On Tue, 12 Jul 2022 17:38:38 GMT, Weijun Wang <[email protected]> wrote:
>> Why isn't it sufficient to just call logout once per each login module? > > I meant to make the test more real. When there are multiple login modules, > the principals and credentials sets could be different. For example, the > `privateCredential` NPE in `KeyStoreLoginModule` you found can only happen if > there are other private credentials in the subject. (That said, my test > hasn't been able to caught it because I haven't used a read-only subject). > > How about I add another method in the test for the single login module module? It's probably not necessary, I just wanted to understand your rationale. I would add a comment to the test like what you just explained above for future reference. ------------- PR: https://git.openjdk.org/jdk/pull/9348
