SEC-2012: Javadoc for UserDetails.getPassword() says that the password is never null; however it may be #2238

spring-issuemaster opened this Issue Jul 19, 2012 · 2 comments


None yet
2 participants

Mauro Molinari (Migrated from SEC-2012) said:

The Javadoc for says:

Returns the password used to authenticate the user. Cannot return null.

the password (never null)

However, if the concrete implementation of UserDetails also implements (and this is the case for, for instance), then the password may actually be null if the credentials have been deleted by a call to See, for instance.

Mauro Molinari said:

Thank you Rob, but please note that you left out the part of the Javadoc that says "Cannot return null.".

Rob Winch said:

It should be updated in master

spring-issuemaster added this to the 3.1.2 milestone Feb 5, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment