JDK-8304327 : JMX Guide: Document the deprecation of Subject Delegation
  • Type: Bug
  • Component: docs
  • Sub-Component: guides
  • Priority: P4
  • Status: Resolved
  • Resolution: Fixed
  • Submitted: 2023-03-16
  • Updated: 2023-06-05
  • Resolved: 2023-05-23
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 21
21Fixed
Related Reports
Relates :  
JDK-8298966 - Deprecate JMX Subject Delegation and the method JMXConnector.getMBeanServerConnection(Subject) for removal.
Description
We need to add a warning that Subject Delegation in JDK 21 is deprecated for removal.
https://bugs.openjdk.org/browse/JDK-8298966

22 Security with Subject Delegation
https://docs.oracle.com/en/java/javase/19/jmx/security-subject-delegation-example.html

There should be a warning box, like we already have in chapter 23 for the Security Manager usage.  It could use some of the text from the release note.  e.g.

WARNING: The Subject Delegation feature is deprecated and subject to removal in a future release.  It is dependent on other APIs which are deprecated for removal in JEP411.  If a client application needs to perform operations as or on behalf of multiple identities, it will need to make multiple calls to JMXConnectorFactory.connect() and to the getMBeanServerConnection() method on the returned JMXConnector.
Comments
Thanks Kevin! I've changed the warning to: The Subject Delegation feature is deprecated and is subject to removal in a future release. It is dependent on other APIs that were deprecated and removed in JEP 411. If a client application needs to perform operations as or on behalf of multiple identities, it needs to make multiple calls to JMXConnectorFactory.connect() and to getMBeanServerConnection() on the returned JMXConnector. Thank you for the explanation, it makes more sense. :-)
23-05-2023
Thanks Sheila - We want to say "The Subject Delegation feature is deprecated..." I think. The Security Manager and related APIs are deprecated in JEP411, and it's those "other APIs" which are a requirement for Subject Delegation.
22-05-2023
Hi Kevin, can you please review the text and let me know if there should be any changes. Thanks, S
22-05-2023
This has been added to the Security with Subject Delegation page of the JMX Guide: Warning: The Security Manager feature is deprecated and is subject to removal in a future release. It is dependent on other APIs that are deprecated and removed in JEP 411. If a client application needs to perform operations as or on behalf of multiple identities, it will need to make multiple calls to JMXConnectorFactory.connect() and to getMBeanServerConnection() on the returned JMXConnector.
22-05-2023