RFR: 8282730: LdapLoginModule throw NPE from logout method after login failure
Weijun Wang
weijun at openjdk.org
Mon Jul 11 21:42:49 UTC 2022
On Fri, 1 Jul 2022 17:31:06 GMT, Weijun Wang <weijun at openjdk.org> wrote:
> Add null-checks in all `LoginModule` implementations. It's possible that an application calls `logout` after a login failure, where most internal variables for principals and credentials are null and removing a null from the `Subject`'s principals and credentials sets will trigger a `NullPointerException`.
New commits pushed. BTW, in the 2nd one, I reverted some `{@code null}` changes since it looks like "null" is used as an adjective here instead of a Java keyword. The same style appears multiple times in other places.
-------------
PR: https://git.openjdk.org/jdk/pull/9348
More information about the serviceability-dev
mailing list