On Mon, 25 Nov 2024 18:14:09 GMT, Roger Riggs <rri...@openjdk.org> wrote:
>> Now that JEP 486 has been integrated, the `javax.security` package
>> implementation dependencies on `System.getSecurityManager`,
>> `AccessController.doPrivileged` and `AccessControlContext` can be removed.
>>
>> Most of the changes are straightforward: removal of code calling
>> `System.getSecurityManager()` and unwrapping of code inside
>> `AccessController.doPrivileged`. However, two changes involved slightly more
>> complicated work:
>>
>> 1. `javax.security.auth.login.Configuration` and
>> `javax.security.auth.login.LoginContext` do not need to capture the caller's
>> access control context anymore.
>> 2. The `SecureSet` implementation in `javax.security.auth.Subject` is
>> greatly simplified because it does not do security checks anymore.
>
> src/java.base/share/classes/javax/security/auth/Subject.java line 1061:
>
>> 1059: else {
>> 1060: return false;
>> 1061: }
>
> This indentation looks odd. It is because the case:/default: statements are
> not indented.
Agreed, but there are several `switch` statements in this class which are not
indented, so I would prefer to not change them. I indented this one line as it
was clearly intended to line up with the `else` block.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/22368#discussion_r1857298194
