[jboss-jira] [JBoss JIRA] (SECURITY-958) JASPIC implementation in JBoss EAP 7.0.0 seems to contradict the javadoc of the ServerAuthModule interface

Fri Sep 23 02:56:00 EDT 2016

Enrique González Martínez created SECURITY-958:
--------------------------------------------------

             Summary: JASPIC implementation in JBoss EAP 7.0.0 seems to contradict the javadoc of the ServerAuthModule interface
                 Key: SECURITY-958
                 URL: https://issues.jboss.org/browse/SECURITY-958
             Project: PicketBox 
          Issue Type: Bug
            Reporter: Enrique González Martínez
            Assignee: Enrique González Martínez

The EAP 7.0.0 JASPIC ServerAuthModule framework passes the request policy and response policy objects as null into the initialize() method. The spec and java docs say that both must not be null.
http://docs.oracle.com/javaee/6/api/javax/security/auth/message/module/ServerAuthModule.html
https://docs.oracle.com/javaee/7/api/javax/security/auth/message/module/ServerAuthModule.html
The javadoc and spec says: "The request policy and the response policy must not both be null".
Wildfly 10.0.0.Final has the same issue.

--
This message was sent by Atlassian JIRA
(v6.4.11#64026)