[jboss-jira] [JBoss JIRA] (WFCORE-82) Defining a HTTP management interface with secure-port or https socket binding but not security realm causes NullPointerException

Darran Lofthouse (JIRA) issues at jboss.org
Wed Sep 3 13:24:00 EDT 2014 

     [ https://issues.jboss.org/browse/WFCORE-82?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Darran Lofthouse updated WFCORE-82:
-----------------------------------
    Description: 
There are actually two checks that need to be performed: -
 1 - If a secure port is required then a security realm must be associated with the interface.
 2 - That security realm must supply an SSLContext

For #1 that can at least be validated in the model at the end of stage MODEL.  This will need to be validated for both standalone mode and domain mode - each of these use independent resource definitions.

#2 will have to wait until RUNTIME where we have the opportunity to check that the injected realm does supply a SSLContext.

  was:
There are actually two checks that need to be performed: -
 1 - If a secure port is required then a security realm must be associated with the interface.
 2 - That security realm must supply an SSLContext

For #1 that can at least be validated in the model at the end of stage MODEL.

#2 will have to wait until RUNTIME where we have the opportunity to check that the injected realm does supply a SSLContext.



> Defining a HTTP management interface with secure-port or https socket binding but not security realm causes NullPointerException
> --------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: WFCORE-82
>                 URL: https://issues.jboss.org/browse/WFCORE-82
>             Project: WildFly Core
>          Issue Type: Bug
>      Security Level: Public(Everyone can see) 
>          Components: Domain Management
>    Affects Versions: 1.0.0.Alpha5
>            Reporter: Darran Lofthouse
>            Assignee: Darran Lofthouse
>             Fix For: 1.0.0.Alpha6
>
>
> There are actually two checks that need to be performed: -
>  1 - If a secure port is required then a security realm must be associated with the interface.
>  2 - That security realm must supply an SSLContext
> For #1 that can at least be validated in the model at the end of stage MODEL.  This will need to be validated for both standalone mode and domain mode - each of these use independent resource definitions.
> #2 will have to wait until RUNTIME where we have the opportunity to check that the injected realm does supply a SSLContext.



--
This message was sent by Atlassian JIRA
(v6.3.1#6329)

More information about the jboss-jira mailing list