Webrev request: JDK-8015081 (original) (raw)

Wang Weijun weijun.wang at oracle.com
Thu Jun 12 09:40:37 UTC 2014

• Previous message (by thread): Webrev request: JDK-8015081
• Next message (by thread): Webrev request: JDK-8015081
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Why

@@ -968,14 +963,10 @@

     readOnly = gf.get("readOnly", false);

     Set<Principal> inputPrincs = (Set<Principal>)gf.get("principals", null);

     // Rewrap the principals into a SecureSet

•    if (inputPrincs == null) {

•        throw new NullPointerException

•            (ResourcesMgr.getString("invalid.null.input.s."));

•    }
  
     try {
         principals = Collections.synchronizedSet(new SecureSet<Principal>
                             (this, PRINCIPAL_SET, inputPrincs));
     } catch (NullPointerException npe) {
         // Sometimes people deserialize the principals set only.

It looks you accept principals being null in serialized form. (Of course, the new object contains a non-null one).

Thanks Max

On Jun 12, 2014, at 17:26, Jamil Nimeh <jamil.j.nimeh at oracle.com> wrote:

Next round: This one incorporates Weijun's comments and cleans up a couple warnings in the test code.

http://cr.openjdk.java.net/~weijun/8015081/webrev.05/ --Jamil

• Previous message (by thread): Webrev request: JDK-8015081
• Next message (by thread): Webrev request: JDK-8015081
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the security-dev mailing list