JDK-8064331 : JavaSecurityAccess.doIntersectionPrivilege() drops the information about the domain combiner of the stack ACC
  • Type: Bug
  • Component: core-svc
  • Sub-Component: javax.management
  • Affected Version: 6u39
  • Priority: P3
  • Status: Resolved
  • Resolution: Fixed
  • Submitted: 2014-11-07
  • Updated: 2015-11-03
  • Resolved: 2015-02-10
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 6 JDK 7 JDK 8 JDK 9 Other
6u101Fixed 7u85Fixed 8u60Fixed 9 b52Fixed openjdk7uFixed
Related Reports
Relates :  
Description
This issue was reported against the JMX functionality. When a user tries to do the following
```
AccessControlContext acc = AccessController.getContext();
Subject subject = Subject.getSubject(acc);
```
the subject is always null even though it should contain the currently authenticated Subject.

The reason for this is the combination of the facts that JMX is using JavaSecurityAccess.doIntersectionPrivilege(actin, stackACC, savedACC) to invoke a code in the combined access control context and this method just drops the information about the domain combiner of the stack ACC.

In turn, Subject.getSubject(acc) relies on a correct domain container used in the current ACC and fails. 
Comments
There is no Review of this change posted to the serviceability-dev mailing list! Correction: the RFR went also to the security-dev list, which is where the Review was given.
11-02-2015

Review: http://mail.openjdk.java.net/pipermail/serviceability-dev/2015-February/016561.html
02-02-2015