal based policy" as those mechanisms are non-functional/removed as of JDK 24 with JEP 486 (Permanently Disable the Security Manager).
"Typically this would be done by a server that wants to impersonate a client thread at the Java level by setting a client Subject in the current access control context. If the server is merely interested in using a principal based policy in its local JVM, then it only needs to provide the GSSName of the client."
This text should be updated to remove/replace "access control context" and "principal based policy" as those mechanisms are non-functional/removed as of JDK 24 with JEP 486 (Permanently Disable the Security Manager).
- csr for
-
JDK-8351590 GSSUtil.createSubject has outdated access control context and policy related text
-
- Closed
-
- links to
-
Commit(master) openjdk/jdk/82eb7806
-
Review(master) openjdk/jdk/23970