I added a CSR at https://bugs.openjdk.java.net/browse/JDK-8232994, please take
a review.
My point is that not only it's useless but it also be misleading, so better
remove than ignore.
Thanks,
Max
> On Oct 24, 2019, at 4:16 PM, Weijun Wang <weijun.w...@oracle.com> wrote:
>
> Please review the patch below:
>
> ---
> a/src/java.security.jgss/share/classes/javax/security/auth/kerberos/KeyTab.java
> +++
> b/src/java.security.jgss/share/classes/javax/security/auth/kerberos/KeyTab.java
> @@ -303,13 +303,11 @@
>
> /**
> * Checks if the keytab file exists. Implementation of this method
> * should make sure that the result matches the latest status of the
> * keytab file.
> - * <p>
> - * The caller can use the result to determine if it should fallback to
> - * another mechanism to read the keys.
> + *
> * @return true if the keytab file exists; false otherwise.
> * @throws SecurityException if a security manager exists and the read
> * access to the keytab file is not permitted
> */
> public boolean exists() {
>
> The spec here is not clear and even our own JGSS SubjectComber looks into
> both KeyTab and KerberosKey and there is no fallback of any kind.
>
> Do you think this is worth a CSR?
>
> Thanks,
> Max
>
