-
Bug
-
Resolution: Done
-
Minor
-
EAP_EWP 5.1.2
-
None
-
all
-
-
Release Notes
-
Low
-
-
Documented as Resolved Issue
-
NEW
auditing is inconsistent: it filters out "authorization" header but does not filter out the "j_password" form field parameter
This got fixed in JBPAPP-8089 for the class:
jbosssx/ src/ main/ java/ org/ jboss/ security/ authorization/ resources/ WebResource.java
Also needs fixing in:
org/ jboss/ web/ tomcat/ security/ WebUtil.java
which is a (broken) copy of the former class method
- is cloned by
-
JBPAPP-8089 auditing is inconsistent: it filters out "authorization" header but does not filter out the "j_password" form field parameter
- Closed