Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8238266

Subject.getPrincipals(), getPublicCredentials() are inherently unsafe

    XMLWordPrintable

    Details

      Description

      A DESCRIPTION OF THE PROBLEM :
      Subject.getPrincipals(), getPublicCredentials(), and getPrivateCredentials() expose users to non-deterministic behavior if the users try to iterate these collections, because these collections are Collections.synchronizedXxx() wrappers over collections that could be mutated concurrently.

      A possible may be for example to refactor javax.security.auth.Subject so that SecureSet wraps a CopyOnWriteArrayList, which would make external iteration safe.


        Attachments

          Activity

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            webbuggrp Webbug Group
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated: