Subject.doAs with complex code

StackOverflow https://stackoverflow.com/questions/19956436

  •  30-07-2022
  •  | 
  •  

Question

In the javadocs it states that AccessController.doPrivileged() is called

Further in the javadocs for AccessController.doPrivileged it states...

"Be very careful in your use of the "privileged" construct, and always remember to make the privileged code section as small as possible."

What then are the implications for having code within the privileged construct which is not even remotely on the small side?

Was it helpful?

Solution

The point of Subject.doAs is to change the Subject of the current AccessControlContext (acc). It should not change permissions. The API docs of doAs say "using the retrieved context", and if you look at the source code, it is combining the acc from AccessController.getContext with the subject.

In fact, the acc needs to be privileged for the call to succeed.

The problem with is large sections of code running with elevated permissions is that it is opposed to the Principle of Least Privilege. There is an increased chance that somewhere an adversary can slip in some malicious operation.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top