| <!-- |
| |
| Copyright (c) 2010, 2018 Oracle and/or its affiliates. All rights reserved. |
| |
| This program and the accompanying materials are made available under the |
| terms of the Eclipse Public License v. 2.0, which is available at |
| http://www.eclipse.org/legal/epl-2.0. |
| |
| This Source Code may also be made available under the following Secondary |
| Licenses when the conditions for such availability set forth in the |
| Eclipse Public License v. 2.0 are satisfied: GNU General Public License, |
| version 2 with the GNU Classpath Exception, which is available at |
| https://www.gnu.org/software/classpath/license.html. |
| |
| SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0 |
| |
| --> |
| |
| <FindBugsFilter> |
| <!-- |
| Request: Kumar & Ron |
| Approval: Bill Shannon |
| Date:08/12/2009 |
| Notes from Ron: |
| The proprietary callback classes predate Glassfish v2. we |
| maintained support for them in v2 and v3, where they are |
| available for use by auth modules written to the proprietary spi |
| (which we continue to support in v3). We only made the |
| proprietary spi available to parties within sun; including the |
| opensso/then access manager team, and for the native ws-security |
| auth-modules created by the xwss team for appserver 8.1. The |
| ws-secuity modules are being phased out in favor of the new |
| wsit/ws-policy based auth modules, and the opensso modules should |
| evolve to the standard spi. |
| --> |
| <Match> |
| <Or> |
| <Class name="com.sun.enterprise.security.jauth.callback.CertStoreCallback"/> |
| <Class name="com.sun.enterprise.security.jauth.callback.SecretKeyCallback"/> |
| <Class name="com.sun.enterprise.security.jauth.callback.PrivateKeyCallback"/> |
| <Class name="com.sun.enterprise.security.jauth.callback.PrivateKeyCallback$IssuerSerialNumRequest"/> |
| <Class name="com.sun.enterprise.security.jauth.AuthException"/> |
| <Class name="com.sun.enterprise.security.jauth.callback.SecretKeyCallback$AliasRequest"/> |
| <Class name="com.sun.enterprise.security.jauth.callback.TrustStoreCallback"/> |
| <Class name="com.sun.enterprise.security.jauth.callback.PrivateKeyCallback$SubjectKeyIDRequest"/> |
| <Class name="com.sun.enterprise.security.jauth.callback.PasswordValidationCallback"/> |
| <Class name="com.sun.enterprise.security.jauth.callback.PrivateKeyCallback$AliasRequest"/> |
| </Or> |
| <Bug pattern="NM_SAME_SIMPLE_NAME_AS_SUPERCLASS"/> |
| </Match> |
| |
| <!-- |
| This code uses reflection to construct an object. The actual object |
| will be constructed for use later, this code just makes sure that |
| the constructor exists and doesn't fail. The object is thrown away. |
| --> |
| <Match> |
| <Class name="com.sun.enterprise.security.acl.RoleMapper"/> |
| <Method name="getDefaultP2RMappingClassName"/> |
| <Bug pattern="DLS_DEAD_LOCAL_STORE"/> |
| </Match> |
| |
| <!-- |
| Need to keep both method getUsername in |
| com.sun.enterprise.security.auth.digest.impl.KeyDigestAlgoParamImpl |
| and method getUserName in |
| com.sun.enterprise.security.ee.auth.login.DigestCredentials |
| with names differing only in case, for compatibility. |
| --> |
| <Match> |
| <Class name="com.sun.enterprise.security.auth.digest.impl.KeyDigestAlgoParamImpl"/> |
| <Method name="getUsername"/> |
| <Bug pattern="NM_CONFUSING"/> |
| </Match> |
| </FindBugsFilter> |
