On Mon, 25 Nov 2024 17:40:12 GMT, Sean Mullan <mul...@openjdk.org> wrote:
> Now that JEP 486 has been integrated, the `javax.security` package
> implementation dependencies on `System.getSecurityManager`,
> `AccessController.doPrivileged` and `AccessControlContext` can be removed.
>
> Most of the changes are straightforward: removal of code calling
> `System.getSecurityManager()` and unwrapping of code inside
> `AccessController.doPrivileged`. However, two changes involved slightly more
> complicated work:
>
> 1. `javax.security.auth.login.Configuration` and
> `javax.security.auth.login.LoginContext` do not need to capture the caller's
> access control context anymore.
> 2. The `SecureSet` implementation in `javax.security.auth.Subject` is greatly
> simplified because it does not do security checks anymore.
src/java.base/share/classes/javax/security/auth/Subject.java line 1012:
> 1010: LinkedList<E> list = elements;
> 1011: return new Iterator<>() {
> 1012: ListIterator<E> i = list.listIterator(0);
Did you mean the remove the final modifier from this field?
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/22368#discussion_r1857104403
