Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-5781

[GSS] (7.2.0) JASPIC implementation in JBoss EAP 7.0.0 seems to contradict the javadoc of the ServerAuthModule interface

    XMLWordPrintable

Details

    Description

      The EAP 7.0.0 JASPIC ServerAuthModule framework passes the request policy and response policy objects as null into the initialize() method. The spec and java docs say that both must not be null.

      http://docs.oracle.com/javaee/6/api/javax/security/auth/message/module/ServerAuthModule.html
      https://docs.oracle.com/javaee/7/api/javax/security/auth/message/module/ServerAuthModule.html

      The javadoc and spec says: "The request policy and the response policy must not both be null".

      Wildfly 10.0.0.Final has the same issue.

      Attachments

        Issue Links

          is blocked by

          Bug - A problem that impairs or prevents the functions of the product. SECURITY-958 JASPIC implementation in JBoss EAP 7.0.0 seems to contradict the javadoc of the ServerAuthModule interface

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Open

          Activity

            People

              Unassigned Unassigned
              rhn-support-dehort Derek Horton
              Votes:
              0 Vote for this issue
              Watchers:
              13 Start watching this issue

              Dates

                Created:
                Updated: