JDK-8326691 : Remove the implementation of JMX Subject Delegation and degrade the applicable APIs to throw UnsupportedOperationException
  • Type: CSR
  • Component: core-svc
  • Sub-Component: javax.management
  • Priority: P3
  • Status: Closed
  • Resolution: Approved
  • Fix Versions: 23
  • Submitted: 2024-02-26
  • Updated: 2024-03-26
  • Resolved: 2024-03-26
Related Reports
CSR :  
JDK-8326666 - Remove the Java Management Extension (JMX) Subject Delegation feature
Relates :  
JDK-8298967 - Deprecate JMX Subject Delegation and the method JMXConnector.getMBeanServerConnection(Subject) for removal.
Description
Summary
-------

Remove Java Management Extension (JMX) Subject Delegation which was deprecated for removal in Java 21.  The feature is directly dependent on Security Manager APIs that are deprecated for removal.  The Subject Delegation feature will cease to be usable once the Security Manager APIs are further degraded and the Security Manager implementation is removed.

Problem
-------

This feature has no known current usage.

This feature does not work without support for the Security Manager APIs which are deprecated for removal (since Java 17, see JEP 411).

Solution
--------

We will remove the feature.  There is no replacement.  For source and binary compatibility reasons the relevant method is not being removed at this time, but will throw an UnsupportedOperationException when Subject Delegation is attempted.


Specification
-------------

The method `javax.management.remote.JMXConnector.getMBeanServerConnection(Subject delegationSubject)` will throw an UnsupportedOperationException if a non-null delegation subject is provided.  This method's documentation will be updated:
```
@param delegationSubject must be null.
@exception UnsupportedOperationException if delegationSubject is non-null.
```

 
The class `javax.management.remote.rmi.RMIConnection` will document at the class level that:
"JMX Subject Delegation has been removed. All methods that take a delegationSubject parameter will throw UnsupportedOperationException if it is non-null. This parameter is kept for interoperability with older remote clients."

All methods in `RMIConnection` which take a delegationSubject will be updated with:
```
 @param delegationSubject must be null.
 @throws UnsupportedOperationException if delegationSubject is non-null.
```

The class `javax.management.remote.rmi.RMIConnectionImpl` has methods which accept a Subject parameter for Subject Delegation.  This cannot now be non-null in local usage, but an RMI Connection from an older JDK can invoke these methods with a non-null delegationSubject.  Such access will be recognised and an UnsupportedOperationException will be thrown.

The attached JMX_SubjectDelegation_Removal_specdiff.zip shows the above in detail (see the files JMXConnector.html, RMIConnector.html, RMIConnection.html, RMIConnectionImpl.html).

PR: https://github.com/openjdk/jdk/pull/18025
Comments
Moving to Approved.
26-03-2024
Thanks [~darcy], and [~mullan], will go with that format.
14-03-2024
[~kevinw], for future reference, you can always more a CSR back to Draft and then from there go to either Provisional or Finalized. For the titile "Remove X and degrade Y" for some suitably concise values of X and Y sounds fine.
14-03-2024
You could make the title (much) longer to try make this more clear: "Remove the implementation of Java Management Extension (JMX) Subject Delegation and degrade the applicable APIs to throw UnsupportedOperationException."
14-03-2024
That's an interesting naming dilemma. The functionality - the ability to delegate to another username - is being removed. If you try and use it, an Exception is thrown because it is not there. The method which provides access to the functionality is not being removed, to avoid source/binary compatibility issues. It seems clearest to say that the feature is being removed. It also seems best to retain the deprecated for removal label on the main method you would have used to access the feature. Is that OK? (and oops sorry, yes I was looking for 'proposed' but hit 'finalize' and could not see a way back!)
14-03-2024
Moving to Provisional, not Approved. If the functionality is being degraded -- unconditionally throwing some exception -- rather than removed, the synopsis of the bug should not say "remove."
14-03-2024
LGTM. Note to reviewers: the new specdiff also shows changes to the JMXConnector interface, but you have to navigate to specdiff/java.management/javax/management/remote/JMXConnector-report.html to see them.
14-03-2024
Note: during testing, I found that remote usage of SubjectDelegation does not work by default. Believe this since JDK20 and https://bugs.openjdk.org/browse/JDK-8283093 created a default serialization filter for JMX. No reports of a problem as afar as I am aware, which supports there being no usage of the feature being removed. Currently, setting -Dcom.sun.management.jmxremote.serial.filter.pattern=. is required.
13-03-2024
I would also change this sentence: "The feature cannot be invoked without a Security Manager." to "This feature does not work without support for the Security Manager APIs which are deprecated for removal."
07-03-2024
Thanks Sean, updated.
07-03-2024
In the Summary, I would change the second sentence to "The feature is directly dependent on Security Manager APIs that are deprecated for removal." and the last sentence to "The Subject Delegation feature will cease to be usable once the Security Manager APIs are further degraded and the Security Manager implementation is removed."
07-03-2024