Code review request: 7201053: Krb5LoginModule shows NPE when both useTicketCache and storeKey are set to true
Weijun Wang
weijun.wang at oracle.com
Wed Sep 26 04:30:52 UTC 2012
Hi All
Please take a look at
http://cr.openjdk.java.net/~weijun/7201053/webrev.00/
In fact, even without this code change, LoginContext would wrap the NPE
inside a LoginException so no real harm will be made. However, it's
always nice to check for null before reference a variable, and an NPE
(no matter as a cause or in the message) is not user friendly.
Thanks
Max
-------- Original Message --------
7201053: Krb5LoginModule shows NPE when both useTicketCache and storeKey
are set to true
=== *Description*
============================================================
useTicketCache normally used in the intiator side, and storeKey on the
acceptor side. When both are set to true, and a valid TGT is found
inside the cache, no password or keytab will be required, and therefore
no key to store.
This combination is useless and should have been set to illegal.
However, some customers simply set a lot of arguments to true and this
will actually work if password or key is used. We don't want to break
their programs.
For this case, when there is no key but storeKey is true, a proper
LoginException should be thrown. This is also consistent with the JDK 6
behavior.
More information about the security-dev
mailing list