Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8282730 LdapLoginModule throw NPE from logout method after login failure
  3. JDK-8290467

Release Note: New Implementation Note for LoginModule on Removing Null from a Principals or Credentials Set

    XMLWordPrintable

Details

    • Sub-task
    • Resolution: Delivered
    • P4
    • 20
    • 11.0.18-oracle, 17.0.6-oracle, 20
    • security-libs

    Backports

      Description

        The `Set` implementation that holds principals and credentials in a JAAS `Subject` prohibits null elements and any attempt to add, query, or remove a null element will result in a `NullPointerException`. This is especially important when trying to remove principals or credentials from the subject at the logout phase but they are null because of a previous failed login. Various JDK `LoginModule` implementations have been fixed to avoid the exception. An Implementation Note has also been added to the `logout()` method of the `LoginModule` interface. Developers should verify, and if necessary update, any custom `LoginModule` implementations to be compliant with this implementation advice.

        Attachments

          Issue Links

            Activity

              People

                weijun Weijun Wang
                weijun Weijun Wang
                Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved: