RFR: 8282730: LdapLoginModule throw NPE from logout method after login failure [v3]
Weijun Wang
weijun at openjdk.org
Mon Jul 18 17:54:09 UTC 2022
On Sat, 16 Jul 2022 13:46:58 GMT, Weijun Wang <weijun at openjdk.org> wrote:
>> Add null-checks in all `LoginModule` implementations. It's possible that an application calls `logout` after a login failure, where most internal variables for principals and credentials are null and removing a null from the `Subject`'s principals and credentials sets will trigger a `NullPointerException`.
>
> Weijun Wang has updated the pull request incrementally with one additional commit since the last revision:
>
> more comment
Thanks. CSR is filed at https://bugs.openjdk.org/browse/JDK-8290119. I've also written a release note at https://bugs.openjdk.org/browse/JDK-8290467. Please take a review.
-------------
PR: https://git.openjdk.org/jdk/pull/9348
More information about the security-dev
mailing list