-
Type:
Sub-task
-
Resolution: Delivered
-
Priority:
P4
-
Affects Version/s: 9
-
Component/s: security-libs
-
Verified
Inputs to the javax.security.auth.Subject class now prohibit null values in the constructors and modification operations on the Principal and credential Set objects returned by Subject methods.
For the non-default constructor, the principals, pubCredentials, and privCredentials parameters may not be null, nor may any element within the Sets be null. A NullPointerException will be thrown if null values are provided.
For operations performed on Set objects returned by getPrincipals(), getPrivateCredentials() and getPublicCredentials(), a NullPointerException is thrown under the following conditions:
* add(), remove(), or contains() uses a null parameter.
* addAll(), removeAll(), containsAll() or retainsAll() provides a Collection containing a null element.
For the non-default constructor, the principals, pubCredentials, and privCredentials parameters may not be null, nor may any element within the Sets be null. A NullPointerException will be thrown if null values are provided.
For operations performed on Set objects returned by getPrincipals(), getPrivateCredentials() and getPublicCredentials(), a NullPointerException is thrown under the following conditions:
* add(), remove(), or contains() uses a null parameter.
* addAll(), removeAll(), containsAll() or retainsAll() provides a Collection containing a null element.