-
Bug
-
Resolution: Fixed
-
P4
-
7u45, 8
-
b65
-
generic
-
Verified
Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
---|---|---|---|---|---|---|
JDK-8084867 | emb-9 | Sean Mullan | P4 | Resolved | Fixed | team |
FULL PRODUCT VERSION :
java -version
java version "1.7.0_45"
Java(TM) SE Runtime Environment (build 1.7.0_45-b18)
Java HotSpot(TM) 64-Bit Server VM (build 24.45-b08, mixed mode)
Also present in: https://jdk8.java.net/download.html
ADDITIONAL OS VERSION INFORMATION :
Does not matter, tested on Kubuntu, Windows7, etc...
A DESCRIPTION OF THE PROBLEM :
The isAssignableFrom test in javax.security.auth.Subject$ClassSet.add ( and possibly second use of it ) seems wrong. I would assume that:
interface X{}
class Y implements X{}
ClassSet<X> z = ....;
x.add(new Y());
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Subject X = new Subject();
X.getPrincipals(Principal.class).add(new Principal(){
@Override
public String getName() {
// TODO Auto-generated method stub
return null;
}});
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
Either provide proper Exception saying this is not allowed operation or add should not fail
ACTUAL -
Exception in thread "main" java.lang.SecurityException: attempting to add an object which is not an instance of interface java.security.Principal
at javax.security.auth.Subject$ClassSet.add(Subject.java:1398)
REPRODUCIBILITY :
This bug can be reproduced always.
---------- BEGIN SOURCE ----------
Subject X = new Subject();
X.getPrincipals(Principal.class).add(new Principal(){
@Override
public String getName() {
// TODO Auto-generated method stub
return null;
}});
---------- END SOURCE ----------
CUSTOMER SUBMITTED WORKAROUND :
Workaround is to use Subject non default constructor:
public Subject(boolean readOnly, Set<? extends Principal> principals,
Set<?> pubCredentials, Set<?> privCredentials)
java -version
java version "1.7.0_45"
Java(TM) SE Runtime Environment (build 1.7.0_45-b18)
Java HotSpot(TM) 64-Bit Server VM (build 24.45-b08, mixed mode)
Also present in: https://jdk8.java.net/download.html
ADDITIONAL OS VERSION INFORMATION :
Does not matter, tested on Kubuntu, Windows7, etc...
A DESCRIPTION OF THE PROBLEM :
The isAssignableFrom test in javax.security.auth.Subject$ClassSet.add ( and possibly second use of it ) seems wrong. I would assume that:
interface X{}
class Y implements X{}
ClassSet<X> z = ....;
x.add(new Y());
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Subject X = new Subject();
X.getPrincipals(Principal.class).add(new Principal(){
@Override
public String getName() {
// TODO Auto-generated method stub
return null;
}});
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
Either provide proper Exception saying this is not allowed operation or add should not fail
ACTUAL -
Exception in thread "main" java.lang.SecurityException: attempting to add an object which is not an instance of interface java.security.Principal
at javax.security.auth.Subject$ClassSet.add(Subject.java:1398)
REPRODUCIBILITY :
This bug can be reproduced always.
---------- BEGIN SOURCE ----------
Subject X = new Subject();
X.getPrincipals(Principal.class).add(new Principal(){
@Override
public String getName() {
// TODO Auto-generated method stub
return null;
}});
---------- END SOURCE ----------
CUSTOMER SUBMITTED WORKAROUND :
Workaround is to use Subject non default constructor:
public Subject(boolean readOnly, Set<? extends Principal> principals,
Set<?> pubCredentials, Set<?> privCredentials)
- backported by
-
JDK-8084867 Wrong isAssignableFrom test when adding Principal to Subject
-
- Resolved
-
- relates to
-
JDK-8284939 Add the method `Class::isSublassOf(Class<?>)` to `java.lang.Class` that does the inverse of `Class::isAssignableFrom`
-
- Closed
-