JDK-6966259 : should a principalname object always have a realm?
  • Type: Enhancement
  • Component: security-libs
  • Sub-Component: org.ietf.jgss:krb5
  • Affected Version: 7
  • Priority: P4
  • Status: Closed
  • Resolution: Fixed
  • OS: generic
  • CPU: generic
  • Submitted: 2010-07-02
  • Updated: 2016-10-27
  • Resolved: 2012-07-24
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 8 Other
8 b49Fixed openjdk7uFixed
Related Reports
Relates :  
When a PrincipalName is created, if there's no "@xxx" section in the name, the default realm defined in krb5.conf is used. Therefore, a PrincipalName created from a string name always has a realm. On the other hand, a PrincipalName created from a DER encoding never has a realm, and no default value is assigned.

Then, in multiple places of JDK, checking on if the realm is null is performed. Obviously this is not about checking if the object is built from DER encoding or strings. For example, in Kinit and TGS-REQ, the client name and service name, respectively, are created from strings, but in both places realm==null is checked. This is useless.

The conclusion is that Realm in PrincipalName is not implemented consistently, or, the design of putting realm info inside principal name is not correct. In the krb5 spec, PrincpalName and Realm are two different data type with no overlapping info.

We should either pull Realm out of PrincipalName, or concrete it when a PrincipalName is created. In either way, both classes should be immutable and all fields final and non-null non-empty.

changeset has a regression tests sun/security/krb5/name/Constructors.java not failing in last 15 days.

EVALUATION http://hg.openjdk.java.net/hsx/hotspot-comp/jdk/rev/79b63e8eceda

EVALUATION http://hg.openjdk.java.net/jdk8/tl/jdk/rev/79b63e8eceda

EVALUATION Make PrincipalName and Realm immutable, and the realm in PrincipalName is always non-null.