SEC-2012: Remove incorrect javadoc from UserDetails#getPassword()

Previously the javadoc stated that password could not be null. However, since the introduction of CredentialsContainer introduced in SEC-1493 the password can be null. The changes remove the statement that passwords cannot be null. While this is a non-passive change to the interface, the current state leaves no choice for a non-passive change. Removing the javadoc was determined the better option since erasing the credentials was an explicit feature request. Note that replacing the password with an obscure String can be risky as it introduces the risk that the value is used to authenticate.
2012-07-20 15:26:23 -05:00 · 2012-07-20 15:26:23 -05:00 · b4fbabdbfd
parent c025e8db46
commit b4fbabdbfd
1 changed files with 1 additions and 1 deletions
--- a/core/src/main/java/org/springframework/security/core/userdetails/UserDetails.java
+++ b/core/src/main/java/org/springframework/security/core/userdetails/UserDetails.java
@ -55,7 +55,7 @@ public interface UserDetails extends Serializable {
    /**
     * Returns the password used to authenticate the user. Cannot return <code>null</code>.
     *
-     * @return the password (never <code>null</code>)
+     * @return the password
     */
    String getPassword();