SEC-1372: SessionRegistryImpl.getAllSessions returns null, Interface says it shouldn't #1615

Closed
spring-issuemaster opened this Issue Jan 18, 2010 · 1 comment

1 participant

@spring-issuemaster

Nick Williams (Migrated from SEC-1372) said:

The documentation for org.springframework.security.core.session.SessionRegistry#getAllSessions(Object, boolean) says "Returns: the matching sessions for this principal (should not return null)." However, the default implementation org.springframework.security.core.session.SessionRegistryImpl#getAllSessions(Object, boolean) returns null if "final Set sessionsUsedByPrincipal = principals.get(principal)" is null.

It should, instead, return an empty list, per the interface specification and per good code practices such that methods that return lists should never return null, only empty lists when needed.

@spring-issuemaster

Luke Taylor said:

Makes sense. We should stick to our own contracts, so I've changed it to return an empty list. In practice the null was checked for in classes which consumed this method, so most users should be unaffected.

@spring-issuemaster spring-issuemaster added this to the 3.0.2 milestone Feb 5, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment