Java.net JIRA

glassfish
security
Unresolved
Updated descending
1152 of 152 as at: 01/Sep/15 1:50 PM
T Key Summary Assignee Reporter P Status Resolution Created Updated Due
Bug GLASSFISH-21416

CA certs trust store out of date

Masoud Kalali cplummer Major Open Unresolved  
Bug GLASSFISH-21398

j_security_check protection too restrictive

JeffTancill xwibao Major Open Unresolved  
Improvement GLASSFISH-21373

SPNEGO Support

JeffTancill slominskir Major Open Unresolved  
Bug GLASSFISH-21367

Glassfish prevents applications from using bundled JNA

Sanjeeb Sahoo emailnbw Major Open Unresolved  
Bug GLASSFISH-18993

RealmAdapter.createFailOveredPrincipal results in excepcion when LdapRealm is used

JeffTancill rickyepoderi Major Open Unresolved  
Bug GLASSFISH-21313

Ordering of Cipher Suites kills Forward Secrecy with major browsers

JeffTancill nabizamani Critical Open Unresolved  
Bug GLASSFISH-21307

Secure Client-Initiated Renegotiation cannot be disabled: DoS Danger

JeffTancill nabizamani Critical Open Unresolved  
Improvement GLASSFISH-21308

Support for TLS_FALLBACK_SCSV to prevent downgrade attack

JeffTancill nabizamani Critical Open Unresolved  
Bug GLASSFISH-20689

@runAs annotation fails when ejb is called from servlet during deplyment

Nithya Ramakrishnan rsoika Major Open Unresolved  
Bug GLASSFISH-20692

The message "jaccfactory.notfound" in WebSecurityManager is not defined in the property File.

JeffTancill xianwu Major Open Unresolved  
Bug GLASSFISH-21025

Expired certificate: GTE CyberTrust

Nithya Ramakrishnan mkarg Major Reopened Unresolved  
Bug GLASSFISH-16264

Embedded GF 3.1 (re)deployment with EJBContainer causes exception: Error linking security policy for ejb-timer-service-app

JeffTancill emailnbw Major Reopened Unresolved  
Bug GLASSFISH-19790

configure-ldap-for-admin should be investigated such that the default security service configuration is updated when switching admin realm to LDAP.

JeffTancill JeffTancill Minor Open Unresolved  
Bug GLASSFISH-14860

create-file-user should allow specifying target

kumarjayanti Anissa Lam Minor Reopened Unresolved  
Improvement GLASSFISH-20182

configure-ldap-for-admin command should allow the full set of LDAP configuration, not just basedn and ldap-group

JeffTancill Tim Quinn Minor Open Unresolved  
Bug GLASSFISH-21129

User ID in File security realm affects role mapping

Srini tremes Major Open Unresolved  
Improvement GLASSFISH-1861

Make default RMI registry secure

JeffTancill km Major Open Unresolved  
Bug GLASSFISH-3850

Changing default realm does not indicate that a server restart required

JeffTancill r_sudh Minor Open Unresolved  
Bug GLASSFISH-3967

Method RegStoreFileParser.getPersistedEntries() is not thread safe

JeffTancill aarongreenhouse Minor Open Unresolved  
Improvement GLASSFISH-4757

asadmin: provide CLI to modify login.conf

JeffTancill elkner Major Open Unresolved  
Bug GLASSFISH-5250

Stability tests using SSL listener results in crash

JeffTancill nphilipp Minor Open Unresolved  
New Feature GLASSFISH-9289

SecurityContext return PrincipalImpl for custom login and realm

JeffTancill maisonneuve_michel Minor Open Unresolved  
Bug GLASSFISH-10572

application deployment failures with errors in finding security package classes

JeffTancill sankarpn Major Open Unresolved  
Bug GLASSFISH-11081

Username null in access log for EJB WebService

JeffTancill sauvage Major Open Unresolved  
Bug GLASSFISH-11624

delay session creation until after user-data-constraint is enforced on login page

JeffTancill monzillo Major Open Unresolved  
Bug GLASSFISH-11808

logout is missing in security audit module

JeffTancill Shing Wai Chan Major Open Unresolved  
Bug GLASSFISH-12753

ProgrammaticLogin: Long running first method call

JeffTancill lft Major Open Unresolved  
Bug GLASSFISH-13389

UTF-8 fails in JDBC principal name

JeffTancill tmpsa Major Open Unresolved  
Bug GLASSFISH-15042

There is no command to delete message security config

JeffTancill Anissa Lam Major Open Unresolved  
Improvement GLASSFISH-15453

The code in CLI commands in security should be restructured a bit

Nithya Ramakrishnan kumarjayanti Major Open Unresolved  
Bug GLASSFISH-16038

Don't send port 443 on HTTPS redirect

JeffTancill ryanitus Minor Open Unresolved  
Bug GLASSFISH-16093

Rest conversion and CLI based design breaks automatic usermanagement for realms that do not extend FileRealm

JeffTancill kumarjayanti Major Open Unresolved  
Bug GLASSFISH-16281

Glassfish 3.1 Certificate Login from standalone client fails if using a AppservCertificateLoginModule

JeffTancill james100 Major Open Unresolved  
Bug GLASSFISH-16461

Changing Digest Algorithm with an existing security (authentication) realm is not possible.

JeffTancill myfear Minor Open Unresolved  
Bug GLASSFISH-16463

Specifying a Security Algorithm which is not a MessageDigest Type leads to misleading error message (JDBCRealm)

JeffTancill myfear Minor Open Unresolved  
New Feature GLASSFISH-16475

Enhance existing LDAP Realm or define a new LDAP Realm which handles Failover...

JeffTancill kumarjayanti Major Open Unresolved  
Bug GLASSFISH-16861

hard-coded message with no message ID

JeffTancill Dies Koper Minor Open Unresolved  
New Feature GLASSFISH-17026

ACC should not exit after authentication failure

JeffTancill mkarg Major Open Unresolved  
New Feature GLASSFISH-17105

Dynamic mapping of roles to groups

JeffTancill mkarg Major Open Unresolved  
Improvement GLASSFISH-17225

Better Default Audit Module

JeffTancill tmpsa Minor Open Unresolved  
Improvement GLASSFISH-17370

GlassFish requires the keystore to have the same password as the truststore.

JeffTancill Amy Roh Major Open Unresolved  
Bug GLASSFISH-17749

A Dedicated grant{} Section For Applications Should Not Contain Any "Bug-Fixes"

JeffTancill abien Major Open Unresolved  
Improvement GLASSFISH-17883

Deal with missing security-role-mapping in a better way.

JeffTancill vince kraemer Major Open Unresolved  
Improvement GLASSFISH-17884

provide warning when a security-role-mapping is bogus

JeffTancill vince kraemer Major Open Unresolved  
Bug GLASSFISH-18175

The key-store, trust-store element in ssl protocol element are not working

JeffTancill Shing Wai Chan Major Open Unresolved  
Bug GLASSFISH-18269

[intermittent] SSLHandshakeException message on deploy; "PortUnification exception. java.lang.NoClassDefFoundError: javax/crypto/SunJCE_b" in the instance log

JeffTancill varunrupela Minor Open Unresolved  
Bug GLASSFISH-18285

wrong caller principal in @PermitAll annotated call

JeffTancill andydr Major Open Unresolved  
Bug GLASSFISH-18297

security module prevents the domain to start when javax.ejb is not in module directory

JeffTancill Romain Grécourt Major Open Unresolved  
Bug GLASSFISH-18315

admin console prompts for username password when using glassfish with karaf

JeffTancill Sanjeeb Sahoo Major Open Unresolved  
Bug GLASSFISH-18455

Loading truststore fails if the truststore contains an expired cert

JeffTancill Tim Quinn Major Open Unresolved  
Bug GLASSFISH-18556

Characters out of JASPIC GroupPrincipalCallback

JeffTancill bjb Critical Open Unresolved  
Bug GLASSFISH-18602

HTTP Redirect port is ignored if listener port is 80

JeffTancill emmanueldufour Major Open Unresolved  
Improvement GLASSFISH-18669

CONSIDER ALLOWING A CHOICE BETWEEN USING THE JKS AND JCEKS KEYSTORE FORMATS

JeffTancill tecknobabble Minor Open Unresolved  
Bug GLASSFISH-18702

"Exception while visiting com/sun/gjc/spi/jdbc40/ConnectionHolder40.class" (root cause: NullPointerException) during an attempt to authenticate.

JeffTancill grunt2000 Major Open Unresolved  
Bug GLASSFISH-18901

Redirect to originating page fails after authentication

JeffTancill gerrycata Major Open Unresolved  
Bug GLASSFISH-18996

More than maximum number of characters can be entered for create-file-user

JeffTancill tak09 Minor Open Unresolved  
Bug GLASSFISH-19064

Glassfish unreasonably denies access to JSF page with HTTP 403, restarting the domain fixes the problem

JeffTancill arash1988 Major Open Unresolved  
Bug GLASSFISH-19102

Creating (misscofigured) jdbcRealm disables usage of other secure Realm

JeffTancill Erwin37 Major Open Unresolved  
Bug GLASSFISH-19138

Unable to configure/bind acustom ldap context with user credentials

JeffTancill rsoika Major Open Unresolved  
Bug GLASSFISH-19349

Choosing SSL cipher suites in GlassFish admin GUI results in many "Unrecognized cipher" warnings in GlassFish log

JeffTancill rdelaplante Major Open Unresolved  
Bug GLASSFISH-19437

Open-source Az* implementations are incomplete - cannot get resource/action name

JeffTancill Tim Quinn Major Open Unresolved  
Bug GLASSFISH-19686

Java EE security classes are part of nucleus

JeffTancill Sanjeeb Sahoo Major Open Unresolved  
Bug GLASSFISH-20063

GUI cannot handle mulitbyte char in the login page

JeffTancill Anissa Lam Major Open Unresolved  
Bug GLASSFISH-20336

ejb.security_preinvoke_exception for security devtests

JeffTancill Craig Perez Major Open Unresolved  
Bug GLASSFISH-20337

security devtests jmac failure

JeffTancill Craig Perez Major Open Unresolved  
Bug GLASSFISH-20338

security devtests ciphertest failures

JeffTancill Craig Perez Major Open Unresolved  
Bug GLASSFISH-20339

security devtests wss roles failures

JeffTancill Craig Perez Major Open Unresolved  
Bug GLASSFISH-20363

security devtests cert-realm-custom-loginmodule failure

JeffTancill Craig Perez Major Open Unresolved  
Bug GLASSFISH-20377

Unable to create file users after changing key file of the file realm

JeffTancill winston_jack Major Open Unresolved  
Bug GLASSFISH-20485

appclient -user xxx option is ignored unless -passwordfile is given

JeffTancill mkarg Major Open Unresolved  
Bug GLASSFISH-20588

Principal Classes have serious problems

Craig Perez Byron Nevins Major Open Unresolved  
Bug GLASSFISH-20589

AzResource URI Path encoding problems

Tim Quinn Craig Perez Major Open Unresolved  
Bug GLASSFISH-20841

GlassFish submits wrong Client certificate and throws bad_certificate SSL error from Webservice

JeffTancill gfuser9999 Major Open Unresolved  
New Feature GLASSFISH-20869

Provide a way to change SSO cookie name

JeffTancill haducloc13 Major Open Unresolved  
Bug GLASSFISH-21035

FileRealm.getGroupNames throws NPE when user does not exist.

JeffTancill Stephen Davies Minor Open Unresolved  
Bug GLASSFISH-19568

Regression: WebComponentInvocation cannot be cast to EjbInvocation from deploying an ear without web component

JeffTancill marina vatkina Critical Open Unresolved  
Bug GLASSFISH-18536

GF callback handler blocking a JASPIC provider when Principal is unknown

JeffTancill bjb Blocker Open Unresolved  
Improvement GLASSFISH-2864

Support InitialContext Security Credentials and Prinicpals

raharsha barz26 Major Open Unresolved  
Improvement GLASSFISH-1577

JDBCRealm should allow for salting hashed passwords

raharsha ananner Major Open Unresolved  
Bug GLASSFISH-17134

after update to 3.1.11 (?) jsf web app causes server shutdown

JeffTancill silveredge8181 Minor In Progress Unresolved  
Bug GLASSFISH-20037

Investigate the Restricted Permissions vs Allowed Permissions (or Not restricted policy) for Application Packaged Permission feature

spei spei Major Open Unresolved  
Improvement GLASSFISH-6209

list-file-users should print the group info as well

JeffTancill sankarpn Minor Open Unresolved  
Bug GLASSFISH-8051

enabling ssl2 for orb listener should fail

sankarpn sankarpn Minor Open Unresolved  
Improvement GLASSFISH-16005

cannot configure ssl key-/trust-store per http-listener in admin-gui

JeffTancill schaarsc Major Open Unresolved  
Improvement GLASSFISH-16952

Provide copy realm function

JeffTancill mkarg Minor Open Unresolved  
Bug GLASSFISH-18101

Error message reported during upgrade of 2.1.1 Cluster to GF3.1.2

JeffTancill Alex Pineda Minor Open Unresolved  
Bug GLASSFISH-18308

[CTS] AccessControlException running endpoint publishing with grant in server.policy file

JeffTancill Dennis MacConnell Major Open Unresolved  
Improvement GLASSFISH-16474

Initialize AuditManager and Modules as Startup Service : Primarily to account for serverStarted() event

JeffTancill kumarjayanti Major Open Unresolved  
New Feature GLASSFISH-19202

JAX-RS and Servlet Constraint Overlap (Support for Multiple Auth Mechanisms)

JeffTancill JeffTancill Major Open Unresolved  
New Feature GLASSFISH-19203

Password Aliasing

JeffTancill JeffTancill Major Open Unresolved  
Improvement GLASSFISH-19799

usage of internal proprietary API in appserver/security/appclient.security

JeffTancill Romain Grécourt Major Open Unresolved  
Improvement GLASSFISH-19798

usage of internal proprietary API in appserver/security/core-ee

JeffTancill Romain Grécourt Major Open Unresolved  
Improvement GLASSFISH-19805

usage of internal proprietary API in appserver/security/webintegration

JeffTancill Romain Grécourt Major Open Unresolved  
Improvement GLASSFISH-19809

usage of internal proprietary API in nucleus/security/core

JeffTancill Romain Grécourt Major Open Unresolved  
Improvement GLASSFISH-19800

usage of internal proprietary API in appserver/security/inmemory.jacc.provider

JeffTancill Romain Grécourt Major Open Unresolved  
New Feature GLASSFISH-19206

Improved Credential and SSL Configuration

JeffTancill JeffTancill Major Open Unresolved  
New Feature GLASSFISH-16473

Introduce a default CertStore in GlassFish that can be used by JSR196 CertStoreCallback

kumarjayanti kumarjayanti Major Open Unresolved  
Improvement GLASSFISH-8544

princpals always wrapped in "WebPrincipal"

monzillo svnfightsvn Major Open Unresolved  
Bug GLASSFISH-12462

server crashes: CORBA NO_PERMISSION

JeffTancill lft Critical Open Unresolved  
New Feature GLASSFISH-6781

Active Directory Realm

JeffTancill mkarg Critical Open Unresolved  
Bug GLASSFISH-5039

form login with non-ascii characters fails

JeffTancill miira Minor Open Unresolved  
Bug GLASSFISH-16619

Got com.sun.xml.wss.XWSSecurityException when ran some WSS security tests on AIX

JeffTancill sonialiu Minor Open Unresolved  
Improvement GLASSFISH-5819

Rework Security Infrastructure to ease migration

JeffTancill barz26 Critical Open Unresolved  
Improvement GLASSFISH-4982

Parameterized interface confuses Roles annotation processor

JeffTancill rycohen2000 Major Open Unresolved  
Improvement GLASSFISH-7085

Administrator needs to know declared roles

JeffTancill mkarg Major Open Unresolved  
New Feature GLASSFISH-4215

gfv3:JSR 196 Enabled HttpURLConnection

JeffTancill kumarjayanti Major Open Unresolved  
New Feature GLASSFISH-4213

gfv3:Add Certificate Repository support

JeffTancill kumarjayanti Critical Open Unresolved  
Improvement GLASSFISH-10380

login failures must be logged at INFO level

JeffTancill sankarpn Minor Open Unresolved  
Bug GLASSFISH-12581

GF v2.1.1: Unable to connect to LDAPS directory server instance in OpenSSO

JeffTancill cmwesley Minor Open Unresolved  
Improvement GLASSFISH-5167

Enterprise Profile depends on sun.security.pkcs11

JeffTancill kumarjayanti Minor Open Unresolved  
Bug GLASSFISH-6990

argument not substituted in IOP5001 message

JeffTancill Dies Koper Major Open Unresolved  
Improvement GLASSFISH-7980

Enhancements in EJB Security

JeffTancill kumarjayanti Major Open Unresolved  
New Feature GLASSFISH-4119

Unified Authorization support for Servlet, SipServlet, JAX-RS and WSIT WebServices

JeffTancill kumarjayanti Critical Open Unresolved  
Bug GLASSFISH-10099

Glassfish clustering mode ClassNotFoundException sun.security.pkcs11.SunPKCS11 Windows 64 Bit

JeffTancill coding Major Open Unresolved  
Bug GLASSFISH-12561

EjbIORConfigurationDescriptor.java.htm does not validate all options for setEstablishTrustInTarget

JeffTancill marcobjorge Major Open Unresolved  
Bug GLASSFISH-11862

SunPKCS11 crypto provider should be disabled if no hardware accelerator

JeffTancill sauvage Major Open Unresolved  
Improvement GLASSFISH-5109

Form Based Logins for secured resources don't pass the entire request object to servlet filters

JeffTancill vpower Critical Open Unresolved  
New Feature GLASSFISH-4216

gfv3:WebServices Asynchrony Support

JeffTancill kumarjayanti Critical Open Unresolved  
New Feature GLASSFISH-4211

Define and Document how Unsupported Certificate Extensions can be handled during Certificate Validation

JeffTancill kumarjayanti Major Open Unresolved  
Improvement GLASSFISH-5058

Need a way for app clients to distinguish between failed authentication and user cancel

JeffTancill Tim Quinn Major Open Unresolved  
Improvement GLASSFISH-6912

Simplify building custom realms

JeffTancill cowwoc Major Open Unresolved  
Bug GLASSFISH-7319

Audit Appserver management operations (Start/Stop) feature doesn't in V3

JeffTancill sonialiu Minor Open Unresolved  
Improvement GLASSFISH-4719

Role Mapping / Realm Improvements

JeffTancill mkarg Major Open Unresolved  
New Feature GLASSFISH-4217

gfv3:Improve JNDI Security

JeffTancill kumarjayanti Critical Open Unresolved  
Improvement GLASSFISH-5371

Allow custom certificate realms

JeffTancill barz26 Critical Open Unresolved  
Improvement GLASSFISH-4811

Missing JBoss like DatabaseServerLoginModule Realm

JeffTancill elkner Major Open Unresolved  
New Feature GLASSFISH-4118

Adds digest authentication support for Realms.

venu kumarjayanti Critical Open Unresolved  
New Feature GLASSFISH-4212

gfv3: Limit Failed Login attempts for Realms

venu kumarjayanti Critical Open Unresolved  
New Feature GLASSFISH-4214

gfv3:Component Identity Propagation

venu kumarjayanti Critical Open Unresolved  
Improvement GLASSFISH-1015

Provide more config options for realms

raharsha barz26 Major Open Unresolved  
Improvement GLASSFISH-3023

JDBCRealm should support different table structures

raharsha danielrhoades Major Open Unresolved  
Improvement GLASSFISH-3509

LDAP performance issues: LDAPRealm.dynamicGroupSearch

raharsha alfish Minor Open Unresolved  
Bug GLASSFISH-3774

Custom principal does not get propagated into EJB tier by using ProgrammaticLogin

raharsha willtao Minor Open Unresolved  
New Feature GLASSFISH-2987

Dynamic Groups and Roles depending of the current object

raharsha miro Major Open Unresolved  
Improvement GLASSFISH-1302

Improving certificate realm

raharsha bdaniliuc Major Open Unresolved  
Improvement GLASSFISH-2061

Make JDBC Realm have configurable User Group Caching

raharsha whartung Major Open Unresolved  
New Feature GLASSFISH-4524

Provide CLI/GUI support to add/modify/remove certificates to JKS

claudio claudio Major Open Unresolved  
Improvement GLASSFISH-1571

JDBCRealm does not implement getUser(String name) method

raharsha ananner Major Open Unresolved  
New Feature GLASSFISH-2815

Radius client implementation

raharsha bjb Major Open Unresolved  
New Feature GLASSFISH-2986

Customizable Swing Login Dialog (GUILoginDialog)

raharsha miro Major Open Unresolved  
Improvement GLASSFISH-3806

realm-name should not be used for security auth realm

raharsha raharsha Major Open Unresolved  
Improvement GLASSFISH-5220

Improvement of WARNING DL8019

Hong Zhang mkarg Minor Open Unresolved  
Bug GLASSFISH-3142

<BT6565568>Log: Fatal errors are showing at INFO level instead of at SEVERE level.

raharsha gfbugbridge Minor Open Unresolved  
Improvement GLASSFISH-4595

Allow empty Base DN in LDAP Realm

raharsha weberjn Major Open Unresolved  
Improvement GLASSFISH-3731

LDAPRealm: Selection of group through the DN

raharsha granat Critical Open Unresolved  
Improvement GLASSFISH-3694

Separate columns in group- and user-table

raharsha henrikm Major Open Unresolved  
Improvement GLASSFISH-357

Provide default role / group mapping if no sun-application.xml is existing

raharsha bjb Minor Open Unresolved  
Improvement GLASSFISH-4390

JAAS – JDBCRealm too inflexible

raharsha wip2 Major Open Unresolved  
Improvement GLASSFISH-396

Cleanup the LoginException/ProgrammaticLogin API

rameshm ahshishs Minor Open Unresolved  
Improvement GLASSFISH-2862

admin-realm with ldaps requires cert in multiple keystores

rameshm sarnoth Minor Open Unresolved  
Bug GLASSFISH-15429

Modifying keyfile path in a newly created config does not properly list the users

kumarjayanti srinik76 Major Reopened Unresolved  
Bug GLASSFISH-3121

race condition in NssStore.java

kumarjayanti kumarjayanti Minor Reopened Unresolved