Red Hat Bugzilla – Bug 961328
Mistakes in Security Guide (in section 16 and Reference)
Last modified: 2014-08-14 11:25:58 EDT
16. Authentication and Authorization
There are two duplicated parts. Part 16.1. is same as 6.3. and part 16.4. is same as 14.5., one of them should be removed.
16.5. Java Authorization Contract for Containers (JACC)
In Example 16.2., there is three times wrong used "s:" in end tag definition, it should be removed (</security-domain> instead of </s:security-domain> etc.)
In Table A.2. Client Module Options, there is ">" in restore-login-identity option, it should be removed ("restore-login-identity" instead of ">restore-login-identity")
In Table A.6. CertificateUsers Module Options, there should be "hashCharset" instead of "hashCharSet" in options
In Table A.16. Ldap Module Options, there is in options used rolesAttributeID, rolesAttributeIsDN and rolesNameAttributeID. However, right name contain "role" instead of "roles", it should be roleAttributeID, roleAttributeIsDN and roleNameAttributeID.
In Table A.25. ConfiguredIdentity Module Options, there is option principal and it has guest as a default value, but option principal hasn't default value. It should be changed to none.
In Table A.29. PropertiesUsers Module Options, PropertiesUsersLoginModule hasn't option properties. I'm not sure, but I think it should be removed.
A.5. jboss-web.xml Configuration Reference
There is wrong web.ml in "Many of the available settings map requirements set in the application's web.ml to local resources." It should be web.xml.
The above issues have been corrected.
The corrections should be visible in the next version on the Docs stage (after revision 1.0-1)
Note: I couldn't find the problematic text in Table A.29. Is it still present?
Amendment: The duplication issues have not be corrected as the problem seems to be more widespread than the instances mentioned here.
A separate bug will likely be created to deal with these duplications. A link will be posted here for QA purposes.
Please change the status to ON_QA when fixed 6.1.1 and 6.2 documentation will be available on stage. We cannot verify changes if it isn't there.
The corrections have been made and are viewable at: http://documentation-devel.engineering.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/6.2/html/Security_Guide/index.html
(the duplicate sections have not been removed as the nature of topic-based authoring means that readers may not progress linearly through the book)
- the duplication of sections (16.1 and 16.4) is not resolved and no link to other tracking BZ is provided
- the problem is still in table A.29:
The PropertiesUsers login module subclasses UsersRoles login module and it supports only following options: usersProperties, defaultUsersProperties
Other issues seems to be fixed.
As mentioned earlier, the duplication of topics is a by-product of non-linear production/consumption practices and is not inherently problematic (only topics duplicated in obvious error need be highlighted).
Table A.29 has been removed from the document.
Moving ticket to MODIFIED pending re-stage. Will progress to ON_QA when available for review.
The updated book (version 2.0-9) is available for review at: