Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8293653

PrivateCredentialPermission should not use local variable to enable debugging

XMLWordPrintable

    • Icon: CSR CSR
    • Resolution: Approved
    • Icon: P4 P4
    • 20
    • security-libs
    • None
    • source
    • low
    • Hide
      The Java Object Serial Specification, version 6.0 says the following:

      "Data for classes that occur in the stream, but do not occur in the object, is discarded. For classes that occur in the object, but not in the stream, the class fields are set to default values by default serialization."

      The first sentence describes what happens when an input stream contains the testing boolean and the deserialized object does not: the testing boolean is ignored. The second sentence describes what happens when the input stream does not contain the testing variable and the deserialized object does: the testing boolean is initialized in the deserialized object with a default value of false.

      Removing the testing variable should have no effect on serialization/deserialization.
      Show
      The Java Object Serial Specification, version 6.0 says the following: "Data for classes that occur in the stream, but do not occur in the object, is discarded. For classes that occur in the object, but not in the stream, the class fields are set to default values by default serialization." The first sentence describes what happens when an input stream contains the testing boolean and the deserialized object does not: the testing boolean is ignored. The second sentence describes what happens when the input stream does not contain the testing variable and the deserialized object does: the testing boolean is initialized in the deserialized object with a default value of false. Removing the testing variable should have no effect on serialization/deserialization.
    • Java API
    • SE

      Summary

      Local testing instance variable needs to be removed.

      Problem

      The class contains a testing instance variable that should have been removed before integration. It was not. This CSR proposes removing that variable now.

      Solution

      Remove testing instance variable.

      Specification

      diff a/src/java.base/share/classes/javax/security/auth/PrivateCredentialPermission.java b/src/java.base/share/classes/javax/security/auth/PrivateCredentialPermission.java
--- a/src/java.base/share/classes/javax/security/auth/PrivateCredentialPermission.java
+++ b/src/java.base/share/classes/javax/security/auth/PrivateCredentialPermission.java
@@ -122,15 +122,10 @@
      */
     @SuppressWarnings("serial") // Not statically typed as Serializable
     private Set<Principal> principals;  // ignored - kept around for compatibility
     private transient CredOwner[] credOwners;

-    /**
-     * @serial
-     */
-    private final boolean testing = false;
-
     /**
      * Create a new {@code PrivateCredentialPermission}
      * with the specified {@code credentialClass} and Principals.
      */

            mpowers Mark Powers
            mpowers Mark Powers
            Roger Riggs, Weijun Wang
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: