Integrated: 8282730: LdapLoginModule throw NPE from logout method after login failure
Weijun Wang
weijun at openjdk.org
Mon Aug 1 22:31:04 UTC 2022
On Fri, 1 Jul 2022 17:31:06 GMT, Weijun Wang <weijun at openjdk.org> wrote:
> Add null-checks in all `LoginModule` implementations. It's possible that an application calls `logout` after a login failure, where most internal variables for principals and credentials are null and removing a null from the `Subject`'s principals and credentials sets will trigger a `NullPointerException`.
This pull request has now been integrated.
Changeset: 554f44ec
Author: Weijun Wang <weijun at openjdk.org>
URL: https://git.openjdk.org/jdk/commit/554f44ecb1134acff3eaf02e2e1c0e01158ab7e5
Stats: 223 lines in 11 files changed: 151 ins; 2 del; 70 mod
8282730: LdapLoginModule throw NPE from logout method after login failure
Reviewed-by: mullan
-------------
PR: https://git.openjdk.org/jdk/pull/9348
More information about the security-dev
mailing list