Migrating from the Deprecated-for-Removal Methods Subject::getSubject and Subject::doAs to Subject::current and Subject::callAs
The following methods are deprecated for removal because they have dependencies on Security Manager APIs, which are also deprecated for removal:
- Subject getSubject(AccessControlContext)
- T doAs(Subject, PrivilegedAction<T>)
- T doAs(Subject, PrivilegedExceptionAction<T>)
- T doAsPrivileged(Subject, PrivilegedAction<T>, AccessControlContext)
- T doAsPrivileged(Subject, PrivilegedExceptionAction<T>, AccessControlContext)
These methods, in addition to Subject current() and T callAs(Subject, Callable<T>), behave differently depending on whether a Security Manager is allowed:
Table 6-5 Behavior Differences Among Subject Methods
Method | Security Manager Is Allowed | Security Manager Is Not Allowed |
---|---|---|
getSubject | No behavior change when compared to previous releases. | The method throws an UnsupportedOperationException.
This method depends on the AccessControlContext class which, in conjunction with the Security Manager, is deprecated for removal. |
current | No behavior change when compared to previous releases. | Returns the Subject bound to the period of the execution of the current thread. |
doAs and doAsPrivileged | No behavior change when compared to previous releases.
The methods associate the specified Subject with the current thread's AccessControlContext, and then execute the PrivilegedAction or PrivilegedExceptionAction. This achieves the effect of having the action run as the Subject. |
The Subject isn't associated with the current thread's AccessControlContext. Instead, these methods invoke an action with a Subject as the current subject for the bounded period execution of the action. |
callAs | Behaves just like doAs (with the Security Manager allowed) except the types of its action argument, Callable<T>, and thrown exception, CompletedException, are different. | Behaves just like doAs (with the Security Manager not allowed) except the types of its action argument, Callable<T>, and thrown exception, CompletedException, are different. |
Note:
A Security Manager is allowed if the value of the system propertyjava.security.manager
is set on the command line with the empty
line, a class name, or the value allow
. A Security Manager is not
allowed if the value of the java.security.manager
hasn't been set or
has been set to the value disallow
.
See The doAs Methods for Performing an Action as a Particular Subject for more information about how the behavior of the doAs and doAsPrivileged methods change depending on whether a Security Manager is allowed.
Because the Security Manager is deprecated for removal, it’s strongly recommended to replace the methods Subject::getSubject and Subject::doAs with Subject::current and Subject::callAs, respectively, in your code. See The callAs and current Methods for Performing an Action as a Particular Subject.
Note:
The Subject::doAsPrivileged methods don’t have replacement APIs.The Subject::getSubject method returns the Subject associated with the provided AccessControlContext. However, the AccessControlContext class is deprecated for removal.
You should migrate code that stores a Subject in an
AccessControlContext
and invokes
AccessController.doPrivileged
with that context as soon as possible
as this code will cease to work when the Security Manager is removed.
If a Security Manager is allowed, the AccessControlContext class, in conjunction with Subject::getSubject, enables code to access a parent thread’s current
Subject from a child thread. If a Security Manager
is not allowed, code can access the parent's thread's current Subject
from the child thread with the Subject::current method
with structured concurrency. See Structured Concurrency in Java Platform, Standard Edition Core
Libraries and The callAs and current Methods for Performing an Action as a Particular Subject for more information.
Check if child threads in your code access the Subject of their parent threads through the AccessControlContext class. If so, modify your code so that parent threads pass the Subject to newly created threads or use structured concurrency.