On Tue, 11 Jun 2024 20:58:54 GMT, Sean Mullan <[email protected]> wrote:
>> src/java.management.rmi/share/classes/javax/management/remote/rmi/RMIConnectionImpl.java
>> line 1436:
>>
>>> 1434: } else {
>>> 1435: // ACC is present, we have a Subject and SM is
>>> permitted:
>>> 1436: return
>>> AccessController.doPrivileged((PrivilegedExceptionAction<Object>) () ->
>>> Subject.doAs(subject, op), acc);
>>
>> Why is it necessary to call both `doAs` and `doPrivileged`?
>
> Can you just call `AccessController.doPrivileged(op, acc)` as in the original
> code? `Subject.doAs` requires a permission, which is why I assume you are
> wrapping it in a `doPrivileged` but you are asserting all of the permissions
> of the `java.management` module, which means you probably want to use limited
> doPriv and only assert the `getSubject` permission but that is getting
> complicated. I'd go back to the original call as it should work in the SM
> allow case.
Yes, this can be simpler, thanks.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/19624#discussion_r1636417433
