-
Bug
-
Resolution: Fixed
-
P3
-
7
-
b22
-
Verified
FULL PRODUCT VERSION :
java version " 1.7.0_21 "
Java(TM) SE Runtime Environment (build 1.7.0_21-b11)
Java HotSpot(TM) 64-Bit Server VM (build 23.21-b01, mixed mode)
ADDITIONAL OS VERSION INFORMATION :
Microsoft Windows [Version 6.1.7601]
(actually this bug is not OS-specific)
A DESCRIPTION OF THE PROBLEM :
There are legal actions to make the state of a Subject incorrect (its toString() method will throw NullPointerException). " Legal " means that this actions don't prohibited technically or via API specification and therefore must leave a Subject in correct state.
The actions are: add null to public or private credentials of a Subject. I think that nulls are just senseless in this case and therefore should be prohibited, but unfortunately nulls are allowed. So the only way I see to fix the problem and not break backward compatibility is to change Subject.toString() method so it can correctly work with nulls in credentials collections.
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Create a new instance of javax.security.auth.Subject.
Get a reference to subject's private credentials by using Subject.getPrivateCredentials() method.
Add null to the obtained set.
Invoke Subject.toString() method.
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
subject.toString() must not throw NullPointerException regardless of the state of subject.
ACTUAL -
subject.toString() throws NullPointerException if null was added to any of the following collections: subject.getPrivateCredentials(), subject.getPublicCredentials()
ERROR MESSAGES/STACK TRACES THAT OCCUR :
Exception in thread " main " java.lang.NullPointerException
at javax.security.auth.Subject.toString(Subject.java:863)
at javax.security.auth.Subject.toString(Subject.java:825)
at com.gl.vn.me.ko.tmp.Main.main(Main.java:11)
REPRODUCIBILITY :
This bug can be reproduced always.
---------- BEGIN SOURCE ----------
package com.gl.vn.me.ko.tmp;
import java.util.Set;
import javax.security.auth.Subject;
public class Main {
public static void main(final String[] args) {
final Subject subject = new Subject();
final Set<Object> set = subject.getPrivateCredentials();
set.add(null);// is not prohibited by an API specification of Set or Subject
subject.toString();// bug: NullPointerException
}
}
---------- END SOURCE ----------
CUSTOMER SUBMITTED WORKAROUND :
Don't add null to collections obtained from Subject.getPrivateCredentials() or Subject.getPublicCredentials() methods.
java version " 1.7.0_21 "
Java(TM) SE Runtime Environment (build 1.7.0_21-b11)
Java HotSpot(TM) 64-Bit Server VM (build 23.21-b01, mixed mode)
ADDITIONAL OS VERSION INFORMATION :
Microsoft Windows [Version 6.1.7601]
(actually this bug is not OS-specific)
A DESCRIPTION OF THE PROBLEM :
There are legal actions to make the state of a Subject incorrect (its toString() method will throw NullPointerException). " Legal " means that this actions don't prohibited technically or via API specification and therefore must leave a Subject in correct state.
The actions are: add null to public or private credentials of a Subject. I think that nulls are just senseless in this case and therefore should be prohibited, but unfortunately nulls are allowed. So the only way I see to fix the problem and not break backward compatibility is to change Subject.toString() method so it can correctly work with nulls in credentials collections.
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Create a new instance of javax.security.auth.Subject.
Get a reference to subject's private credentials by using Subject.getPrivateCredentials() method.
Add null to the obtained set.
Invoke Subject.toString() method.
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
subject.toString() must not throw NullPointerException regardless of the state of subject.
ACTUAL -
subject.toString() throws NullPointerException if null was added to any of the following collections: subject.getPrivateCredentials(), subject.getPublicCredentials()
ERROR MESSAGES/STACK TRACES THAT OCCUR :
Exception in thread " main " java.lang.NullPointerException
at javax.security.auth.Subject.toString(Subject.java:863)
at javax.security.auth.Subject.toString(Subject.java:825)
at com.gl.vn.me.ko.tmp.Main.main(Main.java:11)
REPRODUCIBILITY :
This bug can be reproduced always.
---------- BEGIN SOURCE ----------
package com.gl.vn.me.ko.tmp;
import java.util.Set;
import javax.security.auth.Subject;
public class Main {
public static void main(final String[] args) {
final Subject subject = new Subject();
final Set<Object> set = subject.getPrivateCredentials();
set.add(null);// is not prohibited by an API specification of Set or Subject
subject.toString();// bug: NullPointerException
}
}
---------- END SOURCE ----------
CUSTOMER SUBMITTED WORKAROUND :
Don't add null to collections obtained from Subject.getPrivateCredentials() or Subject.getPublicCredentials() methods.
- relates to
-
JDK-8243592 Subject$SecureSet::contains(null) is suboptimal
- Resolved