JDK-8298967 : Deprecate JMX Subject Delegation and the method JMXConnector.getMBeanServerConnection(Subject) for removal.
  • Type: CSR
  • Component: core-svc
  • Sub-Component: javax.management
  • Priority: P4
  • Status: Closed
  • Resolution: Approved
  • Fix Versions: 21
  • Submitted: 2022-12-16
  • Updated: 2024-05-25
  • Resolved: 2023-03-13
Related Reports
CSR :  
JDK-8298966 - Deprecate JMX Subject Delegation and the method JMXConnector.getMBeanServerConnection(Subject) for removal.
Relates :  
JDK-8326691 - Remove the implementation of JMX Subject Delegation and degrade the applicable APIs to throw UnsupportedOperationException
Description
Summary
-------

Deprecate the Java Management Extension (JMX) Subject Delegation feature, which means the method `javax.management.remote.JMXConnector.getMBeanServerConnection(javax.security.auth.Subject)`, for removal in a future release.

Problem
-------

Subject Delegation requires a security policy file to grant javax.management.remote.SubjectDelegationPermission, and the implementation relies on deprecated methods such as `java.security.AccessController::checkPermission` and `java.security.AccessControlContext::checkPermission.`  These are deprecated for removal as part of JEP 411: the Security Manager is already considered a legacy feature and deprecated for removal.

These deprecated methods will cease to be usable once the Security Manager is further degraded and eventually removed.  If methods such as `AccessController::checkPermission` are degraded before this feature is removed (for example to throw an AccessControlException on any usage), then the SubjectDelegation feature will be unusable before it is removed.

There is no known usage of this method based on a Maven corpus search.

The interface `javax.management.remote.rmi.RMIConnection` contains methods which accept a Subject, to implement Subject Delegation. These methods are commonly called with a null Subject, for the previously authenticated principal to be used. User code does not normally interact with these methods, but when this feature is removed their existing use of SecurityException should be updated.


Solution
--------

We will terminally deprecate the feature. 

When this feature is removed in the future, if a client connects to a new server that does not support this feature and request to perform an operation in the remote server with the delegation subject, `SecurityException` will be thrown per the specification of `javax.management.remote.rmi.RMIConnection` methods because the delegation subject has no permission to perform the operations.

```
SecurityException - if the client, or the delegated Subject if any, does not have permission to perform this operation.
```

The `@throws SecurityException` javadoc can be clarified when this feature is removed and the exception message at that time will make clear that the feature is not supported.

Specification
-------------

We will terminally deprecate, by annotating with @Deprecated(since="21", forRemoval=true), the method:

 - `javax.management.remote.JMXConnector.getMBeanServerConnection(Subject delegationSubject)`


The commonly used no-argument getMBeanServerConnection() method is not affected.

The API documentation will include the deprecation text:

This method supported the legacy Subject Delegation feature, and is only useful in conjunction with other APIs which are deprecated and subject to removal in a future release. Consequently, this method is also deprecated and subject to removal. There is no replacement.

Methods in the interface `javax.management.remote.rmi.RMIConnection` that take a `delegationSubject` parameter are not affected, but will throw a `SecurityException` if a non-null delegation subject is provided once the subject delegation feature is removed.
Comments
Moving to Approved.
13-03-2023
https://inside.java/2023/01/27/heads-up/
03-03-2023
Moving to Provisional.
31-01-2023