Bug ID: JDK-8267108 Alternate Subject.getSubject and doAs APIs that do not depend on Security Manager APIs

Versions (Unresolved/Resolved/Fixed)

The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.

JDK 18
18 b24Fixed

Subject.getSubject(AccessControlContext acc) retrieves a Subject associated with an AccessControlContext object (in its SubjectDomainCombiner) which was created earlier when one of the overloaded Subject.doAs() methods was called.

While an AccessControlContext object is used here, this is actually not related to access control. The AccessControlContext object and the SubjectDomainCombiner object inside it are mainly used as a placeholder to store a Subject object (when doAs is called) that can be loaded later by the application code (the doAs method's action argument).

This is the base of JAAS and we should continue to support this mechanism even after the Security Manager is deprecated for removal where both AccessControlContext and SubjectDomainCombiner will not exist. A new method is needed to retrieve the subject associated with the current running context.

Similarly, Subject::doAs can be used as a mechanism to transport credentials across API boundaries by attaching them to the thread’s AccessControlContext, serving a purpose similar to a ThreadLocal. These credentials can be used for purposes other than code-based access control without enabling the Security Manager. However, they depend on APIs tightly related to the Security Manager, such as AccessController and DomainCombiner.

We should also continue to support this important use case if the Security Manager is deprecated for removal. Decoupling this behavior from the Security Manager APIs and defining new APIs seems like the best way forward.

Changeset: a5c160c7 Author: Weijun Wang <weijun@openjdk.org> Date: 2021-11-10 19:35:17 +0000 URL: https://git.openjdk.java.net/jdk/commit/a5c160c711a3f66db18c75973f4efdea63332863

10-11-2021

Suggested fix: /** * Return the current associated {@code Subject}. * <p> * The current associated {@code Subject} (CAS) is set and reset by one of * the {@code doAs} methods. When {@code doAs(subject, action)} is called, * {@code action} is executed with {@code subject} as its CAS. After * {@code action} is finished, the CAS is reset to its previous value. * The CAS is {@code null} before any {@code doAs} is called. * <p> * When a new thread is created, its CAS is the same as the one * of its creator, and will not change even if the caller's CAS * is reset. * * @implNote * This implementation returns the same value as * {@code getSubject(AccessController.getContext())}. * * @return the CAS, or {@code null} if none was set. * @since 17 */ public static Subject current() { return getSubject(AccessController.getContext()); }

13-05-2021

CSR :	JDK-8275529 - Alternate Subject.getSubject and doAs APIs that do not depend on Security Manager APIs
Duplicate :	JDK-8266592 - Alternate Subject.doAs APIs that don't depend on Security Manager APIs
Relates :	JDK-8296244 - Alternate implementation of user-based authorization Subject APIs that doesn’t depend on Security Manager APIs
Relates :	JDK-8266592 - Alternate Subject.doAs APIs that don't depend on Security Manager APIs
Relates :	JDK-8264713 - JEP 411: Deprecate the Security Manager for Removal
Relates :	JDK-8276807 - Provide Subject.callAs(Supplier,Callable) method

JDK-8280491 :	Release Note: Alternate Subject.getSubject and doAs APIs Created That Do Not Depend on Security Manager APIs - Closed
JDK-8280590 :	Release Note: Deprecated Subject::doAs for Removal - Closed