JDK-6966259 : should a principalname object always have a realm?
  • Type: Enhancement
  • Component: security-libs
  • Sub-Component: org.ietf.jgss:krb5
  • Affected Version: 7
  • Priority: P4
  • Status: Closed
  • Resolution: Fixed
  • OS: generic
  • CPU: generic
  • Submitted: 2010-07-02
  • Updated: 2016-10-27
  • Resolved: 2012-07-24
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 8 Other
8 b49Fixed openjdk7uFixed
Related Reports
Relates :  
Description
When a PrincipalName is created, if there's no "@xxx" section in the name, the default realm defined in krb5.conf is used. Therefore, a PrincipalName created from a string name always has a realm. On the other hand, a PrincipalName created from a DER encoding never has a realm, and no default value is assigned.

Then, in multiple places of JDK, checking on if the realm is null is performed. Obviously this is not about checking if the object is built from DER encoding or strings. For example, in Kinit and TGS-REQ, the client name and service name, respectively, are created from strings, but in both places realm==null is checked. This is useless.

The conclusion is that Realm in PrincipalName is not implemented consistently, or, the design of putting realm info inside principal name is not correct. In the krb5 spec, PrincpalName and Realm are two different data type with no overlapping info.

We should either pull Realm out of PrincipalName, or concrete it when a PrincipalName is created. In either way, both classes should be immutable and all fields final and non-null non-empty.

Comments
changeset has a regression tests sun/security/krb5/name/Constructors.java not failing in last 15 days.
16-04-2013

EVALUATION http://hg.openjdk.java.net/hsx/hotspot-comp/jdk/rev/79b63e8eceda
14-08-2012

EVALUATION http://hg.openjdk.java.net/jdk8/tl/jdk/rev/79b63e8eceda
11-07-2012

EVALUATION Make PrincipalName and Realm immutable, and the realm in PrincipalName is always non-null.
13-07-2010