Uploaded image for project: 'PicketBox '
  1. PicketBox
  2. SECURITY-958

JASPIC implementation in JBoss EAP 7.0.0 seems to contradict the javadoc of the ServerAuthModule interface

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Major Major
    • None
    • None
    • None
    • None

      The EAP 7.0.0 JASPIC ServerAuthModule framework passes the request policy and response policy objects as null into the initialize() method. The spec and java docs say that both must not be null.
      http://docs.oracle.com/javaee/6/api/javax/security/auth/message/module/ServerAuthModule.html
      https://docs.oracle.com/javaee/7/api/javax/security/auth/message/module/ServerAuthModule.html
      The javadoc and spec says: "The request policy and the response policy must not both be null".
      Wildfly 10.0.0.Final has the same issue.

            Unassigned Unassigned
            elguardian@gmail.com Enrique González Martínez (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated: