On Sat, 16 Apr 2022 15:45:21 GMT, Xue-Lei Andrew Fan <xue...@openjdk.org> wrote:
> Please review this password cleanup enhancement in the PasswordCallback > implementation. This is one of the effort to clean up the buffered passwords. > > The PasswordCallback.setPassword() clones the password, but is not registered > for cleanup. An application could call clearPassword() for the purpose, but > it would be nice to cleanup the buffer as well if clearPassword() was not > called in an application. And, if the setPassword() get called multiple > times, the clearPassword() should also be called the same times if not > relying on finalization. It could be fragile in practice. Please combine these closely related cases into a single test, preferably with TestNG or JUnit. test/jdk/javax/security/auth/callback/ClearPasswordMethod.java line 53: > 51: System.gc(); > 52: Thread.sleep(100); > 53: } The test could complete more quickly if the loop was exited when whm.size() == 0. And in the other test. ------------- PR: https://git.openjdk.java.net/jdk/pull/8272
