This exception is indeed never thrown and it's a checked one, so it
makes using Auth.logout heavier then necessary. java-saml already has an
abundance of checked exceptions to handle, some of which could easily
be translated into unchecked ones or caught and recovered cleanly, this
is why I think that, if a useless exception declaration is found, it
should better be removed.
This indeed is a small source-incompatible change as soon as the
consumer code is catching XMLEntityException explicitly (rather than
SAMLException, Exception or Throwable). However, fixing this is trivial,
just remove XMLEntityException from the catch clause (which will never
be triggered anyway).
This exception is indeed never thrown and it's a checked one, so it makes using Auth.logout heavier then necessary. java-saml already has an abundance of checked exceptions to handle, some of which could easily be translated into unchecked ones or caught and recovered cleanly, this is why I think that, if a useless exception declaration is found, it should better be removed. This indeed is a small source-incompatible change as soon as the consumer code is catching XMLEntityException explicitly (rather than SAMLException, Exception or Throwable). However, fixing this is trivial, just remove XMLEntityException from the catch clause (which will never be triggered anyway).