[
https://issues.apache.org/jira/browse/HTTPCLIENT-2402?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Istvan Toth updated HTTPCLIENT-2402:
------------------------------------
Description:
There are two aspect to these changes:
- replacing Subject.doAs() with Subject.callAs()
- handling the changed thread semantics, where the Current Subject is nonger
propagated to new Threads.
Httpclient doesn't currently use the disabled methods.
They are used in HTTPCLIENT-2358, which already includes the SecurityUtils to
map the doAs/CallAs function based on the JVM version.
The Subject propagation issue breaks SPNEGO authentication for the Async
client, as the Subject is no longer propagated to the executor threads for the
Async operations.
There is no current test for that, I will add new tests to HTTPCLIENT-2358 to
cover this case.
was:
There are two aspect to these changes:
- replacing Subject.doAs() with Subject.callAs()
- handling the changed thread semantics, where the Current Subject is nonger
propagated to new Threads.
The first change is handled by SubjectUtil present in HTTPCLIENT-2358.
The Subject propagation issue breaks SPNEGO authentication for the Async
client, as the Subject is no longer propagated to the execur threads for the
Async operations.
> Handle SecurityManager removal
> ------------------------------
>
> Key: HTTPCLIENT-2402
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-2402
> Project: HttpComponents HttpClient
> Issue Type: Bug
> Reporter: Istvan Toth
> Priority: Major
>
> There are two aspect to these changes:
> - replacing Subject.doAs() with Subject.callAs()
> - handling the changed thread semantics, where the Current Subject is nonger
> propagated to new Threads.
> Httpclient doesn't currently use the disabled methods.
> They are used in HTTPCLIENT-2358, which already includes the SecurityUtils to
> map the doAs/CallAs function based on the JVM version.
> The Subject propagation issue breaks SPNEGO authentication for the Async
> client, as the Subject is no longer propagated to the executor threads for
> the Async operations.
> There is no current test for that, I will add new tests to HTTPCLIENT-2358 to
> cover this case.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
