JDK-8228419 : Default implementation of Destroyable.destroy should not throw exception
  • Type: Enhancement
  • Component: security-libs
  • Sub-Component: javax.security
  • Affected Version: 11,13
  • Priority: P4
  • Status: Resolved
  • Resolution: Won't Fix
  • Submitted: 2019-07-16
  • Updated: 2022-04-26
  • Resolved: 2022-04-26
Related Reports
Relates :  
JDK-6263419 - No way to clean the memory for a java.security.Key
Description
A DESCRIPTION OF THE PROBLEM :
The default implementation of javax.security.auth.Destroyable implements
- isDestroyed() to return false
- destroy() to throw an exception

This is a very awkward combination because it prevents writing code which handles Destroyables in general. The user whould need to know what kind of Destroyable they are dealing with before trying to destroy it.

For example when using the following:

if (!destroyable.isDestroyed()) {
    destroyable.destroy();
}

When an DestroyFailedException is thrown the reason could be that the class does not override the Destroyable methods. In this case there is nothing the caller can do to handle this correctly. They have to treat it as destruction failure even though it isn't one.
Comments
Changing the default implementation to not throw an exception is worse in my opinion because it could give a false indication that the results were actually destroyed when they were not.
26-04-2022
Triaging for now, but not really sure if the suggestion is the right thing to do.
24-07-2019