1. Security Developer’s Guide
  2. Java Authentication and Authorization Service (JAAS)
  3. Migrating from the Deprecated-for-Removal Methods Subject::getSubject and Subject::doAs to Subject::current and Subject::callAs

Migrating from the Deprecated-for-Removal Methods Subject::getSubject and Subject::doAs to Subject::current and Subject::callAs

The following methods are deprecated for removal because they have dependencies on Security Manager APIs, which are also deprecated for removal:

  • Subject getSubject(AccessControlContext)
  • T doAs(Subject, PrivilegedAction<T>)
  • T doAs(Subject, PrivilegedExceptionAction<T>)
  • T doAsPrivileged(Subject, PrivilegedAction<T>, AccessControlContext)
  • T doAsPrivileged(Subject, PrivilegedExceptionAction<T>, AccessControlContext)

These methods, in addition to Subject current() and T callAs(Subject, Callable<T>), behave differently depending on whether a Security Manager is allowed:

Table 6-5 Behavior Differences Among Subject Methods

Method Security Manager Is Allowed Security Manager Is Not Allowed
getSubject No behavior change when compared to previous releases. The method throws an UnsupportedOperationException.

This method depends on the AccessControlContext class which, in conjunction with the Security Manager, is deprecated for removal.

current No behavior change when compared to previous releases. Returns the Subject bound to the period of the execution of the current thread.
doAs and doAsPrivileged No behavior change when compared to previous releases.

The methods associate the specified Subject with the current thread's AccessControlContext, and then execute the PrivilegedAction or PrivilegedExceptionAction. This achieves the effect of having the action run as the Subject.

The Subject isn't associated with the current thread's AccessControlContext. Instead, these methods invoke an action with a Subject as the current subject for the bounded period execution of the action.
callAs Behaves just like doAs (with the Security Manager allowed) except the types of its action argument, Callable<T>, and thrown exception, CompletedException, are different. Behaves just like doAs (with the Security Manager not allowed) except the types of its action argument, Callable<T>, and thrown exception, CompletedException, are different.

Note:

A Security Manager is allowed if the value of the system property java.security.manager is set on the command line with the empty line, a class name, or the value allow. A Security Manager is not allowed if the value of the java.security.manager hasn't been set or has been set to the value disallow.

See The doAs Methods for Performing an Action as a Particular Subject for more information about how the behavior of the doAs and doAsPrivileged methods change depending on whether a Security Manager is allowed.

Because the Security Manager is deprecated for removal, it’s strongly recommended to replace the methods Subject::getSubject and Subject::doAs with Subject::current and Subject::callAs, respectively, in your code. See The callAs and current Methods for Performing an Action as a Particular Subject.

Note:

The Subject::doAsPrivileged methods don’t have replacement APIs.

The Subject::getSubject method returns the Subject associated with the provided AccessControlContext. However, the AccessControlContext class is deprecated for removal.

You should migrate code that stores a Subject in an AccessControlContext and invokes AccessController.doPrivileged with that context as soon as possible as this code will cease to work when the Security Manager is removed.

If a Security Manager is allowed, the AccessControlContext class, in conjunction with Subject::getSubject, enables code to access a parent thread’s current Subject from a child thread. If a Security Manager is not allowed, code can access the parent's thread's current Subject from the child thread with the Subject::current method with structured concurrency. See Structured Concurrency in Java Platform, Standard Edition Core Libraries and The callAs and current Methods for Performing an Action as a Particular Subject for more information.

Check if child threads in your code access the Subject of their parent threads through the AccessControlContext class. If so, modify your code so that parent threads pass the Subject to newly created threads or use structured concurrency.