Webrev request: JDK-8015081
Wang Weijun
weijun.wang at oracle.com
Thu Jun 12 09:40:37 UTC 2014
Why
@@ -968,14 +963,10 @@
readOnly = gf.get("readOnly", false);
Set<Principal> inputPrincs = (Set<Principal>)gf.get("principals", null);
// Rewrap the principals into a SecureSet
- if (inputPrincs == null) {
- throw new NullPointerException
- (ResourcesMgr.getString("invalid.null.input.s."));
- }
try {
principals = Collections.synchronizedSet(new SecureSet<Principal>
(this, PRINCIPAL_SET, inputPrincs));
} catch (NullPointerException npe) {
// Sometimes people deserialize the principals set only.
It looks you accept principals being null in serialized form. (Of course, the new object contains a non-null one).
Thanks
Max
On Jun 12, 2014, at 17:26, Jamil Nimeh <jamil.j.nimeh at oracle.com> wrote:
> Next round: This one incorporates Weijun's comments and cleans up a couple warnings in the test code.
>
> http://cr.openjdk.java.net/~weijun/8015081/webrev.05/
>
> --Jamil
More information about the security-dev
mailing list