rishabhdaim commented on code in PR #2212:
URL: https://github.com/apache/jackrabbit-oak/pull/2212#discussion_r2030687640
##########
oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/AbstractLoginModule.java:
##########
@@ -212,9 +215,8 @@ public void initialize(Subject subject, CallbackHandler
callbackHandler, Map<Str
@Override
public boolean logout() throws LoginException {
boolean success = false;
- Set<Object> creds = ImmutableSet.builder()
- .addAll(subject.getPublicCredentials(Credentials.class))
- .addAll(subject.getPublicCredentials(AuthInfo.class)).build();
+ Set<Object> creds =
Stream.concat(subject.getPublicCredentials(Credentials.class).stream(),
subject.getPublicCredentials(AuthInfo.class).stream())
Review Comment:
Yes, it is only iterated in the same class to destroy these credentials, but
I would say that we should play safe here as well. let me update the ticket to
use `Collections.unmodifiableSet`
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
