[jira] [Commented] (FELIX-5661) The heuristic to derive the password type from the metatype id does not work reliably

["Carsten Ziegeler (JIRA)" <ji...@apache.org>]

    [ https://issues.apache.org/jira/browse/FELIX-5661?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16073810#comment-16073810 ] 

Carsten Ziegeler commented on FELIX-5661:
-----------------------------------------

I think the right thing is really to rely on correct metatype info. This heuristic has been implemented at a time where the password type in metatype did not exist or was very new. Several years we should really assume that correct metatype using the password type is built. If not, that's a bug of the bundle providing the metatype.
Therefore I suggest we remove the heuristic completely

> The heuristic to derive the password type from the metatype id does not work reliably
> -------------------------------------------------------------------------------------
>
>                 Key: FELIX-5661
>                 URL: https://issues.apache.org/jira/browse/FELIX-5661
>             Project: Felix
>          Issue Type: Bug
>          Components: Web Console
>    Affects Versions: webconsole-4.3.4
>            Reporter: Konrad Windszus
>
> With FELIX-3168 support for password meta type data has been added. Not only meta data with type="password" are detected as such but also string meta data containing "password" in the id (https://github.com/apache/felix/blame/trunk/webconsole/src/main/java/org/apache/felix/webconsole/internal/configuration/MetaTypeSupport.java#L183).
> This heuristic does not really work well. E.g. in Oak there is property with id="passwordHashAlgorithm" (type string) (https://github.com/apache/jackrabbit-oak/blob/2acda3156cfad9993310e7aa0492cdc0b65aa5f7/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenConfigurationImpl.java#L65) which should clearly not be detected as password type.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)