RFR: 8282730: LdapLoginModule throw NPE from logout method after login failure
Weijun Wang
weijun at openjdk.org
Fri Jul 8 04:06:37 UTC 2022
Add null-checks in all `LoginModule` implementations. It's possible that an application calls `logout` after a login failure, where most internal variables for principals and credentials are null and removing a null from the `Subject`'s principals and credentials sets will trigger a `NullPointerException`.
-------------
Commit messages:
- more null check inside collections
- implSpec, some javadoc cstyle change
- the fix
Changes: https://git.openjdk.org/jdk/pull/9348/files
Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=9348&range=00
Issue: https://bugs.openjdk.org/browse/JDK-8282730
Stats: 199 lines in 9 files changed: 148 ins; 2 del; 49 mod
Patch: https://git.openjdk.org/jdk/pull/9348.diff
Fetch: git fetch https://git.openjdk.org/jdk pull/9348/head:pull/9348
PR: https://git.openjdk.org/jdk/pull/9348
More information about the security-dev
mailing list