Enrique González Martínez created SECURITY-958: -------------------------------------------------- Summary: JASPIC implementation in JBoss EAP 7.0.0 seems to contradict the javadoc of the ServerAuthModule interface Key: SECURITY-958 URL: https://issues.jboss.org/browse/SECURITY-958 Project: PicketBox Issue Type: Bug Reporter: Enrique González Martínez Assignee: Enrique González Martínez The EAP 7.0.0 JASPIC ServerAuthModule framework passes the request policy and response policy objects as null into the initialize() method. The spec and java docs say that both must not be null. http://docs.oracle.com/javaee/6/api/javax/security/auth/message/module/Se... https://docs.oracle.com/javaee/7/api/javax/security/auth/message/module/S... The javadoc and spec says: "The request policy and the response policy must not both be null". Wildfly 10.0.0.Final has the same issue. -- This message was sent by Atlassian JIRA (v6.4.11#64026)