Skip to content

SEC-2012: Javadoc for UserDetails.getPassword() says that the password is never null; however it may be #2238

New issue
New issue
Closed
Closed
SEC-2012: Javadoc for UserDetails.getPassword() says that the password is never null; however it may be#2238
Assignees
rwinch
Labels
in: docsAn issue in Documentation or samplestype: bugA general bugtype: jiraAn issue that was migrated from JIRA
Milestone
3.1.2
@spring-projects-issues

Description

@spring-projects-issues
spring-projects-issues
opened on Jul 19, 2012

Mauro Molinari (Migrated from SEC-2012) said:

The Javadoc for org.springframework.security.core.userdetails.UserDetails.getPassword() says:

Returns the password used to authenticate the user. Cannot return null.

Returns:
the password (never null)

However, if the concrete implementation of UserDetails also implements org.springframework.security.core.CredentialsContainer (and this is the case for org.springframework.security.core.userdetails.User, for instance), then the password may actually be null if the credentials have been deleted by a call to org.springframework.security.core.CredentialsContainer.eraseCredentials(). See org.springframework.security.core.userdetails.User.eraseCredentials(), for instance.

Metadata

Metadata

Assignees

Labels

in: docsAn issue in Documentation or samplestype: bugA general bugtype: jiraAn issue that was migrated from JIRA

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions