The terminally deprecated method
Subject.getSubject(AccessControlContext)
has been
respecified to throw UnsupportedOperationException
if
invoked when a Security Manager is not allowed.
When the Security Manager is removed in a future release, the
Subject.getSubject(AccessControlContext)
method will
be degraded further to throw
UnsupportedOperationException
unconditionally.
Maintainers of code using Subject.doAs
and
Subject.getSubject
are strongly encouraged to migrate
this code to the replacement APIs, Subject.callAs
and
Subject.current
, as soon as possible. The
jdeprscan
tool can be used to scan the class path for
usages of deprecated APIs and may be useful to find usage of these
two methods.
The temporary workaround in this release to keep older code
working is to run with -Djava.security.manager=allow
to allow a Security Manager to be set. The
Subject.getSubject
method does not depend on a
Security Manager but requires the feature be "allowed" due to the
AccessControlContext
parameter.
As background, the changes in this release are to help
applications prepare for the eventual removal of the Security
Manager. For this release, subject authorization and the
Subject
APIs behave differently depending on whether a
Security Manager is allowed or not:
-
If a Security Manager is allowed, meaning the system property
java.security.manager
is set on the command line to
the empty string, a class name, or the value "allow", then there is
no behavior change when compared to previous releases.
-
If a Security Manager is not allowed, the system property
java.security.manager
is not set on the command line
or has been set on the command line to the value "disallow", then
the doAs
or callAs
methods invoke an
action with a Subject
as the current subject for the
bounded period execution of the action. The Subject can be obtained
using the Subject.current
method when invoked by code
executed by the action. The Subject.getSubject
method
cannot obtain the Subject as that method will throw
UnsupportedOperationException
. The Subject is not
inherited automatically when creating or starting new threads with
the Thread
API. The Subject is inherited by child
threads when using Structured Concurrency.
As noted above, maintainers of code using
Subject.doAs
and Subject.getSubject
are
strongly encouraged to migrate the code to
Subject.callAs
and Subject.current
as
soon as possible.
Code that stores a Subject in an
AccessControlContext
and invokes
AccessController.doPrivileged
with that context should
also be migrated as soon as possible as this code will cease to
work when the Security Manager is removed.
Maintainers of code that uses the Subject
API
should also audit their code for any cases where it may depend on
inheritance of the current Subject into newly created threads. This
code should be modified to pass the Subject to the newly created
thread or modified to make use of structured concurrency.