首頁 探索 說明
註冊 登入
github
/
spring-security
镜像来自 https://github.com/spring-projects/spring-security
2
0
複刻 0
檔案 問題管理 0 Wiki
瀏覽代碼

SEC-2012: Remove incorrect javadoc from UserDetails#getPassword()

Previously the javadoc stated that password could not be null. However,
since the introduction of CredentialsContainer introduced in SEC-1493 the
password can be null.

The changes remove the statement that passwords cannot be null. While this
is a non-passive change to the interface, the current state leaves no choice
for a non-passive change. Removing the javadoc was determined the better
option since erasing the credentials was an explicit feature request. Note
that replacing the password with an obscure String can be risky as it
introduces the risk that the value is used to authenticate.
Rob Winch 13 年之前
父節點
c025e8db46
當前提交
b4fbabdbfd
共有 1 個文件被更改,包括 1 次插入1 次删除
分割檢視 顯示文件統計
  1. 1 1
      core/src/main/java/org/springframework/security/core/userdetails/UserDetails.java

+ 1 - 1
core/src/main/java/org/springframework/security/core/userdetails/UserDetails.java
查看文件 

@@ -55,7 +55,7 @@ public interface UserDetails extends Serializable {
 
     /**
 
      * Returns the password used to authenticate the user. Cannot return <code>null</code>.
 
      *
 
-     * @return the password (never <code>null</code>)
 
+     * @return the password
 
      */
 
     String getPassword();