Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 2.0
    • Fix Version/s: JMS 2.0 rev A
    • Labels:
      None

      Description

      The JMS 2.0 specification, section 12.4.3 "Injection syntax" includes an example of the use of password aliases in Java EE. Although password aliases were discussed for Java EE they were not included in the final release, so the example should be removed.

        Activity

        Nigel Deakin created issue -
        Nigel Deakin made changes -
        Field Original Value New Value
        Tags jms20-bug jms20-errata
        Nigel Deakin made changes -
        Description The JMS 2.0 specification includes the following reference to password aliases in Java EE:

        {quote}
        Since it is undesirable to hardcode clear text passwords in an application, the password may be specified as an alias:

        {noformat}
        @Inject
        @JMSPasswordCredential(
           username="admin",
           password="${ALIAS=myAdminPassword}")
        private JMSContext context;
        {noformat}

        The use of a password alias allows the password to be defined in a secure manner separately from the application. See the Java EE 7 platform specification for more information on password aliases.
        {quote}

        Although password aliases were discussed for Java EE they were not included in the final release, so this reference is incorrect and should be removed.
        The JMS 2.0 specification, section 12.4.3 "Injection syntax" includes the following reference to password aliases in Java EE:

        {quote}
        Since it is undesirable to hardcode clear text passwords in an application, the password may be specified as an alias:

        {noformat}
        @Inject
        @JMSPasswordCredential(
           username="admin",
           password="${ALIAS=myAdminPassword}")
        private JMSContext context;
        {noformat}

        The use of a password alias allows the password to be defined in a secure manner separately from the application. See the Java EE 7 platform specification for more information on password aliases.
        {quote}

        Although password aliases were discussed for Java EE they were not included in the final release, so this reference is incorrect and should be removed.
        Nigel Deakin made changes -
        Description The JMS 2.0 specification, section 12.4.3 "Injection syntax" includes the following reference to password aliases in Java EE:

        {quote}
        Since it is undesirable to hardcode clear text passwords in an application, the password may be specified as an alias:

        {noformat}
        @Inject
        @JMSPasswordCredential(
           username="admin",
           password="${ALIAS=myAdminPassword}")
        private JMSContext context;
        {noformat}

        The use of a password alias allows the password to be defined in a secure manner separately from the application. See the Java EE 7 platform specification for more information on password aliases.
        {quote}

        Although password aliases were discussed for Java EE they were not included in the final release, so this reference is incorrect and should be removed.
        The JMS 2.0 specification, section 12.4.3 "Injection syntax" includes the following reference to password aliases in Java EE. Although password aliases were discussed for Java EE they were not included in the final release, so the following text is incorrect and should be removed.

        {quote}
        Since it is undesirable to hardcode clear text passwords in an application, the password may be specified as an alias:

        {noformat}
        @Inject
        @JMSPasswordCredential(
           username="admin",
           password="${ALIAS=myAdminPassword}")
        private JMSContext context;
        {noformat}

        The use of a password alias allows the password to be defined in a secure manner separately from the application. See the Java EE 7 platform specification for more information on password aliases.
        {quote}

        Nigel Deakin made changes -
        Description The JMS 2.0 specification, section 12.4.3 "Injection syntax" includes the following reference to password aliases in Java EE. Although password aliases were discussed for Java EE they were not included in the final release, so the following text is incorrect and should be removed.

        {quote}
        Since it is undesirable to hardcode clear text passwords in an application, the password may be specified as an alias:

        {noformat}
        @Inject
        @JMSPasswordCredential(
           username="admin",
           password="${ALIAS=myAdminPassword}")
        private JMSContext context;
        {noformat}

        The use of a password alias allows the password to be defined in a secure manner separately from the application. See the Java EE 7 platform specification for more information on password aliases.
        {quote}

        The JMS 2.0 specification, section 12.4.3 "Injection syntax" includes an example of the use of password aliases in Java EE. Although password aliases were discussed for Java EE they were not included in the final release, so the example should be removed.
        Hide
        Nigel Deakin added a comment -

        Proposed change

        In the JMS 2.0 specification, section 12.4.3 "Injection syntax", delete the following text:

        Since it is undesirable to hardcode clear text passwords in an application, the password may be specified as an alias:

        @Inject
        @JMSPasswordCredential(
           username="admin",
           password="${ALIAS=myAdminPassword}")
        private JMSContext context;
        

        The use of a password alias allows the password to be defined in a secure manner separately from the application. See the Java EE 7 platform specification for more information on password aliases.

        Show
        Nigel Deakin added a comment - Proposed change In the JMS 2.0 specification, section 12.4.3 "Injection syntax", delete the following text: Since it is undesirable to hardcode clear text passwords in an application, the password may be specified as an alias: @Inject @JMSPasswordCredential( username="admin", password="${ALIAS=myAdminPassword}") private JMSContext context; The use of a password alias allows the password to be defined in a secure manner separately from the application. See the Java EE 7 platform specification for more information on password aliases.
        Hide
        Nigel Deakin added a comment -

        I have updated the specification in the source code repository. PDF may be downloaded here.

        Show
        Nigel Deakin added a comment - I have updated the specification in the source code repository. PDF may be downloaded here .
        Hide
        Nigel Deakin added a comment -

        Fixed in the JMS 2.0 rev A maintenance release

        Show
        Nigel Deakin added a comment - Fixed in the JMS 2.0 rev A maintenance release
        Nigel Deakin made changes -
        Status Open [ 1 ] Closed [ 6 ]
        Fix Version/s JMS 2.0 rev A [ 17297 ]
        Resolution Fixed [ 1 ]

          People

          • Assignee:
            Unassigned
            Reporter:
            Nigel Deakin
          • Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: