On Mon, 25 Nov 2024 17:40:12 GMT, Sean Mullan <mul...@openjdk.org> wrote:
> Now that JEP 486 has been integrated, the `javax.security` package > implementation dependencies on `System.getSecurityManager`, > `AccessController.doPrivileged` and `AccessControlContext` can be removed. > > Most of the changes are straightforward: removal of code calling > `System.getSecurityManager()` and unwrapping of code inside > `AccessController.doPrivileged`. However, two changes involved slightly more > complicated work: > > 1. `javax.security.auth.login.Configuration` and > `javax.security.auth.login.LoginContext` do not need to capture the caller's > access control context anymore. > 2. The `SecureSet` implementation in `javax.security.auth.Subject` is greatly > simplified because it does not do security checks anymore. This pull request has now been integrated. Changeset: 65c98e57 Author: Sean Mullan <mul...@openjdk.org> URL: https://git.openjdk.org/jdk/commit/65c98e577f72bfe544d7e6b5e9d1568667d208fa Stats: 600 lines in 10 files changed: 1 ins; 514 del; 85 mod 8344420: Remove Security Manager dependencies from javax.security package Reviewed-by: alanb, rriggs, wetmore ------------- PR: https://git.openjdk.org/jdk/pull/22368
