[jboss-jira] [JBoss JIRA] (SECURITY-958) JASPIC implementation in JBoss EAP 7.0.0 seems to contradict the javadoc of the ServerAuthModule interface
Darran Lofthouse (Jira)
issues at jboss.org
Wed May 13 12:19:48 EDT 2020
[ https://issues.redhat.com/browse/SECURITY-958?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Darran Lofthouse reassigned SECURITY-958:
-----------------------------------------
Assignee: (was: Darran Lofthouse)
> JASPIC implementation in JBoss EAP 7.0.0 seems to contradict the javadoc of the ServerAuthModule interface
> ----------------------------------------------------------------------------------------------------------
>
> Key: SECURITY-958
> URL: https://issues.redhat.com/browse/SECURITY-958
> Project: PicketBox
> Issue Type: Bug
> Reporter: Enrique González Martínez
> Priority: Major
>
> The EAP 7.0.0 JASPIC ServerAuthModule framework passes the request policy and response policy objects as null into the initialize() method. The spec and java docs say that both must not be null.
> http://docs.oracle.com/javaee/6/api/javax/security/auth/message/module/ServerAuthModule.html
> https://docs.oracle.com/javaee/7/api/javax/security/auth/message/module/ServerAuthModule.html
> The javadoc and spec says: "The request policy and the response policy must not both be null".
> Wildfly 10.0.0.Final has the same issue.
--
This message was sent by Atlassian Jira
(v7.13.8#713008)
More information about the jboss-jira
mailing list