You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@felix.apache.org by "Konrad Windszus (JIRA)" <ji...@apache.org> on 2017/06/30 08:06:00 UTC

[jira] [Created] (FELIX-5661) The heuristic to derive the password type from the metatype id does not work reliably

Konrad Windszus created FELIX-5661:
--------------------------------------

             Summary: The heuristic to derive the password type from the metatype id does not work reliably
                 Key: FELIX-5661
                 URL: https://issues.apache.org/jira/browse/FELIX-5661
             Project: Felix
          Issue Type: Bug
          Components: Web Console
    Affects Versions: webconsole-4.3.4
            Reporter: Konrad Windszus


With FELIX-3168 support for password meta type data has been added. Not only meta data with type="password" are detected as such but also string meta data containing "password" in the id (https://github.com/apache/felix/blame/trunk/webconsole/src/main/java/org/apache/felix/webconsole/internal/configuration/MetaTypeSupport.java#L183).
This heuristic does not really work well. E.g. in Oak there is property with id="passwordHashAlgorithm" (type string) (https://github.com/apache/jackrabbit-oak/blob/2acda3156cfad9993310e7aa0492cdc0b65aa5f7/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenConfigurationImpl.java#L65) which should clearly not be detected as password type.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)