On Mon, 10 Jun 2024 11:28:28 GMT, Kevin Walls <kev...@openjdk.org> wrote:
> JMX uses APIs related to the Security Mananger which are deprecated. Use of > AccessControlContext will be removed when Security Manager is removed. > > Until then, updates are needed to not require setting > -Djava.security.manager=allow to use JMX authentication. When SecurityManager is not permitted, which is the default, use the Subject.current() call. If SM is permitted, due to -Djava.security.manager=allow then the old Subject.getSubject(AccessController.getContext()) call is used. Tests are updated to not require -Djava.security.manager=allow and will test with and without that setting. Also additionally update tests to use Subject.current(), but also have a setting to test the old Subject.getSubject(AccessController.getContext()) call with -Djava.security.manager=allow (see ThreadPoolAccTest and test/jdk/javax/management/remote/mandatory/passwordAuthenticator). ------------- PR Comment: https://git.openjdk.org/jdk/pull/19624#issuecomment-2158515271
