Details
-
Sub-task
-
Resolution: Delivered
-
P4
-
11.0.18-oracle, 17.0.6-oracle, 20
Backports
Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
---|---|---|---|---|---|---|
JDK-8298201 | 17.0.6-oracle | Weijun Wang | P4 | Resolved | Delivered | |
JDK-8295224 | 11.0.18-oracle | Nibedita Jena | P4 | Resolved | Delivered |
Description
The `Set` implementation that holds principals and credentials in a JAAS `Subject` prohibits null elements and any attempt to add, query, or remove a null element will result in a `NullPointerException`. This is especially important when trying to remove principals or credentials from the subject at the logout phase but they are null because of a previous failed login. Various JDK `LoginModule` implementations have been fixed to avoid the exception. An Implementation Note has also been added to the `logout()` method of the `LoginModule` interface. Developers should verify, and if necessary update, any custom `LoginModule` implementations to be compliant with this implementation advice.
Attachments
Issue Links
- backported by
-
JDK-8295224 Release Note: New Implementation Note for LoginModule on Removing Null from a Principals or Credentials Set
- Resolved
-
JDK-8298201 Release Note: New Implementation Note for LoginModule on Removing Null from a Principals or Credentials Set
- Resolved