-
Type:
Bug
-
Resolution: Fixed
-
Priority:
P2
-
Affects Version/s: 1.4.2_06, 6
-
Component/s: security-libs
-
beta
-
generic, x86
-
generic, solaris_2.5.1
| Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
|---|---|---|---|---|---|---|
| JDK-2128409 | 5.0u6 | Mala Bankal | P2 | Resolved | Fixed | b03 |
| JDK-2128361 | 1.4.2_10 | Mala Bankal | P2 | Resolved | Fixed | b02 |
1) Set security property auth.policy.provider to a valid JAAS policy provider
2) In a custom classloader, creates protection domains with null permission sets - and ensure these protection domains are on the stack
3) In the test case, does Subject.getSubject(ACC), this will trigger SubjectDomainCombiner.combineJavaxPolicy to be called. When it reaches the protection domain with a null permission set, it'll bomb out with NullPointerException
2) In a custom classloader, creates protection domains with null permission sets - and ensure these protection domains are on the stack
3) In the test case, does Subject.getSubject(ACC), this will trigger SubjectDomainCombiner.combineJavaxPolicy to be called. When it reaches the protection domain with a null permission set, it'll bomb out with NullPointerException
- backported by
-
JDK-2128361 SubjectDomainCombiner fails to check for null in combineJavaxPolicy
-
- Resolved
-
-
-
- Resolved
-
- duplicates
-
-
- Closed
-