Details
-
Bug
-
Resolution: Obsolete
-
Major
-
JBossAS-4.0.3 SP1, JBossAS-4.0.5.GA
-
None
Description
When you create a passwordFile with org.jboss.security.plugins.FilePassword which generates a 16 bytes long
encoded password and afterwards overwrite this file with a shorter password, the second eight bytes of the former
password are still in the file.
When now decode tries to decrypt the password from the passwordFile it reads 16 bytes instead of the correct eight bytes and
throws a BadPaddingException.
Sure, the workaround to delete the file prior to generation is eligible, but wouldn't it be nicer to have it done automatically.
And if it's only for all the newbies, which don't have to debug into that.