Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8015081

javax.security.auth.Subject.toString() throws NPE

    Details

    • Subcomponent:
    • Resolved In Build:
      b22
    • Verification:
      Verified

      Description

      FULL PRODUCT VERSION :
      java version " 1.7.0_21 "
      Java(TM) SE Runtime Environment (build 1.7.0_21-b11)
      Java HotSpot(TM) 64-Bit Server VM (build 23.21-b01, mixed mode)

      ADDITIONAL OS VERSION INFORMATION :
      Microsoft Windows [Version 6.1.7601]

      (actually this bug is not OS-specific)

      A DESCRIPTION OF THE PROBLEM :
      There are legal actions to make the state of a Subject incorrect (its toString() method will throw NullPointerException). " Legal " means that this actions don't prohibited technically or via API specification and therefore must leave a Subject in correct state.

      The actions are: add null to public or private credentials of a Subject. I think that nulls are just senseless in this case and therefore should be prohibited, but unfortunately nulls are allowed. So the only way I see to fix the problem and not break backward compatibility is to change Subject.toString() method so it can correctly work with nulls in credentials collections.

      STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
      Create a new instance of javax.security.auth.Subject.
      Get a reference to subject's private credentials by using Subject.getPrivateCredentials() method.
      Add null to the obtained set.
      Invoke Subject.toString() method.

      EXPECTED VERSUS ACTUAL BEHAVIOR :
      EXPECTED -
      subject.toString() must not throw NullPointerException regardless of the state of subject.
      ACTUAL -
      subject.toString() throws NullPointerException if null was added to any of the following collections: subject.getPrivateCredentials(), subject.getPublicCredentials()

      ERROR MESSAGES/STACK TRACES THAT OCCUR :
      Exception in thread " main " java.lang.NullPointerException
      at javax.security.auth.Subject.toString(Subject.java:863)
      at javax.security.auth.Subject.toString(Subject.java:825)
      at com.gl.vn.me.ko.tmp.Main.main(Main.java:11)

      REPRODUCIBILITY :
      This bug can be reproduced always.

      ---------- BEGIN SOURCE ----------
      package com.gl.vn.me.ko.tmp;

      import java.util.Set;
      import javax.security.auth.Subject;

      public class Main {
      public static void main(final String[] args) {
      final Subject subject = new Subject();
      final Set<Object> set = subject.getPrivateCredentials();
      set.add(null);// is not prohibited by an API specification of Set or Subject
      subject.toString();// bug: NullPointerException
      }
      }
      ---------- END SOURCE ----------

      CUSTOMER SUBMITTED WORKAROUND :
      Don't add null to collections obtained from Subject.getPrivateCredentials() or Subject.getPublicCredentials() methods.

        Attachments

          Activity

            People

            • Assignee:
              jnimeh Jamil Nimeh
              Reporter:
              webbuggrp Webbug Group
            • Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: