com.tabtonic.kerberosAREA.UAndPCallbackHandler(String, char[]) may expose internal representation by storing an externally mutable object into UAndPCallbackHandler._password

[nevetS]

Per findbugs:

new com.tabtonic.kerberosAREA.UAndPCallbackHandler(String, char[]) may expose internal representation by storing an externally mutable object into UAndPCallbackHandler._password MALICIOUS_CODE EI_EXPOSE_REP2 54 Medium

EI2: May expose internal representation by incorporating reference to mutable object (EI_EXPOSE_REP2)

This code stores a reference to an externally mutable object into the internal representation of the object. If instances are accessed by untrusted code, and unchecked changes to the mutable object would compromise security or other important properties, you will need to do something different. Storing a copy of the object is better approach in many situations.

[nevetS]

Essentially what was happening here is that char[] arrays can be manipulated/muted by external functions. By creating a clone of the array rather than referencing it directly it is ensured that the callback will receive the same information that was passed to the constructor.