Loading...

XML

Word

Printable

Type: Bug
Resolution: Done
Priority: Critical
Fix Version/s: 7.1.0.DR12
Affects Version/s: None
Component/s: Security
Labels:

CDW devel_ack:
CDW docs_ack:
CDW pm_ack:
CDW qa_ack:
CDW release:
Target Release:

7.1.0.GA
Steps to Reproduce:
Hide

// configure SASL policy using mechanism properties in a way, that the EXTERNAL mech is not supported props = new HashMap(); props.put(Sasl.POLICY_FORWARD_SECRECY, "true"); // following correctly returns no names (empty array) factory.getMechanismNames(props); // following wrongly returns an instantiated ExternalSaslServer instance factory.createSaslServer("EXTERNAL", "test", "localhost", props, null);
Show
// configure SASL policy using mechanism properties in a way, that the EXTERNAL mech is not supported props = new HashMap(); props.put(Sasl.POLICY_FORWARD_SECRECY, " true " ); // following correctly returns no names (empty array) factory.getMechanismNames(props); // following wrongly returns an instantiated ExternalSaslServer instance factory.createSaslServer( "EXTERNAL" , "test" , "localhost" , props, null );

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

The ExternalSaslServerFactory.createSaslServer(String, String, String, Map<String, ?>, CallbackHandler) method returns an instance even for properties, for which getMechanismNames() returns empty array of names.

The ExternalSaslServer instances should only be created if the mechanism is supported for given properties (configuration).

is cloned by

ELY-800 Elytron ExternalSaslServerFactory.createSaslServer should return null for unsupported policies

Resolved

Assignee:: Ilia Vassilev

Reporter:: Josef Cacek (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: 2016/11/28 11:04 AM

Updated:: 2020/09/14 5:39 AM

Resolved:: 2017/02/17 6:00 AM

Details

Description

Attachments

Issue Links

Activity

People

Dates

Hide