RFR: 8282730: LdapLoginModule throw NPE from logout method after login failure

Weijun Wang weijun at openjdk.org
Fri Jul 8 04:06:37 UTC 2022


Add null-checks in all `LoginModule` implementations. It's possible that an application calls `logout` after a login failure, where most internal variables for principals and credentials are null and removing a null from the `Subject`'s principals and credentials sets will trigger a `NullPointerException`.

-------------

Commit messages:
 - more null check inside collections
 - implSpec, some javadoc cstyle change
 - the fix

Changes: https://git.openjdk.org/jdk/pull/9348/files
 Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=9348&range=00
  Issue: https://bugs.openjdk.org/browse/JDK-8282730
  Stats: 199 lines in 9 files changed: 148 ins; 2 del; 49 mod
  Patch: https://git.openjdk.org/jdk/pull/9348.diff
  Fetch: git fetch https://git.openjdk.org/jdk pull/9348/head:pull/9348

PR: https://git.openjdk.org/jdk/pull/9348



More information about the security-dev mailing list