You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by ff...@apache.org on 2018/10/08 01:26:48 UTC
[cxf] 01/04: [CXF-7828]shouldn't log JMS password from JMS address
when using JMS transport
This is an automated email from the ASF dual-hosted git repository.
ffang pushed a commit to branch 3.2.x-fixes
in repository https://gitbox.apache.org/repos/asf/cxf.git
commit f765275c79bc4d8dadf0a8adc51ccc4c8121ca29
Author: Freeman Fang <fr...@gmail.com>
AuthorDate: Mon Aug 27 16:20:53 2018 +0800
[CXF-7828]shouldn't log JMS password from JMS address when using JMS transport
(cherry picked from commit c1da5b05663fd21a6482af06dbf6fc77cf324529)
---
.../cxf/common/logging/RegexLoggingFilter.java | 117 +++++++++++++++++++++
.../java/org/apache/cxf/endpoint/ServerImpl.java | 11 +-
.../cxf/common/logging/RegexLoggingFilterTest.java | 36 +++++++
3 files changed, 163 insertions(+), 1 deletion(-)
diff --git a/core/src/main/java/org/apache/cxf/common/logging/RegexLoggingFilter.java b/core/src/main/java/org/apache/cxf/common/logging/RegexLoggingFilter.java
new file mode 100644
index 0000000..098b797
--- /dev/null
+++ b/core/src/main/java/org/apache/cxf/common/logging/RegexLoggingFilter.java
@@ -0,0 +1,117 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.common.logging;
+
+import java.util.ArrayList;
+import java.util.List;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
+public class RegexLoggingFilter {
+
+ public static final String DEFAULT_REPLACEMENT = "*****";
+
+ private static class ReplaceRegEx {
+ private Pattern pattern;
+ private int group = 1;
+ private String replacement;
+
+ ReplaceRegEx(String pattern, int group, String replacement) {
+ this.pattern = Pattern.compile(pattern);
+ this.group = group;
+ this.replacement = replacement;
+ }
+
+ public CharSequence filter(CharSequence command) {
+ Matcher m = pattern.matcher(command);
+ int offset = 0;
+ while (m.find()) {
+ int origLen = command.length();
+ command = new StringBuilder(command)
+ .replace(m.start(group) + offset, m.end(group) + offset, replacement).toString();
+ offset += command.length() - origLen;
+ }
+ return command;
+ }
+ }
+
+ private String regPattern;
+ private int regGroup = 1;
+ private String regReplacement = DEFAULT_REPLACEMENT;
+
+ private List<ReplaceRegEx> regexs = new ArrayList<ReplaceRegEx>();
+
+ public CharSequence filter(CharSequence command) {
+ if (regPattern != null) {
+ command = new ReplaceRegEx(regPattern, regGroup, regReplacement).filter(command);
+ }
+ for (ReplaceRegEx regex : regexs) {
+ command = regex.filter(command);
+ }
+ return command;
+ }
+
+ public void addRegEx(String pattern) {
+ addRegEx(pattern, 1);
+ }
+
+ public void addRegEx(String pattern, int group) {
+ addRegEx(pattern, group, DEFAULT_REPLACEMENT);
+ }
+
+ public void addRegEx(String pattern, int group, String replacement) {
+ regexs.add(new ReplaceRegEx(pattern, group, replacement));
+ }
+
+ public void addCommandOption(String option, String... commands) {
+ String pattern = "(";
+ for (String command : commands) {
+ if (pattern.length() > 1) {
+ pattern += "|";
+ }
+ pattern += Pattern.quote(command);
+ }
+ pattern += ") +.*?" + Pattern.quote(option) + " +([^ ]+)";
+ regexs.add(new ReplaceRegEx(pattern, 2, DEFAULT_REPLACEMENT));
+ }
+
+ public String getPattern() {
+ return regPattern;
+ }
+
+ public void setPattern(String pattern) {
+ this.regPattern = pattern;
+ }
+
+ public String getReplacement() {
+ return regReplacement;
+ }
+
+ public void setReplacement(String replacement) {
+ this.regReplacement = replacement;
+ }
+
+ public int getGroup() {
+ return regGroup;
+ }
+
+ public void setGroup(int group) {
+ this.regGroup = group;
+ }
+}
diff --git a/core/src/main/java/org/apache/cxf/endpoint/ServerImpl.java b/core/src/main/java/org/apache/cxf/endpoint/ServerImpl.java
index 6437418..089859c 100644
--- a/core/src/main/java/org/apache/cxf/endpoint/ServerImpl.java
+++ b/core/src/main/java/org/apache/cxf/endpoint/ServerImpl.java
@@ -30,6 +30,7 @@ import org.apache.cxf.Bus;
import org.apache.cxf.BusException;
import org.apache.cxf.binding.BindingFactory;
import org.apache.cxf.common.logging.LogUtils;
+import org.apache.cxf.common.logging.RegexLoggingFilter;
import org.apache.cxf.management.InstrumentationManager;
import org.apache.cxf.service.model.EndpointInfo;
import org.apache.cxf.transport.Destination;
@@ -82,7 +83,15 @@ public class ServerImpl implements Server {
}
destination = destinationFactory.getDestination(ei, bus);
- LOG.info("Setting the server's publish address to be " + ei.getAddress());
+ String wantFilter = ei.getAddress();
+
+ if (wantFilter != null && wantFilter.startsWith("jms")) {
+ RegexLoggingFilter filter = new RegexLoggingFilter();
+ filter.setPattern("jms(.*?)password=+([^ ]+)[.]");
+ filter.setGroup(2);
+ wantFilter = (String)filter.filter(wantFilter);
+ }
+ LOG.info("Setting the server's publish address to be " + wantFilter);
serverRegistry = bus.getExtension(ServerRegistry.class);
mep = createManagedEndpoint();
diff --git a/core/src/test/java/org/apache/cxf/common/logging/RegexLoggingFilterTest.java b/core/src/test/java/org/apache/cxf/common/logging/RegexLoggingFilterTest.java
new file mode 100644
index 0000000..f153d72
--- /dev/null
+++ b/core/src/test/java/org/apache/cxf/common/logging/RegexLoggingFilterTest.java
@@ -0,0 +1,36 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.common.logging;
+
+import org.junit.Assert;
+import org.junit.Test;
+
+public class RegexLoggingFilterTest extends Assert {
+
+ @Test
+ public void testFilter() throws Exception {
+ String wantFilter = "jms:queue:soapRequestQueue?username=admin&password=admin123.";
+ RegexLoggingFilter filter = new RegexLoggingFilter();
+ filter.setPattern("jms(.*?)password=+([^ ]+)[.]");
+ filter.setGroup(2);
+ wantFilter = (String)filter.filter(wantFilter);
+ assertEquals(wantFilter, "jms:queue:soapRequestQueue?username=admin&password=*****.");
+ }
+
+}