Review: release note for JDK-8015081

Sean Mullan sean.mullan at oracle.com
Thu Jan 26 19:27:25 UTC 2017


In the first sentence I would give the fully qualified name 
(javax.security.auth.Subject) instead of just Subject to provide a bit 
more context. Otherwise, looks good.

--Sean

On 1/19/17 12:14 PM, Jamil Nimeh wrote:
> Hello all,
>
> Please review this one release note that documents a change in behavior
> for the Subject class and it's underlying SecureSet collections:
>
> Original bug: https://bugs.openjdk.java.net/browse/JDK-8015081
> Release note: https://bugs.openjdk.java.net/browse/JDK-8173069
>
> Text of the release note:
> --------------------------------------
> Inputs to Subject class now prohibit null values in the constructors and
> modification operations on the Principal and credential Set objects
> returned by Subject methods.
>
> For the non-default constructor, the principals, pubCredentials, and
> privCredentials parameters may not be null, nor may any element within
> the Sets be null. A NullPointerException will be thrown if null values
> are provided.
>
> For operations performed on Set objects returned by getPrincipals(),
> getPrivateCredentials() and getPublicCredentials(), a
> NullPointerException is thrown under the following conditions:
> * add(), remove(), or contains() provides a null parameter.
> * addAll(), removeAll(), containsAll() or retainsAll() provides a
> Collection containing a null element.
> --------------------------------------
>
> Thanks,
> --Jamil


More information about the security-dev mailing list