[jboss-jira] [JBoss JIRA] (SECURITY-808) Password not passed into DatabaseServerLoginModule
Stefan Eder (JIRA)
issues at jboss.org
Thu Mar 20 05:52:10 EDT 2014
Stefan Eder created SECURITY-808:
------------------------------------
Summary: Password not passed into DatabaseServerLoginModule
Key: SECURITY-808
URL: https://issues.jboss.org/browse/SECURITY-808
Project: PicketBox
Issue Type: Bug
Security Level: Public (Everyone can see)
Environment: WildFly8 on Windows 7 64-bit
Reporter: Stefan Eder
Assignee: Stefan Guilhen
Priority: Critical
Trying to migrate an application to WildFly (from AS6.1) the migration went pretty smooth except for using the security domain.
The application uses a the ClientLoginModule on the client side and the DatabaseserverLoginModule on the server side.
Though the DatabaseServerLoginModule is called the validation of the password fails. I debugged it and the reason seems to be that in {{org.jboss.security.auth.callback.JBossCallbackHandler.getPassword()}} a {{org.jboss.as.security.remoting.RemotingConnectionCredential at 22341334}} is not handled and hence instead of a password the String {{org.jboss.as.security.remoting.RemotingConnectionCredential at 22341334}} is passed through to the DatabaseLoginModule.
See also [DatabaseServerLoginModule broken?|https://community.jboss.org/message/863295] and the related posts
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list