RFR 8040068 and 8039951: platform-related JAAS login modules on all platforms

Wang Weijun weijun.wang at oracle.com
Sat Apr 19 15:14:50 UTC 2014


On Apr 19, 2014, at 1:14, Sean Mullan <sean.mullan at oracle.com> wrote:

>> In fact, when a login module is not found, an exception will be
>> thrown immediately even if it's marked optional. Now that these
>> modules are available on all platforms, this won't happen anymore. If
>> you think this behavior is incorrect, we can fix it in another bug.
> 
> Is that because before your fix, it would throw NoClassDefFoundError?

It's ClassNotFoundException. In LoginContext.invoke(), only when it's an InvocationTargetException, the code will save the exception and decides what to do depending on if the module is requisite or required or optional.

> 
> I think the new behavior makes more sense and is definitely more user friendly. However, even though it is probably an obscure case, technically it is a change in behavior, so I think you should describe it in the CCC.

OK, I can.

Also I am thinking we should enhance LoginContext so that ClassNotFoundException be treated the same as InvocationTargetException.

Thanks
Max





More information about the security-dev mailing list