You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@commons.apache.org by gg...@apache.org on 2018/06/10 17:08:37 UTC
commons-dbcp git commit: [DBCP-499]
org.apache.commons.dbcp2.managed.DataSourceXAConnectionFactory should use a
char[] instead of a String to save passwords.
Repository: commons-dbcp
Updated Branches:
refs/heads/master bc71c883e -> 93b0d6b3a
[DBCP-499]
org.apache.commons.dbcp2.managed.DataSourceXAConnectionFactory should
use a char[] instead of a String to save passwords.
Project: http://git-wip-us.apache.org/repos/asf/commons-dbcp/repo
Commit: http://git-wip-us.apache.org/repos/asf/commons-dbcp/commit/93b0d6b3
Tree: http://git-wip-us.apache.org/repos/asf/commons-dbcp/tree/93b0d6b3
Diff: http://git-wip-us.apache.org/repos/asf/commons-dbcp/diff/93b0d6b3
Branch: refs/heads/master
Commit: 93b0d6b3acb2d3be277ca8c2799badb005686429
Parents: bc71c88
Author: Gary Gregory <ga...@gmail.com>
Authored: Sun Jun 10 11:08:33 2018 -0600
Committer: Gary Gregory <ga...@gmail.com>
Committed: Sun Jun 10 11:08:33 2018 -0600
----------------------------------------------------------------------
src/changes/changes.xml | 3 ++
.../dbcp2/DataSourceConnectionFactory.java | 4 +-
.../java/org/apache/commons/dbcp2/Utils.java | 23 +++++++++
.../managed/DataSourceXAConnectionFactory.java | 49 ++++++++++++++++----
4 files changed, 67 insertions(+), 12 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/commons-dbcp/blob/93b0d6b3/src/changes/changes.xml
----------------------------------------------------------------------
diff --git a/src/changes/changes.xml b/src/changes/changes.xml
index 676d879..b6a1da5 100644
--- a/src/changes/changes.xml
+++ b/src/changes/changes.xml
@@ -85,6 +85,9 @@ The <action> type attribute can be add,update,fix,remove.
<action dev="ggregory" type="update" issue="DBCP-498" due-to="Gary Gregory">
org.apache.commons.dbcp2.DataSourceConnectionFactory should use a char[] instead of a String to save passwords.
</action>
+ <action dev="ggregory" type="update" issue="DBCP-499" due-to="Gary Gregory">
+ org.apache.commons.dbcp2.managed.DataSourceXAConnectionFactory should use a char[] instead of a String to save passwords.
+ </action>
</release>
<release version="2.3.0" date="2018-05-12" description="This is a minor release, including bug fixes and enhancements.">
<action dev="pschumacher" type="fix" issue="DBCP-476" due-to="Gary Evesson, Richard Cordova">
http://git-wip-us.apache.org/repos/asf/commons-dbcp/blob/93b0d6b3/src/main/java/org/apache/commons/dbcp2/DataSourceConnectionFactory.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/commons/dbcp2/DataSourceConnectionFactory.java b/src/main/java/org/apache/commons/dbcp2/DataSourceConnectionFactory.java
index a42a91c..f1529f1 100644
--- a/src/main/java/org/apache/commons/dbcp2/DataSourceConnectionFactory.java
+++ b/src/main/java/org/apache/commons/dbcp2/DataSourceConnectionFactory.java
@@ -75,7 +75,7 @@ public class DataSourceConnectionFactory implements ConnectionFactory {
public DataSourceConnectionFactory(final DataSource dataSource, final String userName, final String password) {
this.dataSource = dataSource;
this.userName = userName;
- this.userPassword = password != null ? password.toCharArray() : null;
+ this.userPassword = Utils.toCharArray(password);
}
@Override
@@ -83,6 +83,6 @@ public class DataSourceConnectionFactory implements ConnectionFactory {
if (null == userName && null == userPassword) {
return dataSource.getConnection();
}
- return dataSource.getConnection(userName, userPassword == null ? null : String.valueOf(userPassword));
+ return dataSource.getConnection(userName, Utils.toString(userPassword));
}
}
http://git-wip-us.apache.org/repos/asf/commons-dbcp/blob/93b0d6b3/src/main/java/org/apache/commons/dbcp2/Utils.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/commons/dbcp2/Utils.java b/src/main/java/org/apache/commons/dbcp2/Utils.java
index 1ead9ca..4ae0119 100644
--- a/src/main/java/org/apache/commons/dbcp2/Utils.java
+++ b/src/main/java/org/apache/commons/dbcp2/Utils.java
@@ -134,4 +134,27 @@ public final class Utils {
final MessageFormat mf = new MessageFormat(msg);
return mf.format(args, new StringBuffer(), null).toString();
}
+
+ /**
+ * Converts the given String to a char[].
+ *
+ * @param value
+ * may be null.
+ * @return a char[] or null.
+ */
+ public static char[] toCharArray(final String value) {
+ return value != null ? value.toCharArray() : null;
+ }
+
+
+ /**
+ * Converts the given char[] to a String.
+ *
+ * @param value
+ * may be null.
+ * @return a String or null.
+ */
+ public static String toString(final char[] value) {
+ return value == null ? null : String.valueOf(value);
+ }
}
http://git-wip-us.apache.org/repos/asf/commons-dbcp/blob/93b0d6b3/src/main/java/org/apache/commons/dbcp2/managed/DataSourceXAConnectionFactory.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/commons/dbcp2/managed/DataSourceXAConnectionFactory.java b/src/main/java/org/apache/commons/dbcp2/managed/DataSourceXAConnectionFactory.java
index c3a66f0..47d6de3 100644
--- a/src/main/java/org/apache/commons/dbcp2/managed/DataSourceXAConnectionFactory.java
+++ b/src/main/java/org/apache/commons/dbcp2/managed/DataSourceXAConnectionFactory.java
@@ -25,6 +25,8 @@ import javax.sql.XADataSource;
import javax.transaction.TransactionManager;
import javax.transaction.xa.XAResource;
+import org.apache.commons.dbcp2.Utils;
+
import java.sql.Connection;
import java.sql.SQLException;
@@ -38,7 +40,7 @@ public class DataSourceXAConnectionFactory implements XAConnectionFactory {
private final TransactionRegistry transactionRegistry;
private final XADataSource xaDataSource;
private String userName;
- private String password;
+ private char[] userPassword;
/**
* Creates an DataSourceXAConnectionFactory which uses the specified XADataSource to create database
@@ -48,7 +50,7 @@ public class DataSourceXAConnectionFactory implements XAConnectionFactory {
* @param xaDataSource the data source from which connections will be retrieved
*/
public DataSourceXAConnectionFactory(final TransactionManager transactionManager, final XADataSource xaDataSource) {
- this(transactionManager, xaDataSource, null, null);
+ this(transactionManager, xaDataSource, null, (char[]) null);
}
/**
@@ -58,9 +60,10 @@ public class DataSourceXAConnectionFactory implements XAConnectionFactory {
* @param transactionManager the transaction manager in which connections will be enlisted
* @param xaDataSource the data source from which connections will be retrieved
* @param userName the user name used for authenticating new connections or null for unauthenticated
- * @param password the password used for authenticating new connections
+ * @param userPassword the password used for authenticating new connections
*/
- public DataSourceXAConnectionFactory(final TransactionManager transactionManager, final XADataSource xaDataSource, final String userName, final String password) {
+ public DataSourceXAConnectionFactory(final TransactionManager transactionManager, final XADataSource xaDataSource,
+ final String userName, final char[] userPassword) {
if (transactionManager == null) {
throw new NullPointerException("transactionManager is null");
}
@@ -71,7 +74,21 @@ public class DataSourceXAConnectionFactory implements XAConnectionFactory {
this.transactionRegistry = new TransactionRegistry(transactionManager);
this.xaDataSource = xaDataSource;
this.userName = userName;
- this.password = password;
+ this.userPassword = userPassword;
+ }
+
+ /**
+ * Creates an DataSourceXAConnectionFactory which uses the specified XADataSource to create database
+ * connections. The connections are enlisted into transactions using the specified transaction manager.
+ *
+ * @param transactionManager the transaction manager in which connections will be enlisted
+ * @param xaDataSource the data source from which connections will be retrieved
+ * @param userName the user name used for authenticating new connections or null for unauthenticated
+ * @param userPassword the password used for authenticating new connections
+ */
+ public DataSourceXAConnectionFactory(final TransactionManager transactionManager, final XADataSource xaDataSource,
+ final String userName, final String userPassword) {
+ this(transactionManager, xaDataSource, userName, Utils.toCharArray(userPassword));
}
/**
@@ -92,10 +109,23 @@ public class DataSourceXAConnectionFactory implements XAConnectionFactory {
/**
* Sets the password used to authenticate new connections.
- * @param password the password used for authenticating the connection or null for unauthenticated
+ *
+ * @param userPassword
+ * the password used for authenticating the connection or null for unauthenticated.
+ * @since 2.4.0
+ */
+ public void setPassword(final char[] userPassword) {
+ this.userPassword = userPassword;
+ }
+
+ /**
+ * Sets the password used to authenticate new connections.
+ *
+ * @param userPassword
+ * the password used for authenticating the connection or null for unauthenticated
*/
- public void setPassword(final String password) {
- this.password = password;
+ public void setPassword(final String userPassword) {
+ this.userPassword = Utils.toCharArray(userPassword);
}
@Override
@@ -110,7 +140,7 @@ public class DataSourceXAConnectionFactory implements XAConnectionFactory {
if (userName == null) {
xaConnection = xaDataSource.getXAConnection();
} else {
- xaConnection = xaDataSource.getXAConnection(userName, password);
+ xaConnection = xaDataSource.getXAConnection(userName, Utils.toString(userPassword));
}
// get the real connection and XAResource from the connection
@@ -143,7 +173,6 @@ public class DataSourceXAConnectionFactory implements XAConnectionFactory {
}
});
-
return connection;
}
}