the patch

src/java.base/share/classes/java/lang/System.java

@@ -2687,6 +2687,11 @@ public void copyToSegmentRaw(String string, MemorySegment segment, long offset)
             public boolean bytesCompatible(String string, Charset charset) {
                 return string.bytesCompatible(charset);
             }
+
+            @Override
+            public boolean allowSecurityManager() {
+                return System.allowSecurityManager();
+            }
         });
     }
 }

src/java.base/share/classes/jdk/internal/access/JavaLangAccess.java

@@ -586,4 +586,10 @@ StackWalker newStackWalkerInstance(Set<StackWalker.Option> options,
      * Are the string bytes compatible with the given charset?
      */
     boolean bytesCompatible(String string, Charset charset);
+
+    /**
+     * Is a security manager already set or allowed to be set
+     * (using -Djava.security.manager=allow)?
+     */
+    boolean allowSecurityManager();
 }

src/java.management/share/classes/com/sun/jmx/remote/internal/ServerNotifForwarder.java

@@ -346,7 +346,7 @@ public void terminate() {
 
     @SuppressWarnings("removal")
     private Subject getSubject() {
-        return Subject.getSubject(AccessController.getContext());
+        return Subject.current();
     }
 
     private void checkState() throws IOException {

src/java.management/share/classes/com/sun/jmx/remote/security/MBeanServerFileAccessController.java

@@ -27,7 +27,6 @@
 
 import java.io.FileInputStream;
 import java.io.IOException;
-import java.security.AccessControlContext;
 import java.security.AccessController;
 import java.security.Principal;
 import java.security.PrivilegedAction;
@@ -301,13 +300,11 @@ private static Properties propertiesFromFile(String fname)
     }
 
     private synchronized void checkAccess(AccessType requiredAccess, String arg) {
-        @SuppressWarnings("removal")
-        final AccessControlContext acc = AccessController.getContext();
         @SuppressWarnings("removal")
         final Subject s =
             AccessController.doPrivileged(new PrivilegedAction<>() {
                     public Subject run() {
-                        return Subject.getSubject(acc);
+                        return Subject.current();
                     }
                 });
         if (s == null) return; /* security has not been enabled */

test/jdk/javax/management/monitor/ThreadPoolAccTest.java

@@ -33,7 +33,6 @@
  * @run main ThreadPoolAccTest
  */
 
-import java.security.AccessController;
 import java.security.PrivilegedAction;
 import java.util.Date;
 import java.util.Set;
@@ -67,7 +66,7 @@ public String getString() {
             return "";
         }
         private void setPrincipal() {
-            Subject subject = Subject.getSubject(AccessController.getContext());
+            Subject subject = Subject.current();
             Set<JMXPrincipal> principals = subject.getPrincipals(JMXPrincipal.class);
             principal = principals.iterator().next().getName();
         }

test/jdk/javax/management/remote/mandatory/passwordAuthenticator/SimpleStandard.java

@@ -40,8 +40,6 @@
  *      - the "getNbResets()" method.
  */
 
-import java.security.AccessControlContext;
-import java.security.AccessController;
 import java.security.Principal;
 import java.util.Set;
 import javax.management.AttributeChangeNotification;
@@ -152,8 +150,7 @@ public int getNbResets() {
      * type JMXPrincipal and refers to the "monitorRole" identity.
      */
     private void checkSubject() {
-        AccessControlContext acc = AccessController.getContext();
-        Subject subject = Subject.getSubject(acc);
+        Subject subject = Subject.current();
         Set principals = subject.getPrincipals();
         Principal principal = (Principal) principals.iterator().next();
         if (!(principal instanceof JMXPrincipal))

test/jdk/javax/management/remote/mandatory/subjectDelegation/SimpleStandard.java

@@ -40,8 +40,6 @@
  *      - the "getNbResets()" method.
  */
 
-import java.security.AccessControlContext;
-import java.security.AccessController;
 import java.security.Principal;
 import java.util.Set;
 import javax.management.AttributeChangeNotification;
@@ -150,8 +148,7 @@ public int getNbResets() {
      * type JMXPrincipal and refers to the principalName identity.
      */
     private void checkSubject(String op) {
-        AccessControlContext acc = AccessController.getContext();
-        Subject subject = Subject.getSubject(acc);
+        Subject subject = Subject.current();
         Set principals = subject.getPrincipals();
         Principal principal = (Principal) principals.iterator().next();
         if (!(principal instanceof JMXPrincipal))

test/jdk/javax/security/auth/Subject/CallAsWithScopedValue.java

@@ -0,0 +1,105 @@
+/*
+ * Copyright (c) 2023, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 8296244
+ * @enablePreview
+ * @summary Implement Subject.current and Subject.callAs using scoped values
+ * @run main/othervm -Djava.security.manager=allow CallAsWithScopedValue false
+ * @run main/othervm -Djava.security.manager=disallow CallAsWithScopedValue true
+ */
+import com.sun.security.auth.UserPrincipal;
+
+import javax.security.auth.Subject;
+import java.util.Map;
+import java.util.Objects;
+import java.util.concurrent.ConcurrentHashMap;
+import java.util.concurrent.StructuredTaskScope;
+
+public class CallAsWithScopedValue {
+
+    private static Map results = new ConcurrentHashMap<Integer,Boolean>();
+
+    public static void main(String[] args) throws Exception {
+
+        boolean usv = Boolean.parseBoolean(args[0]);
+
+        Subject subject = new Subject();
+        subject.getPrincipals().add(new UserPrincipal("Duke"));
+
+        // Always observable in the same thread
+        Subject.callAs(subject, () -> check(0, Subject.current(), "Duke"));
+
+        // Observable in the same thread in ACC mode, but not in the SV mode
+        Subject.callAs(subject, () -> {
+            Thread.ofPlatform().start(() -> check(1, Subject.current(), usv ? null : "Duke")).join();
+            return null;
+        });
+
+        // Never observable in a new virtual thread
+        Subject.callAs(subject, () -> {
+            Thread.ofVirtual().start(() -> check(2, Subject.current(), null)).join();
+            return null;
+        });
+
+        // Observable in structured concurrency in SV mode, but not in ACC mode
+        Subject.callAs(subject, () -> {
+            try (var scope = new StructuredTaskScope<>()) {
+                scope.fork(() -> check(3, Subject.current(), usv ? "Duke" : null));
+                scope.join();
+            }
+            return null;
+        });
+
+        // Suggested way to pass the current subject into arbitrary
+        // threads. Grab one using current() and explicitly pass it
+        // into the new thread.
+        Subject.callAs(subject, () -> {
+            Subject current = Subject.current();
+            Thread.ofPlatform().start(() -> {
+                Subject.callAs(current, () -> check(4, Subject.current(), "Duke"));
+            }).join();
+            return null;
+        });
+
+        if (results.size() != 5 || results.containsValue(false)) {
+            System.out.println(results);
+            throw new RuntimeException("Failed");
+        }
+    }
+
+    static String check(int type, Subject current, String expected) {
+        String actual;
+        if (current == null) {
+            actual = null;
+        } else {
+            var set = current.getPrincipals(UserPrincipal.class);
+            actual = set.isEmpty()
+                    ? null
+                    : set.iterator().next().getName();
+        }
+        results.put(type, Objects.equals(actual, expected));
+        return actual;
+    }
+}

test/jdk/javax/security/auth/Subject/Compat.java

@@ -0,0 +1,129 @@
+/*
+ * Copyright (c) 2021, 2022, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+import com.sun.security.auth.UserPrincipal;
+
+import javax.security.auth.Subject;
+import javax.security.auth.SubjectDomainCombiner;
+import java.security.AccessControlContext;
+import java.security.AccessController;
+import java.security.PrivilegedExceptionAction;
+import java.util.Objects;
+
+/*
+ * @test
+ * @run main/othervm -Djava.security.manager=allow Compat
+ */
+public class Compat {
+
+//    static PrivilegedAction<AccessControlContext> action
+//            = () -> AccessController.getContext();
+
+    static PrivilegedExceptionAction<AccessControlContext> action
+            = () -> AccessController.getContext();
+
+    static boolean failed = false;
+
+    public static void main(String[] args) throws Exception {
+        main0(null);
+        var t = new Thread(() -> {
+            try {
+                main0(null);
+            } catch (Exception e) {
+                throw new RuntimeException(e);
+            }
+        });
+        t.start();
+        t.join();
+    }
+    public static void main0(String[] args) throws Exception {
+        System.out.println(">>> bare run");
+        run(null);
+        System.out.println(">>> run inside");
+        Subject subject = makeSubject("three");
+        Subject.doAs(subject, (PrivilegedExceptionAction<? extends Object>)
+                () -> run("three"));
+        if (failed) {
+            throw new RuntimeException();
+        }
+    }
+
+    public static Void run(String from) throws Exception {
+        Subject subject = makeSubject("one");
+        var a1 = Subject.doAs(subject, action);
+        Subject subject2 = makeSubject("two");
+        var a2 = Subject.doAs(subject2, action);
+
+        test("from ether", AccessController.getContext(), from);
+        test("from a1", a1, "one");
+        test("from a2", a2, "two");
+
+        var a3 = Subject.doAsPrivileged(subject, action, a1);
+        test("doAsPriv with one and a1", a3, "one");
+
+        var a4 = Subject.doAsPrivileged(subject, action, a2);
+        test("doAsPriv with one and a2", a4, "one");
+
+        var a5 = Subject.doAsPrivileged(null, action, a2);
+        test("doAsPriv with null and a2", a5, null);
+
+        var a6 = Subject.doAs(null, action);
+        test("doAsPriv with null and this", a6, null);
+
+        var ax = new AccessControlContext(a2, new SubjectDomainCombiner(subject));
+        test("a2 plus subject", ax, "one");
+
+            ax = AccessController.doPrivileged(action, a2);
+            test("doPriv on a2", ax, "two");
+
+        ax = AccessController.doPrivilegedWithCombiner(action);
+        test("doPrivWC", ax, from == null ? null : from);
+
+        ax = AccessController.doPrivilegedWithCombiner(action, a2);
+        test("doPrivWC on a2", ax, from == null ? "two" : from);
+        return null;
+    }
+
+    static Subject makeSubject(String name) {
+        Subject subject = new Subject();
+        subject.getPrincipals().add(new UserPrincipal(name));
+        return subject;
+    }
+
+    static String getSubject(AccessControlContext acc) {
+        var subj = Subject.getSubject(acc);
+        if (subj == null) return null;
+        var princ = subj.getPrincipals(UserPrincipal.class);
+        return (princ == null || princ.isEmpty())
+                ? null
+                : princ.iterator().next().getName();
+    }
+
+    static void test(String label, AccessControlContext acc, String expected) {
+        var actual = getSubject(acc);
+        System.out.println(label + ": " + actual);
+        if (!Objects.equals(actual, expected)) {
+            System.out.println("    Expect " + expected + ", but see " + actual);
+            failed = true;
+        }
+    }
+}