On Mon, 25 Nov 2024 20:33:49 GMT, Sean Mullan <mul...@openjdk.org> wrote:
>> Now that JEP 486 has been integrated, the `javax.security` package >> implementation dependencies on `System.getSecurityManager`, >> `AccessController.doPrivileged` and `AccessControlContext` can be removed. >> >> Most of the changes are straightforward: removal of code calling >> `System.getSecurityManager()` and unwrapping of code inside >> `AccessController.doPrivileged`. However, two changes involved slightly more >> complicated work: >> >> 1. `javax.security.auth.login.Configuration` and >> `javax.security.auth.login.LoginContext` do not need to capture the caller's >> access control context anymore. >> 2. The `SecureSet` implementation in `javax.security.auth.Subject` is >> greatly simplified because it does not do security checks anymore. > > Sean Mullan has updated the pull request incrementally with one additional > commit since the last revision: > > Restore some local variables to be final. Marked as reviewed by alanb (Reviewer). ------------- PR Review: https://git.openjdk.org/jdk/pull/22368#pullrequestreview-2460672738
