Spring Security
  1. Spring Security
  2. SEC-2012

Javadoc for UserDetails.getPassword() says that the password is never null; however it may be

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Minor Minor
    • Resolution: Fixed
    • Affects Version/s: 3.1.0
    • Fix Version/s: 3.1.2
    • Component/s: Docs and Website
    • Labels:
      None

      Description

      The Javadoc for org.springframework.security.core.userdetails.UserDetails.getPassword() says:

      Returns the password used to authenticate the user. Cannot return null.
      
      Returns:
      the password (never null)
      

      However, if the concrete implementation of UserDetails also implements org.springframework.security.core.CredentialsContainer (and this is the case for org.springframework.security.core.userdetails.User, for instance), then the password may actually be null if the credentials have been deleted by a call to org.springframework.security.core.CredentialsContainer.eraseCredentials(). See org.springframework.security.core.userdetails.User.eraseCredentials(), for instance.

        Issue Links

          Activity

          Hide
          Mauro Molinari added a comment -

          Thank you Rob, but please note that you left out the part of the Javadoc that says "Cannot return <code>null</code>.".

          Show
          Mauro Molinari added a comment - Thank you Rob, but please note that you left out the part of the Javadoc that says "Cannot return <code>null</code>.".
          Hide
          Rob Winch added a comment -

          It should be updated in master

          Show
          Rob Winch added a comment - It should be updated in master

            People

            • Assignee:
              Rob Winch
              Reporter:
              Mauro Molinari
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: