[jboss-jira] [JBoss JIRA] (AS7-4310) Re-review: EJB client should not have silet auth enabled by default
jaikiran pai (JIRA)
jira-events at lists.jboss.org
Wed Apr 18 05:44:18 EDT 2012
[ https://issues.jboss.org/browse/AS7-4310?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12685182#comment-12685182 ]
jaikiran pai commented on AS7-4310:
-----------------------------------
Assigning this to myself, since with the changes that went into https://github.com/jbossas/jboss-as/pull/2044, this now becomes more of a EJB client implementation changes task. Darran has mailed me the details on what was changed/implemented in that pull request. I'll review the changes and do the necessary EJB client updates.
> Re-review: EJB client should not have silet auth enabled by default
> -------------------------------------------------------------------
>
> Key: AS7-4310
> URL: https://issues.jboss.org/browse/AS7-4310
> Project: Application Server 7
> Issue Type: Bug
> Components: EJB, Security
> Affects Versions: 7.1.1.Final
> Reporter: Radoslav Husar
> Assignee: jaikiran pai
> Fix For: 7.1.2.Final-redhat1
>
>
> EJB client running on local node can bypass auth by using silet auth. This behaviour should be reviewed whether to be disabled by default.
> See comments
> https://issues.jboss.org/browse/AS7-4309?focusedCommentId=12679945&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-12679945
> https://issues.jboss.org/browse/AS7-4309?focusedCommentId=12679955&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-12679955
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list