Spring Security
  1. Spring Security
  2. SEC-1372

SessionRegistryImpl.getAllSessions returns null, Interface says it shouldn't

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Minor Minor
    • Resolution: Fixed
    • Affects Version/s: 3.0.0
    • Fix Version/s: 3.0.2
    • Component/s: Core
    • Labels:
      None
    • Environment:
      Windows XP Pro SP 3
      JDK 6 update 17
      Tomcat 6.0.20
      Spring MVC 3.0.0-GA
      Spring Security 3.0.0-GA

      Description

      The documentation for org.springframework.security.core.session.SessionRegistry#getAllSessions(Object, boolean) says "Returns: the matching sessions for this principal (should not return null)." However, the default implementation org.springframework.security.core.session.SessionRegistryImpl#getAllSessions(Object, boolean) returns null if "final Set<String> sessionsUsedByPrincipal = principals.get(principal)" is null.

      It should, instead, return an empty list, per the interface specification and per good code practices such that methods that return lists should never return null, only empty lists when needed.

        Activity

        Hide
        Luke Taylor added a comment -

        Makes sense. We should stick to our own contracts, so I've changed it to return an empty list. In practice the null was checked for in classes which consumed this method, so most users should be unaffected.

        Show
        Luke Taylor added a comment - Makes sense. We should stick to our own contracts, so I've changed it to return an empty list. In practice the null was checked for in classes which consumed this method, so most users should be unaffected.

          People

          • Assignee:
            Luke Taylor
            Reporter:
            Nick Williams
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: