Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8298201

Release Note: New Implementation Note for LoginModule on Removing Null from a Principals or Credentials Set

    XMLWordPrintable

Details

    • Backport
    • Resolution: Delivered
    • P4
    • 17.0.6-oracle
    • 17.0.6-oracle
    • security-libs
    • None

    Description

      The `Set` implementation that holds principals and credentials in a JAAS `Subject` prohibits null elements and any attempt to add, query, or remove a null element will result in a `NullPointerException`. This is especially important when trying to remove principals or credentials from the subject at the logout phase but they are null because of a previous failed login. Various JDK `LoginModule` implementations have been fixed to avoid the exception. An Implementation Note has also been added to the `logout()` method of the `LoginModule` interface. Developers should verify and if necessary update any custom `LoginModule` implementations to be compliant with this implementation advice.

      Attachments

        Issue Links

          Activity

            People

              weijun Weijun Wang
              weijun Weijun Wang
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: