On Fri, 1 Jul 2022 17:31:06 GMT, Weijun Wang <[email protected]> wrote:
> Add null-checks in all `LoginModule` implementations. It's possible that an > application calls `logout` after a login failure, where most internal > variables for principals and credentials are null and removing a null from > the `Subject`'s principals and credentials sets will trigger a > `NullPointerException`. This pull request has now been integrated. Changeset: 554f44ec Author: Weijun Wang <[email protected]> URL: https://git.openjdk.org/jdk/commit/554f44ecb1134acff3eaf02e2e1c0e01158ab7e5 Stats: 223 lines in 11 files changed: 151 ins; 2 del; 70 mod 8282730: LdapLoginModule throw NPE from logout method after login failure Reviewed-by: mullan ------------- PR: https://git.openjdk.org/jdk/pull/9348
