Java.net JIRA

security
Key descending
159 of 59 as at: 01/Oct/16 7:36 AM
T Key Summary Assignee Reporter P Status Resolution Created Updated Due
Bug VISUALVM-559

Need user feedback when determined that username/password may be sent via an insecure connection

thurka yardus Major Resolved Fixed  
Improvement UPDATECENTER2-287

Add authentication support for proxy

mnsingh Nazrul Major Resolved Fixed  
Improvement SERVLET_SPEC-114

Standardize authentication modules in Servlet

Unassigned arjan tijms Major Open Unresolved  
Improvement SERVLET_SPEC-65

Add CORS (Cross-Origin Resource Sharing) support in web.xml

Shing Wai Chan Samuel Santos Major Open Unresolved  
Improvement SERVLET_SPEC-63

Consider adding an option to set Strict-Transport-Security header in web.xml

Shing Wai Chan Samuel Santos Major Open Unresolved  
Improvement SERVLET_SPEC-34

Auth constraint that requires a valid user, but does not require any particular role

Shing Wai Chan elygre Major Resolved Fixed  
Task OPENCODER-20

Encryption between web-face and judge

rodiongork rodiongork Major Closed Fixed  
Task OPENCODER-14

Vaadin security for admin panel

rodiongork rodiongork Major Closed Fixed  
Task MVC_SPEC-44

Document Security

Santiago Pericas-Geertsen Santiago Pericas-Geertsen Major Closed Fixed  
Bug METRO-18

ClassCastException while using tubes

Martin Grebac aeai Major Resolved Incomplete  
Sub-task LJUG-76

LJUG-39 Securité basé rôle en J2EE

pascalfares pascalfares Major Resolved Incomplete 03/Jan/13
Bug JERSEY-2374

NullPointerException in OAuth1ClientFeature

Miroslav Fuksa johanvos Major Closed Fixed  
Improvement JERSEY-2342

Introduce an intuitive way to set explicit state from an OAuth2 flow

Unassigned ingenious Trivial Closed Won't Fix  
Bug JERSEY-2061

Client can be forced to connect to a resource with a different set of credentials if previously accessed via HttpURLConnection

Unassigned gdavison Major Closed Won't Fix  
Bug JERSEY-1714

Jersey web services are vulnerable to XXE (entity expansions vector)

Miroslav Fuksa h3xstream Critical Resolved Fixed  
Improvement JERSEY-1160

Initialize SecurityContext for client-authenticated SSL connection

Pavel Bucek CLarrieu Major Closed Fixed  
Task JERSEY-1055

Fix vulnerable sample of code in documentation

Michal Gajdos h3xstream Minor Closed Fixed  
Bug JAWR-334

Path traversal vulnerability

icefox farethewell Critical Closed Fixed  
Bug JAVASERVERFACES-3206

FacesServlet URL-pattern mapping neglects web.xml security configuration

Manfred Riem k0l0ssus Trivial Closed Incomplete  
Bug JAVASERVERFACES-2126

Flash scope cookie enables data exploits

Ed Burns arjan tijms Critical Closed Fixed  
Bug JAVASERVERFACES-2112

sanity check function is not performed in Mojarra

rogerk xj Major Closed Fixed  
New Feature JAVAEE_SPEC-22

Add JASPIC (Servlet Container Profile) to Web Profile

ldemichiel arjan tijms Major Open Unresolved  
New Feature JAVAEE_SECURITY_SPEC-19

Better integration between Servlet's auth-method, JASPIC's auth modules and identity stores

alex.kosowski arjan tijms Major Open Unresolved  
New Feature JAVAEE_SECURITY_SPEC-10

Simplify and standardize authentication & role mapping

alex.kosowski arjan tijms Major Open Unresolved  
New Feature JAVAEE_SECURITY_SPEC-8

Standardize group to role mapping

alex.kosowski arjan tijms Major Open Unresolved  
Bug GLASSFISH-21528

AdminGui does not start after changing master password

Anissa Lam LeoLux Major Open Unresolved  
Bug GLASSFISH-21309

pgk list cannot be executed on Ubuntu 14.04 x64

Snjezana Sevo-Zenzerovic nabizamani Major Open Unresolved  
Improvement GLASSFISH-21308

Support for TLS_FALLBACK_SCSV to prevent downgrade attack

JeffTancill nabizamani Critical Open Unresolved  
Bug GLASSFISH-21307

Secure Client-Initiated Renegotiation cannot be disabled: DoS Danger

JeffTancill nabizamani Critical Open Unresolved  
Bug GLASSFISH-21044

GlassFish module can't use Javac API with security manager / JavaSE8

Nithya Ramakrishnan Romain Grécourt Critical Closed Duplicate  
Bug GLASSFISH-21011

QuickLook fails with security manager ON / jdk7u60 / remote ejb

Nithya Ramakrishnan Romain Grécourt Critical Resolved Fixed  
Bug GLASSFISH-20882

Unable to Authenticate using PAM Realm

Nithya Ramakrishnan heffel Minor Closed Cannot Reproduce  
New Feature GLASSFISH-20874

Support application scoped auth-realms

michael.y.chen emailnbw Major Open Unresolved  
Bug GLASSFISH-20809

Request parameters lost after realm form authentication to access a protected page

Nithya Ramakrishnan Hildeberto Mendonça Major Closed Cannot Reproduce  
Bug GLASSFISH-20038

Revise the XML parser for the permissions.xml file

spei spei Major Resolved Fixed  
Improvement GLASSFISH-19809

usage of internal proprietary API in nucleus/security/core

JeffTancill Romain Grécourt Major Open Unresolved  
Improvement GLASSFISH-19805

usage of internal proprietary API in appserver/security/webintegration

JeffTancill Romain Grécourt Major Open Unresolved  
Improvement GLASSFISH-19802

usage of internal proprietary API in appserver/ejb/ejb.security

michael.y.chen Romain Grécourt Major Open Unresolved  
Improvement GLASSFISH-19800

usage of internal proprietary API in appserver/security/inmemory.jacc.provider

JeffTancill Romain Grécourt Major Open Unresolved  
Improvement GLASSFISH-19799

usage of internal proprietary API in appserver/security/appclient.security

JeffTancill Romain Grécourt Major Open Unresolved  
Improvement GLASSFISH-19798

usage of internal proprietary API in appserver/security/core-ee

JeffTancill Romain Grécourt Major Open Unresolved  
Bug GLASSFISH-18702

"Exception while visiting com/sun/gjc/spi/jdbc40/ConnectionHolder40.class" (root cause: NullPointerException) during an attempt to authenticate.

JeffTancill grunt2000 Major Open Unresolved  
Bug GLASSFISH-18528

RuntimeException thown in a JASPIC swallowed and empty page returned

Nithya Ramakrishnan bjb Major Resolved Fixed  
Bug GLASSFISH-17749

A Dedicated grant{} Section For Applications Should Not Contain Any "Bug-Fixes"

JeffTancill abien Major Open Unresolved  
Bug GLASSFISH-17748

Weld / JSF Is Not Working Without java.lang.reflect.ReflectPermission suppressAccessChecks

Sivakumar Thyagarajan abien Major Resolved Invalid  
Bug GLASSFISH-17747

Weld / JSF Is Not Working Without java.lang.reflect.ReflectPermission suppressAccessChecks

kumarjayanti abien Major Closed Invalid  
Bug GLASSFISH-17547

Implicit / Not-Configurable SocketPermission listen,resolve

kumarjayanti abien Major Closed Works as designed  
Bug GLASSFISH-17529

doPasswordLogin fails LoginException: Security Exception

kumarjayanti fishsticks87 Major Closed Works as designed  
Bug GLASSFISH-17287

[UB]General Vulnerability Assessment -> NonIntrusive -> Web Server

Paul Davies fraggie Major Open Unresolved  
Improvement GLASSFISH-17169

EJBContext#isCallerInRole(String) should not throw IllegalStateException when passed bad role

marina vatkina ljnelson Major Resolved Works as designed  
Bug GLASSFISH-17162

JSR-250 not fully implemented--incomplete list of discoverable security roles

kumarjayanti ljnelson Major Closed Works as designed  
Bug GLASSFISH-17154

Unable to access role-protected remote bean using maven-embedded-glassfish-plugin

sakshi.jain ljnelson Major Open Unresolved  
Bug GLASSFISH-16885

GlassfishRoleMapper in in-memory JACC package cannot work

kumarjayanti ljnelson Major Closed Works as designed  
Bug GLASSFISH-16836

GUI remains blocked when i try to add a new user to realm file . Manage user for security don't work.

gmurr mauro2011 Major Resolved Fixed  
Bug GLASSFISH-16238

could not redeploy web application with libraries - Error in linking security policy for

kumarjayanti pradyut Major Resolved Fixed  
Bug GLASSFISH-15061

[BLOCKING] OAM 11G with LINUX for Basic authentication in the client got failed

kumarjayanti rameshthiyaga Blocker Resolved Fixed  
New Feature EJB_SPEC-48

Programmatic login from within EJB components

marina vatkina arjan tijms Major Open Unresolved  
Bug EASYWEBMIEL-1

java.security.AccessController configuration

chrix21 chrix21 Major Resolved Fixed  
Bug CONNECTOR_SPEC-10

Incorrect non-null constraint for serviceSubject in SecurityContext.setupSecurityContext's javadoc

Sivakumar Thyagarajan Sivakumar Thyagarajan Major Resolved Fixed