-
Type:
Enhancement
-
Resolution: Unresolved
-
Priority:
P4
-
Affects Version/s: 14
-
Component/s: security-libs
-
x86
-
linux
A DESCRIPTION OF THE PROBLEM :
Subject.getPrincipals(), getPublicCredentials(), and getPrivateCredentials() expose users to non-deterministic behavior if the users try to iterate these collections, because these collections are Collections.synchronizedXxx() wrappers over collections that could be mutated concurrently.
A possible may be for example to refactor javax.security.auth.Subject so that SecureSet wraps a CopyOnWriteArrayList, which would make external iteration safe.
Subject.getPrincipals(), getPublicCredentials(), and getPrivateCredentials() expose users to non-deterministic behavior if the users try to iterate these collections, because these collections are Collections.synchronizedXxx() wrappers over collections that could be mutated concurrently.
A possible may be for example to refactor javax.security.auth.Subject so that SecureSet wraps a CopyOnWriteArrayList, which would make external iteration safe.