8030655: Regression: 14_01 Security fix 8024306 causes test failures
authorweijun
Wed, 15 Jan 2014 11:23:07 +0800
changeset 23913 049a0df69b88
parent 23912 9eab25093a89
child 23914 754ca74db76a
8030655: Regression: 14_01 Security fix 8024306 causes test failures Reviewed-by: mullan, xuelei, ahgross
jdk/src/share/classes/javax/security/auth/Subject.java
--- a/jdk/src/share/classes/javax/security/auth/Subject.java	Mon Nov 25 15:00:36 2013 +0800
+++ b/jdk/src/share/classes/javax/security/auth/Subject.java	Wed Jan 15 11:23:07 2014 +0800
@@ -959,14 +959,30 @@
     /**
      * Reads this object from a stream (i.e., deserializes it)
      */
+    @SuppressWarnings("unchecked")
     private void readObject(java.io.ObjectInputStream s)
                 throws java.io.IOException, ClassNotFoundException {
 
-        s.defaultReadObject();
+        ObjectInputStream.GetField gf = s.readFields();
+
+        readOnly = gf.get("readOnly", false);
+
+        Set<Principal> inputPrincs = (Set<Principal>)gf.get("principals", null);
 
         // Rewrap the principals into a SecureSet
-        principals = Collections.synchronizedSet(new SecureSet<Principal>
-                                (this, PRINCIPAL_SET, principals));
+        if (inputPrincs == null) {
+            throw new NullPointerException
+                (ResourcesMgr.getString("invalid.null.input.s."));
+        }
+        try {
+            principals = Collections.synchronizedSet(new SecureSet<Principal>
+                                (this, PRINCIPAL_SET, inputPrincs));
+        } catch (NullPointerException npe) {
+            // Sometimes people deserialize the principals set only.
+            // Subject is not accessible, so just don't fail.
+            principals = Collections.synchronizedSet
+                        (new SecureSet<Principal>(this, PRINCIPAL_SET));
+        }
 
         // The Credential {@code Set} is not serialized, but we do not
         // want the default deserialization routine to set it to null.