You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cxf.apache.org by "Daniel Kulp (Resolved) (JIRA)" <ji...@apache.org> on 2011/12/08 23:01:40 UTC
[jira] [Resolved] (CXF-3895) add support for Jetty's password
obfuscation methods
[ https://issues.apache.org/jira/browse/CXF-3895?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Daniel Kulp resolved CXF-3895.
------------------------------
Resolution: Fixed
Fix Version/s: 2.5.1
Assignee: Daniel Kulp
> add support for Jetty's password obfuscation methods
> ----------------------------------------------------
>
> Key: CXF-3895
> URL: https://issues.apache.org/jira/browse/CXF-3895
> Project: CXF
> Issue Type: Improvement
> Components: Configuration
> Affects Versions: 2.4.2
> Environment: Java 6
> Windows XP SP3
> CXF 2.4.2
> Reporter: Michael Heß
> Assignee: Daniel Kulp
> Priority: Minor
> Labels: configuration, cxf, jetty, keys, password, security
> Fix For: 2.5.1
>
>
> For SSL connectors, the Jetty configuration allows definition of keystore and truststore passwords in a obfuscated fashion. See http://wiki.eclipse.org/Jetty/Howto/Secure_Passwords for details. Currently this does not work when using the Spring based configuration for jetty, i.e. using for example this
> <sec:keyStore type="JKS" password="OBF:1sot1v961saj1v9i1v941sar1v9g1sox" file="conf/keystore" />
> will lead to an exception on startup, which is identical to those that come up when an invalid keystore password is provided.
> My guess is, that the "OBF:" prefix is not detected by the configuration hook, and therefore the provided password string is used as-is. (But I am just guessing here...)
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira