On Tue, 12 Jul 2022 17:38:38 GMT, Weijun Wang wrote:
>> Why isn't it sufficient to just call logout once per each login module?
>
> I meant to make the test more real. When there are multiple login modules,
> the principals and credentials sets could be different. For example, the
> `privateCre
On Mon, 11 Jul 2022 21:03:16 GMT, Weijun Wang wrote:
>> test/jdk/javax/security/auth/login/modules/SafeLogout.java line 51:
>>
>>> 49:
>>> 50: static void test(int pos) throws Exception {
>>> 51: // Create random JAAS login config.
>>
>> I'm probably missing something obvious, but
> Add null-checks in all `LoginModule` implementations. It's possible that an
> application calls `logout` after a login failure, where most internal
> variables for principals and credentials are null and removing a null from
> the `Subject`'s principals and credentials sets will trigger a
> `
