Back to bug 1045105
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Derek Horton | 2014-01-13 21:36:56 UTC | Target Release | --- | EAP 6.2.2 |
| Blocks | 1049365 | |||
| Carlo de Wolf | 2014-02-11 08:17:20 UTC | Target Release | EAP 6.2.2 | EAP 6.3.0 |
| CC | cdewolf | |||
| Blocks | 1049365 | |||
| Derek Horton | 2014-02-14 20:40:42 UTC | Blocks | 1065519 | |
| Derek Horton | 2014-02-14 20:54:44 UTC | Blocks | 1065525 | |
| Derek Horton | 2014-02-18 21:36:40 UTC | Doc Text | Cause: The PropertiesBasedEJBClientConfiguration treats the password as an expression. As a result, if the password has $$ in it, then the class will attempt to expand the expression. Consequence: This can result in the password getting set as 'bar$$' on the client, but it shows up on the server side as 'bar$'. Fix: Modify the PropertiesValueResolver so that it does not expand password expressions by default. Result: Passwords are not expanded by default. Set the "jboss-ejb-client.expandPasswords" to true to expand passwords. |
|
| Derek Horton | 2014-02-20 15:00:45 UTC | Link ID | JBoss Issue Tracker EJBCLIENT-99 | |
| Derek Horton | 2014-02-20 16:20:31 UTC | Summary | remote ejb client code converts '$$' to '$' in passwords | [GSS] (6.3.0) remote ejb client code converts '$$' to '$' in passwords |
| Nidhi | 2014-05-13 11:06:29 UTC | CC | nsriniva | |
| Docs Contact | rdickens | nsriniva | ||
| Scott Mumford | 2014-05-14 03:31:09 UTC | CC | smumford | |
| Doc Text | Cause: The PropertiesBasedEJBClientConfiguration treats the password as an expression. As a result, if the password has $$ in it, then the class will attempt to expand the expression. Consequence: This can result in the password getting set as 'bar$$' on the client, but it shows up on the server side as 'bar$'. Fix: Modify the PropertiesValueResolver so that it does not expand password expressions by default. Result: Passwords are not expanded by default. Set the "jboss-ejb-client.expandPasswords" to true to expand passwords. | This release of JBoss EAP 6 contains a bug that causes `PropertiesBasedEJBClientConfiguration` to attempt to expand passwords containing a double dollar sign ($$) as if they are an expression. This can result in incorrect passwords being passed between the server and client. This issue is expected to be resolved in a later version of the product. | ||
| Doc Type | Bug Fix | Known Issue | ||
| Jan Martiska | 2014-05-19 08:23:36 UTC | Status | NEW | VERIFIED |
| Scott Mumford | 2014-06-05 04:13:27 UTC | Doc Text | This release of JBoss EAP 6 contains a bug that causes `PropertiesBasedEJBClientConfiguration` to attempt to expand passwords containing a double dollar sign ($$) as if they are an expression. This can result in incorrect passwords being passed between the server and client. This issue is expected to be resolved in a later version of the product. | Previous versions of JBoss EAP 6 carried a bug that caused `PropertiesBasedEJBClientConfiguration` to attempt to expand passwords containing a double dollar sign ($$) as if it was an expression. This could have caused incorrect passwords to be passed between the server and client. The `PropertiesValueREsolver has been modified in this release so that it does not expand passwords by default. This resolves the issue. If expansion is require, it can be enabled by setting`jboss-ejb-client.expandPasswords` to `true`. |
| Doc Type | Known Issue | Bug Fix | ||
| mark yarborough | 2014-06-28 15:31:03 UTC | Status | VERIFIED | CLOSED |
| Resolution | --- | CURRENTRELEASE | ||
| Last Closed | 2014-06-28 11:31:03 UTC | |||
| Scott Mumford | 2014-06-30 02:31:37 UTC | Doc Text | Previous versions of JBoss EAP 6 carried a bug that caused `PropertiesBasedEJBClientConfiguration` to attempt to expand passwords containing a double dollar sign ($$) as if it was an expression. This could have caused incorrect passwords to be passed between the server and client. The `PropertiesValueREsolver has been modified in this release so that it does not expand passwords by default. This resolves the issue. If expansion is require, it can be enabled by setting`jboss-ejb-client.expandPasswords` to `true`. | Previous versions of JBoss EAP 6 carried a bug that caused `PropertiesBasedEJBClientConfiguration` to attempt to expand passwords containing a double dollar sign ($$) as if it was an expression. This could have caused incorrect passwords to be passed between the server and client. The `PropertiesValueResolver` has been modified in this release so that it does not expand passwords by default. This resolves the issue. If expansion is required, it can be enabled by setting`jboss-ejb-client.expandPasswords` to `true`. |
Back to bug 1045105