Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8244165

Subject$SecureSet::contains(null) is suboptimal

XMLWordPrintable

    • Icon: CSR CSR
    • Resolution: Withdrawn
    • Icon: P4 P4
    • None
    • security-libs
    • None
    • behavioral
    • low
    • Hide
      Methods modified in this enhancement will behave differently when dealing with null values. This will have no affect on the content of the `Subject` because we have never allowed null components. Methods like `contains` or `remove` will have a behavior change but the affect should be low because it's quite unlikely a program would call these methods on null values. Even if called, we think the modified behavior is safer than the original one.
      Show
      Methods modified in this enhancement will behave differently when dealing with null values. This will have no affect on the content of the `Subject` because we have never allowed null components. Methods like `contains` or `remove` will have a behavior change but the affect should be low because it's quite unlikely a program would call these methods on null values. Even if called, we think the modified behavior is safer than the original one.
    • Java API
    • Implementation

      Summary

      Enhance several Subject$SecureSet methods to better deal with null values.

      Problem

      Subject$SecureSet is used to store principals and credentials returned by JAAS Subject's getPrincipals(), getPublicCredentials(), and getPrivateCredentials() methods. Since null is not allowed in this set, when contains(null) (and other methods) is called on such a set, an NPE is thown. This is slow comparing to returning null.

      Solution

      Switch from "throw-NPE" to "return false/ignore" when dealing with null values in multiple methods of Subject$SecureSet. Both styles are allowed by the Set interface.

      Precisely,

      1. when calling contains or remove on null, false is returned.
      2. when calling containsAll on a collection containing null, false is returned
      3. when calling removeAll, and retainAll on a collection containing a null value, the null value is ignored.

      Specification

      No spec change.

            weijun Weijun Wang
            weijun Weijun Wang
            Sean Mullan
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated:
              Resolved: