https://issues.apache.org/bugzilla/show_bug.cgi?id=49190
Summary: JSR 105 exceptions should not have it's own 'cause'
field
Product: Security
Version: Java 1.4.2
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P2
Component: Signature
AssignedTo: security-dev@xml.apache.org
ReportedBy: zregv...@gmail.com
All of the Exceptions in javax.xml.crypto.** packages are designed so that they
have a Throwable cause field, this is an anti-pattern and should be avoided.
Proper way of containing root cause for the exception is to call
Exception(Throwable cause) or Exception(String message, Throwable cause) super
constructor.
To be fair this is somewhat indicated in the javadocs by the:
"Note that the detail message associated with
* <code>cause</code> is <i>not</i> automatically incorporated in
* this exception's detail message."
but I fail to see the reason for this design decision. The only reason I could
hypothesize is that the root cause could contain sensitive information, but in
that case implementation that threw the exception should not include any
sensitive information, or should appropriately obfuscate the same.
Implementing the exceptions by using appropriate super constructors would
reduce the complexity of the current implementation, and would be inline with
best practices for creating one's own exceptions.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
