On Mon, 25 Oct 2021 18:08:19 GMT, Weijun Wang <wei...@openjdk.org> wrote:
>> src/java.security.jgss/share/classes/sun/security/jgss/krb5/Krb5Context.java >> line 708: >> >>> 706: @SuppressWarnings("removal") >>> 707: final Subject subject = >>> 708: >>> AccessController.doPrivilegedWithCombiner( >> >> Is this actually needed and correct to wrap this into a priveledged action? > > Oh, it's needed. Otherwise the `AccessController.getContext()` call (which is > inside `current()`) will also be called in a clean privileged context and > there is no subject associated with it. > > On the other hand, it still needs to in some sort of doPriv. I don't want to > ignore `AuthPermission("getSubject")`. Hm yes i see why „withacombiner“ would be needed, just not sure why doPriveledged() is needed (especially since current() does it as well). But I admit i don’t see through that part, so ignore me if I don’t make sense. >> test/jdk/javax/security/auth/Subject/DoAs.java line 44: >> >>> 42: final int index = i; >>> 43: Subject.callAs(subject, () -> { >>> 44: Subject s = Subject.current(); >> >> Should it Test old and new method to retrieve subject? > > I did it in `CurrentSubject.java` when test=both (checking `cas != accs` in > `check()`). All changes to existing tests are just to avoid calling > deprecated methods. Yes, probably not worth it in all tests (but would be maybe a good one time exercise?) ------------- PR: https://git.openjdk.java.net/jdk/pull/5024