[jboss-jira] [JBoss JIRA] (SECURITY-958) JASPIC implementation in JBoss EAP 7.0.0 seems to contradict the javadoc of the ServerAuthModule interface
Darran Lofthouse (JIRA)
issues at jboss.org
Wed Jan 17 12:48:00 EST 2018
[ https://issues.jboss.org/browse/SECURITY-958?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Darran Lofthouse reassigned SECURITY-958:
-----------------------------------------
Assignee: Darran Lofthouse (was: Enrique González Martínez)
> JASPIC implementation in JBoss EAP 7.0.0 seems to contradict the javadoc of the ServerAuthModule interface
> ----------------------------------------------------------------------------------------------------------
>
> Key: SECURITY-958
> URL: https://issues.jboss.org/browse/SECURITY-958
> Project: PicketBox
> Issue Type: Bug
> Reporter: Enrique González Martínez
> Assignee: Darran Lofthouse
>
> The EAP 7.0.0 JASPIC ServerAuthModule framework passes the request policy and response policy objects as null into the initialize() method. The spec and java docs say that both must not be null.
> http://docs.oracle.com/javaee/6/api/javax/security/auth/message/module/ServerAuthModule.html
> https://docs.oracle.com/javaee/7/api/javax/security/auth/message/module/ServerAuthModule.html
> The javadoc and spec says: "The request policy and the response policy must not both be null".
> Wildfly 10.0.0.Final has the same issue.
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
More information about the jboss-jira
mailing list