On Sat, 16 Jul 2022 13:46:58 GMT, Weijun Wang wrote:
>> Add null-checks in all `LoginModule` implementations. It's possible that an
>> application calls `logout` after a login failure, where most internal
>> variables for principals and credentials are null and removing a null from
>> the `Sub
On Sat, 16 Jul 2022 13:46:58 GMT, Weijun Wang wrote:
>> Add null-checks in all `LoginModule` implementations. It's possible that an
>> application calls `logout` after a login failure, where most internal
>> variables for principals and credentials are null and removing a null from
>> the `Sub
> Add null-checks in all `LoginModule` implementations. It's possible that an
> application calls `logout` after a login failure, where most internal
> variables for principals and credentials are null and removing a null from
> the `Subject`'s principals and credentials sets will trigger a
> `
On Tue, 12 Jul 2022 17:38:38 GMT, Weijun Wang wrote:
>> Why isn't it sufficient to just call logout once per each login module?
>
> I meant to make the test more real. When there are multiple login modules,
> the principals and credentials sets could be different. For example, the
> `privateCre
On Mon, 11 Jul 2022 21:03:16 GMT, Weijun Wang wrote:
>> test/jdk/javax/security/auth/login/modules/SafeLogout.java line 51:
>>
>>> 49:
>>> 50: static void test(int pos) throws Exception {
>>> 51: // Create random JAAS login config.
>>
>> I'm probably missing something obvious, but
On Fri, 1 Jul 2022 17:31:06 GMT, Weijun Wang wrote:
> Add null-checks in all `LoginModule` implementations. It's possible that an
> application calls `logout` after a login failure, where most internal
> variables for principals and credentials are null and removing a null from
> the `Subject`
> Add null-checks in all `LoginModule` implementations. It's possible that an
> application calls `logout` after a login failure, where most internal
> variables for principals and credentials are null and removing a null from
> the `Subject`'s principals and credentials sets will trigger a
> `
On Mon, 11 Jul 2022 19:49:13 GMT, Weijun Wang wrote:
>> src/jdk.security.auth/share/classes/com/sun/security/auth/module/UnixLoginModule.java
>> line 289:
>>
>>> 287: subject.getPrincipals().remove(GIDPrincipal);
>>> 288: }
>>> 289: if (supplementaryGroups != null) {
On Mon, 11 Jul 2022 20:09:31 GMT, Sean Mullan wrote:
>> Add null-checks in all `LoginModule` implementations. It's possible that an
>> application calls `logout` after a login failure, where most internal
>> variables for principals and credentials are null and removing a null from
>> the `Sub
On Fri, 1 Jul 2022 17:31:06 GMT, Weijun Wang wrote:
> Add null-checks in all `LoginModule` implementations. It's possible that an
> application calls `logout` after a login failure, where most internal
> variables for principals and credentials are null and removing a null from
> the `Subject`
On Mon, 11 Jul 2022 18:49:26 GMT, Sean Mullan wrote:
>> Add null-checks in all `LoginModule` implementations. It's possible that an
>> application calls `logout` after a login failure, where most internal
>> variables for principals and credentials are null and removing a null from
>> the `Sub
On Fri, 1 Jul 2022 17:31:06 GMT, Weijun Wang wrote:
> Add null-checks in all `LoginModule` implementations. It's possible that an
> application calls `logout` after a login failure, where most internal
> variables for principals and credentials are null and removing a null from
> the `Subject`
Add null-checks in all `LoginModule` implementations. It's possible that an
application calls `logout` after a login failure, where most internal variables
for principals and credentials are null and removing a null from the
`Subject`'s principals and credentials sets will trigger a
`NullPointe
On Fri, 1 Jul 2022 17:31:06 GMT, Weijun Wang wrote:
> Add null-checks in all `LoginModule` implementations. It's possible that an
> application calls `logout` after a login failure, where most internal
> variables for principals and credentials are null and removing a null from
> the `Subject`
14 matches
Mail list logo
