You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sling.apache.org by bd...@apache.org on 2016/11/25 09:32:10 UTC
svn commit: r1771262 -
/sling/trunk/bundles/jcr/repoinit/src/main/java/org/apache/sling/jcr/repoinit/impl/UserVisitor.java
Author: bdelacretaz
Date: Fri Nov 25 09:32:10 2016
New Revision: 1771262
URL: http://svn.apache.org/viewvc?rev=1771262&view=rev
Log:
SLING-6219 - warn if creating users with cleartext passwords
Modified:
sling/trunk/bundles/jcr/repoinit/src/main/java/org/apache/sling/jcr/repoinit/impl/UserVisitor.java
Modified: sling/trunk/bundles/jcr/repoinit/src/main/java/org/apache/sling/jcr/repoinit/impl/UserVisitor.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/jcr/repoinit/src/main/java/org/apache/sling/jcr/repoinit/impl/UserVisitor.java?rev=1771262&r1=1771261&r2=1771262&view=diff
==============================================================================
--- sling/trunk/bundles/jcr/repoinit/src/main/java/org/apache/sling/jcr/repoinit/impl/UserVisitor.java (original)
+++ sling/trunk/bundles/jcr/repoinit/src/main/java/org/apache/sling/jcr/repoinit/impl/UserVisitor.java Fri Nov 25 09:32:10 2016
@@ -68,8 +68,16 @@ class UserVisitor extends DoNothingVisit
final String id = u.getUsername();
try {
if(!UserUtil.serviceExists(session, id)) {
- log.info("Creating user {}", id);
- UserUtil.createUser(session, id, u.getPassword());
+ final String pwd = u.getPassword();
+ if(pwd != null) {
+ // TODO we might revise this warning once we're able
+ // to create users by providing their encoded password
+ // using u.getPasswordEncoding - for now I think only cleartext works
+ log.warn("Creating user {} with cleartext password - should NOT be used on production systems", id);
+ } else {
+ log.info("Creating user {}", id);
+ }
+ UserUtil.createUser(session, id, pwd);
} else {
log.info("User {} already exists, no changes made", id);
}