RFR: 8282730: LdapLoginModule throw NPE from logout method after login failure [v2]
Sean Mullan
mullan at openjdk.org
Tue Jul 12 19:43:46 UTC 2022
On Tue, 12 Jul 2022 17:38:38 GMT, Weijun Wang <weijun at openjdk.org> wrote:
>> Why isn't it sufficient to just call logout once per each login module?
>
> I meant to make the test more real. When there are multiple login modules, the principals and credentials sets could be different. For example, the `privateCredential` NPE in `KeyStoreLoginModule` you found can only happen if there are other private credentials in the subject. (That said, my test hasn't been able to caught it because I haven't used a read-only subject).
>
> How about I add another method in the test for the single login module module?
It's probably not necessary, I just wanted to understand your rationale. I would add a comment to the test like what you just explained above for future reference.
-------------
PR: https://git.openjdk.org/jdk/pull/9348
More information about the serviceability-dev
mailing list