[jboss-jira] [JBoss JIRA] (SECURITY-750) Database*LoginModules should use the transactionManagerJndiName module option
Stefan Guilhen (JIRA)
jira-events at lists.jboss.org
Fri Aug 30 10:15:04 EDT 2013
[ https://issues.jboss.org/browse/SECURITY-750?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Stefan Guilhen updated SECURITY-750:
------------------------------------
Description:
The DatabaseCertLoginModule and DatabaseServerLoginModule use for role search a routine from a class org.jboss.security.auth.spi.DbUtil. But there is a hardcoded reference to JNDI name for Transaction Manager lookup "java:/TransactionManager" - which is not valid in the EAP 6. The JNDI name should be provided as a parameter.
The login module option "transactionManagerJndiName" is already implemented in the DatabaseServerLoginModule, but it should be also added to the DatabaseCertLoginModule.
> Database*LoginModules should use the transactionManagerJndiName module option
> -----------------------------------------------------------------------------
>
> Key: SECURITY-750
> URL: https://issues.jboss.org/browse/SECURITY-750
> Project: PicketBox
> Issue Type: Enhancement
> Security Level: Public(Everyone can see)
> Components: PicketBox
> Reporter: Stefan Guilhen
> Assignee: Stefan Guilhen
> Fix For: PIcketBox_4_0_19.Final
>
>
> The DatabaseCertLoginModule and DatabaseServerLoginModule use for role search a routine from a class org.jboss.security.auth.spi.DbUtil. But there is a hardcoded reference to JNDI name for Transaction Manager lookup "java:/TransactionManager" - which is not valid in the EAP 6. The JNDI name should be provided as a parameter.
> The login module option "transactionManagerJndiName" is already implemented in the DatabaseServerLoginModule, but it should be also added to the DatabaseCertLoginModule.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list