Convenience method for getting Subject

[arjantijms]

The Subject (representing the authenticated identity) is currently obtained in Jakarta Authorization in the following way:

 Subject subject;
        try {
            subject = (Subject) PolicyContext.getContext("javax.security.auth.Subject.container");
        } catch (PolicyContextException ex) {
            throw new RuntimeException(ex);
        }

We could for convenience and for ease of readability in the using code add a getSubject() method to PolicyContext

[darranl]

IMO it would be preferable to reduce exposure to the Subject and not increase it further.

[arjantijms]

IMO it would be preferable to reduce exposure to the Subject and not increase it further.

While Subject is not an ideal type for sure, in these lower level APIs it's used quite extensively and we don't have anything feasible to replace it with. Note that Jakarta Authentication uses it too, and many runtimes at the level where they interact with either Jakarta Authentication or Jakarta Authorization either directly have a number of Principals available (or need them), or have these in a Subject.