-
Enhancement
-
Resolution: Unresolved
-
P4
-
14
-
x86
-
linux
A DESCRIPTION OF THE PROBLEM :
Subject.getPrincipals(), getPublicCredentials(), and getPrivateCredentials() expose users to non-deterministic behavior if the users try to iterate these collections, because these collections are Collections.synchronizedXxx() wrappers over collections that could be mutated concurrently.
A possible may be for example to refactor javax.security.auth.Subject so that SecureSet wraps a CopyOnWriteArrayList, which would make external iteration safe.
Subject.getPrincipals(), getPublicCredentials(), and getPrivateCredentials() expose users to non-deterministic behavior if the users try to iterate these collections, because these collections are Collections.synchronizedXxx() wrappers over collections that could be mutated concurrently.
A possible may be for example to refactor javax.security.auth.Subject so that SecureSet wraps a CopyOnWriteArrayList, which would make external iteration safe.