On Mon, 4 Mar 2024 19:51:38 GMT, Weijun Wang <[email protected]> wrote:
>> src/java.management/share/classes/com/sun/jmx/remote/security/MBeanServerFileAccessController.java
>> line 309:
>>
>>> 307: final Subject s;
>>> 308: if (!SharedSecrets.getJavaLangAccess().allowSecurityManager())
>>> {
>>> 309: s = Subject.current();
>>
>> We may not want to call `Subject.current()` here, as this may imply that we
>> will support this functionality even if an SM is not enabled.
>
> I was not exactly sure if we will support this functionality. The class name
> has `AccessControler` and the method names use `checkAccess`, but they
> actually do not always depend on security manager.
I think we need @kevinjwalls or @dfuch to help advise on this.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/17472#discussion_r1511721920
