[jboss-jira] [JBoss JIRA] (WFCORE-82) Defining a HTTP management interface with secure-port or https socket binding but not security realm causes NullPointerException
Darran Lofthouse (JIRA)
issues at jboss.org
Thu Sep 4 12:30:00 EDT 2014
[ https://issues.jboss.org/browse/WFCORE-82?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12999054#comment-12999054 ]
Darran Lofthouse commented on WFCORE-82:
----------------------------------------
Absolutely not - the scope of this is to add validation to fix the NPE. If additional changes are required in this area please raise a new Jira issue but overall these attributes can not be removed in EAP.
> Defining a HTTP management interface with secure-port or https socket binding but not security realm causes NullPointerException
> --------------------------------------------------------------------------------------------------------------------------------
>
> Key: WFCORE-82
> URL: https://issues.jboss.org/browse/WFCORE-82
> Project: WildFly Core
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Components: Domain Management
> Affects Versions: 1.0.0.Alpha5
> Reporter: Darran Lofthouse
> Assignee: Darran Lofthouse
> Fix For: 1.0.0.Alpha6
>
>
> There are actually two checks that need to be performed: -
> 1 - If a secure port is required then a security realm must be associated with the interface.
> 2 - That security realm must supply an SSLContext
> For #1 that can at least be validated in the model at the end of stage MODEL. This will need to be validated for both standalone mode and domain mode - each of these use independent resource definitions.
> #2 will have to wait until RUNTIME where we have the opportunity to check that the injected realm does supply a SSLContext.
--
This message was sent by Atlassian JIRA
(v6.3.1#6329)
More information about the jboss-jira
mailing list