[jboss-jira] [JBoss JIRA] (SECURITY-856) org.jboss.security.auth.spi.Util.loadProperties() always uses default properties files
Chao Wang (JIRA)
issues at jboss.org
Tue Sep 9 00:05:59 EDT 2014
Chao Wang created SECURITY-856:
----------------------------------
Summary: org.jboss.security.auth.spi.Util.loadProperties() always uses default properties files
Key: SECURITY-856
URL: https://issues.jboss.org/browse/SECURITY-856
Project: PicketBox
Issue Type: Bug
Components: PicketBox
Affects Versions: PicketBox_4_0_19.SP5, PicketBox_4_0_21.Beta3
Reporter: Chao Wang
Assignee: Chao Wang
https://bugzilla.redhat.com/show_bug.cgi?id=1073814 Descritpion:
In case users.properties (and roles.properties) is defined and exists for org.jboss.security.auth.spi.UsersRolesLoginModule then defaultUsers.properties (and defaultRoles.properties) shouldn't be used for this Login Module (according to documentation they should be used only in case usersProperties or rolesProperties file can not be found) but instead of that content of both file is used.
For reproducing this issue use users.properties with user admin=admin and defaultUsers.properties with admin1=admin1. Both users will be loaded for Login Module but in right behavior only admin user from users.properties should be loaded.
--
This message was sent by Atlassian JIRA
(v6.3.1#6329)
More information about the jboss-jira
mailing list