[jboss-jira] [JBoss JIRA] (WFCORE-82) Defining a HTTP management interface with secure-port or https socket binding but not security realm causes NullPointerException
Tomaz Cerar (JIRA)
issues at jboss.org
Thu Sep 4 12:25:00 EDT 2014
[ https://issues.jboss.org/browse/WFCORE-82?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12999051#comment-12999051 ]
Tomaz Cerar commented on WFCORE-82:
-----------------------------------
all non socket-binding attributes (http-port, https-port, interface, secure-interface) need to be removed as they are beyond legacy
and just add more complexity when implementing things like this.
> Defining a HTTP management interface with secure-port or https socket binding but not security realm causes NullPointerException
> --------------------------------------------------------------------------------------------------------------------------------
>
> Key: WFCORE-82
> URL: https://issues.jboss.org/browse/WFCORE-82
> Project: WildFly Core
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Components: Domain Management
> Affects Versions: 1.0.0.Alpha5
> Reporter: Darran Lofthouse
> Assignee: Darran Lofthouse
> Fix For: 1.0.0.Alpha6
>
>
> There are actually two checks that need to be performed: -
> 1 - If a secure port is required then a security realm must be associated with the interface.
> 2 - That security realm must supply an SSLContext
> For #1 that can at least be validated in the model at the end of stage MODEL. This will need to be validated for both standalone mode and domain mode - each of these use independent resource definitions.
> #2 will have to wait until RUNTIME where we have the opportunity to check that the injected realm does supply a SSLContext.
--
This message was sent by Atlassian JIRA
(v6.3.1#6329)
More information about the jboss-jira
mailing list