On 15/03/2026 02:08, Jaikiran Pai wrote:
:
I think introducing a change in the JDK implementation of
java.net.Authenticator.setDefault() to run arbitrary application code
isn't the way to solve this. Especially not when the change is
motivated due to:
Right, the proposed API in the PR doesn't make sense. We could
potentially provide better guidance in the Authenticator class
description to make it clearer that this method for the application to
set the system-wide Authenticator, it's not something that libraries
should be using.
As Jai notes, and I also noted in the PR, the example agent in JEP 486
may provide some inspiration for a workaround that modifies the use
sites in the libraries until they are fixed to not set the system wide
Authenticator.
-Alan.
