[jira] [Commented] (ACCUMULO-3644) [FindBugs] DelegationToken.equals() is not symmetric with PasswordToken.equals()

Fri, 06 Mar 2015 13:49:54 -0800 

    [ 
https://issues.apache.org/jira/browse/ACCUMULO-3644?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14350968#comment-14350968
 ] 

Josh Elser commented on ACCUMULO-3644:
--------------------------------------

{code}
-    if (this == obj)
-      return true;
-    if (obj == null)
-      return false;
-    if (!(obj instanceof DelegationToken))
-      return false;
-    DelegationToken other = (DelegationToken) obj;
-    if (!Arrays.equals(getPassword(), other.getPassword())) {
-      return false;
-    }
-    return identifier.equals(other.identifier);
+    return super.equals(obj) && identifier.equals(((DelegationToken) 
obj).identifier);
{code}

You can't get rid of the {{obj instanceof DelegationToken}} check as this would 
cause a ClassCastException when {{obj}} is null or not a {{DelegationToken}}.

{code}
(obj != null && getClass().equals(obj.getClass())
{code}

As [~kturner] recently pointed out to me, you can more concisely represent this 
with {{obj instanceof PasswordToken}} as it will exhibit the correct semantics 
if {{obj}} is null.

> [FindBugs] DelegationToken.equals() is not symmetric with 
> PasswordToken.equals()
> --------------------------------------------------------------------------------
>
>                 Key: ACCUMULO-3644
>                 URL: https://issues.apache.org/jira/browse/ACCUMULO-3644
>             Project: Accumulo
>          Issue Type: Sub-task
>          Components: client
>            Reporter: Christopher Tubbs
>            Assignee: Christopher Tubbs
>              Labels: findbugs
>             Fix For: 1.7.0
>
>         Attachments: 
> 0001-ACCUMULO-3644-Make-equals-checks-more-strict-for-tok.patch
>
>
> FindBugs at rank 8 warns about DelegationToken overriding PasswordToken, but 
> doing so in a way that makes {{a.equals(b)}} possibly not the same result as 
> {{b.equals(a)}} when one of them is a DelegationToken and one of them isn't.
> I see two fixes:
> # ensure that the entirety of what describes DelegationToken are in the bits 
> checked by PasswordToken and don't override it
> # change PasswordToken so that it doesn't consider subclasses to be equal... 
> they must also be exactly PasswordToken



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to