Bug 1065519 - [GSS] (6.2.x) remote ejb client code converts '$$' to '$' in passwords
Summary: [GSS] (6.2.x) remote ejb client code converts '$$' to '$' in passwords
Alias: None
Product: JBoss Enterprise Application Platform 6
Classification: JBoss
Component: EJB
Version: 6.1.1
Hardware: Unspecified
OS: Unspecified
Target Milestone: CR2
: EAP 6.2.2
Assignee: Derek Horton
QA Contact: Jan Martiska
Russell Dickenson
Depends On: 1045105
Blocks: eap62-cp02-blockers 1065523
TreeView+ depends on / blocked
Reported: 2014-02-14 20:40 UTC by Derek Horton
Modified: 2018-12-04 17:30 UTC (History)
4 users (show)

It was found that password validation could fail under certain circumstances in earlier versions of JBoss EAP. The cause was found to be that the +PropertiesBasedEJBClientConfiguration+ class treated the password as an expression.  As a result, it would attempt to expand any passwords containing the string +$$+. This could result in the passwords differing between the client and the server and, hence, failing validation. A modification has been made to the PropertiesValueResolver so that it no longer attempts to expand password expressions by default. Users can return to earlier behavior by setting the +jboss-ejb-client.expandPasswords+ to +true+ to expand passwords.
Clone Of: 1045105
Last Closed: 2014-06-02 12:50:15 UTC

Attachments (Terms of Use)

External Trackers
Tracker ID Priority Status Summary Last Updated
JBoss Issue Tracker EJBCLIENT-99 Major Resolved Disable property expression expansion in property-based configuration password field 2015-08-03 16:27:16 UTC

Comment 2 Scott Mumford 2014-02-27 01:00:51 UTC
Redrafted Doc Text to prose format.

Comment 3 Scott Mumford 2014-02-27 01:00:52 UTC
Redrafter Doc Text to prose format.

Comment 4 Jan Martiska 2014-03-05 14:22:31 UTC
Verified in 6.2.2.CR2.

Note You need to log in before you can comment on or make changes to this bug.