davmail
davmail copied to clipboard
mguessan
Java warning: <T>doAs(Subject,PrivilegedAction<T>) in Subject has been deprecated and marked for removal
I noticed that the latest Appveyor builds are emitting this warning: <T>doAs(Subject,PrivilegedAction<T>) in Subject has been deprecated and marked for removal.
doAs is used in three places in the code:
https://github.com/mguessan/davmail/blob/4c8b6881b0a01a3dd4d3a02569b8e3eea665fbc6/src/java/davmail/http/KerberosHelper.java#L201 https://github.com/mguessan/davmail/blob/4c8b6881b0a01a3dd4d3a02569b8e3eea665fbc6/src/java/davmail/http/KerberosHelper.java#L286 https://github.com/mguessan/davmail/blob/4c8b6881b0a01a3dd4d3a02569b8e3eea665fbc6/src/java/davmail/http/DavMailSPNegoScheme.java#L123
See https://docs.oracle.com/en/java/javase/23/security/migrating-deprecated-removal-methods-subject-getsubject-and-subject-doas-subject-current-and-s.html for details and advice on what the code the code should be changed to.
https://bugs.openjdk.org/browse/JDK-8275529 is apparently related to this deprecation.
Could add @SuppressWarnings("removal") for the near-term if there's a need to support older JDKs that don't support the new Subject.current().callAs() method?
Reason for deprecation:
This deprecation is due to the reliance on the SecurityManager which is also deprecated and considered outdated in modern Java security practices.
What to do instead:
To achieve similar functionality, use the Subject.current().callAs() method which is the recommended replacement for doAs.
Example of how to migrate:
// Old code using deprecated doAs
Subject subject = ...;
String result = subject.doAs(subject, new PrivilegedAction<String>() {
public String run() {
// privileged action
return "Some privileged data";
}
});
// Updated code using callAs
Subject subject = Subject.current(); // Get the current subject
String result = subject.callAs(() -> {
// privileged action
return "Some privileged data";
});
