Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8244165

Subject$SecureSet::contains(null) is suboptimal

    XMLWordPrintable

    Details

    • Type: CSR
    • Status: Closed
    • Priority: P4
    • Resolution: Withdrawn
    • Fix Version/s: None
    • Component/s: security-libs
    • Labels:
      None
    • Subcomponent:
    • Compatibility Kind:
      behavioral
    • Compatibility Risk:
      low
    • Compatibility Risk Description:
      Hide
      Methods modified in this enhancement will behave differently when dealing with null values. This will have no affect on the content of the `Subject` because we have never allowed null components. Methods like `contains` or `remove` will have a behavior change but the affect should be low because it's quite unlikely a program would call these methods on null values. Even if called, we think the modified behavior is safer than the original one.
      Show
      Methods modified in this enhancement will behave differently when dealing with null values. This will have no affect on the content of the `Subject` because we have never allowed null components. Methods like `contains` or `remove` will have a behavior change but the affect should be low because it's quite unlikely a program would call these methods on null values. Even if called, we think the modified behavior is safer than the original one.
    • Interface Kind:
      Java API
    • Scope:
      Implementation

      Description

      Summary

      Enhance several Subject$SecureSet methods to better deal with null values.

      Problem

      Subject$SecureSet is used to store principals and credentials returned by JAAS Subject's getPrincipals(), getPublicCredentials(), and getPrivateCredentials() methods. Since null is not allowed in this set, when contains(null) (and other methods) is called on such a set, an NPE is thown. This is slow comparing to returning null.

      Solution

      Switch from "throw-NPE" to "return false/ignore" when dealing with null values in multiple methods of Subject$SecureSet. Both styles are allowed by the Set interface.

      Precisely,

      1. when calling contains or remove on null, false is returned.
      2. when calling containsAll on a collection containing null, false is returned
      3. when calling removeAll, and retainAll on a collection containing a null value, the null value is ignored.

      Specification

      No spec change.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              weijun Weijun Wang
              Reporter:
              weijun Weijun Wang
              Reviewed By:
              Sean Mullan
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: