Details
-
Bug
-
Resolution: Unresolved
-
Major
-
None
-
PicketBox_4_0_21.Final
-
None
Description
According to the spec[1], abort() should return true or throw exception if login() succeeded, and should return false if login() failed. However, abort() of subclasses of org.jboss.security.auth.spi.AbstractServerLoginModule always returns true.
[1]: http://docs.oracle.com/javase/6/docs/technotes/guides/security/jaas/JAASLMDevGuide.html