Thanks Sean.
It's a pity we're not permitted to redesign a light weight authorization
mechanism from the ashes of the existing system, something that allowed
the use of PrivilegedAction et al.
The reality is, authorization could be so much simpler and more useful
than it is today, especially if outside of privileged action's, no
privileges were granted at all, it addresses problems with preservation
of context over threads and executors.
The reason the original designers chose to allow granting permission
outside of privileged actions, was to make it compatible with existing
deployments, but since SM didn't need to be enabled and often wasn't
enabled by default, it probably wasn't the right choice, as it led to
the viral permission problem.
The remaining use case for authorization is to allow the coming together
of trusted parties within one JVM, for access decisions and we could so
easily make it high scaling, performant, simpler with far better
tooling, but sadly, the applet use case shone so brightly people are
unable to see other uses for it.
OpenJDK still relies on DNS for identity decisions in SecureClassLoader,
which is subject to DNS cache poisoning attacks, easily solved using
RFC3986 and RFC5952 URI normalization, and doesn't it just speed up
class loading so nicely. ;) Outside of OpenJDK, some of these things
were solved over a decade ago and have been thoroughly tested and are
well understood. The Jini development branch, inherited from Sun
Microsystems had comprehensive network deployment, regression and unit
tests, which significantly contributed to its understanding.
--
Regards,
Peter
On 17/06/2023 3:33 am, Sean Mullan wrote:
See also https://bugs.openjdk.org/browse/JDK-8296244
--Sean
On 6/16/23 1:48 AM, Alan Bateman wrote:
On 16/06/2023 03:48, Peter Firmstone wrote:
:
As it isn't yet clear how a Subject context will be preserved across
threads in future version of OpenJDK, (currently we use the
AccessControlContext for that), for example we capture the existing
context, to establish TLS connections in call back communications for
network event listeners.
It's good to think about a Subject.current/callAs re-implemented to use
ScopedValue [1], currently in preview with JEP 446 in Java 21.
ScopedValue allows for sharing in structured concurrency contexts.
-Alan
[1]
https://download.java.net/java/early_access/jdk21/docs/api/java.base/java/lang/ScopedValue.html
[2] https://openjdk.org/jeps/446
