[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openjdk-serviceability-dev
Subject:    Re: RFR: 8296244: Alternate implementation of user-based authorization Subject APIs that =?UTF-8?B?Z
From:       Weijun Wang <weijun () openjdk ! org>
Date:       2024-01-30 22:36:47
Message-ID: QRKZc0wq2LKmqFG9rnq3h92fu3Y-u-78gYcsAlnxm2M=.436b9a55-bb43-4026-84ab-c9c3ae35e1f9 () github ! com
[Download RAW message or body]

On Tue, 30 Jan 2024 16:41:28 GMT, Weijun Wang <weijun@openjdk.org> wrote:

> > src/java.management/share/classes/com/sun/jmx/remote/security/MBeanServerFileAccessController.java \
> > line 307: 
> > > 305:             AccessController.doPrivileged(new PrivilegedAction<>() {
> > > 306:                     public Subject run() {
> > > 307:                         return Subject.current();
> > 
> > Is the `doPrivileged` still needed here? Is there a chance that \
> > `Subject.current()` will throw a `SecurityException`, or return a different \
> > result if a security manager is present and `doPrivileged` is not used?
> 
> When a security manager is set, `current()` still calls `getSubject()` and it needs \
> a permission unless it's called inside `doPrivileged`. But, see the comment above.

I fixed it in the latest commit. The original code change is simply wrong. \
`AccessController.getContext()` would return different ACCs inside and outside \
`doPriv`.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/17472#discussion_r1472043888


[prev in list] [next in list] [prev in thread] [next in thread]