You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ws.apache.org by co...@apache.org on 2010/11/19 16:34:22 UTC

svn commit: r1036901 - in /webservices/wss4j/trunk: ./ src/org/apache/ws/security/WSDocInfo.java src/org/apache/ws/security/components/crypto/AbstractCrypto.java src/org/apache/ws/security/processor/UsernameTokenProcessor.java test/log4j.properties

Author: coheigea
Date: Fri Nov 19 15:34:22 2010
New Revision: 1036901

URL: http://svn.apache.org/viewvc?rev=1036901&view=rev
Log:
[WSS-253] - UsernameTokenProcessor logs the password to the log

Modified:
    webservices/wss4j/trunk/   (props changed)
    webservices/wss4j/trunk/src/org/apache/ws/security/WSDocInfo.java   (props changed)
    webservices/wss4j/trunk/src/org/apache/ws/security/components/crypto/AbstractCrypto.java
    webservices/wss4j/trunk/src/org/apache/ws/security/processor/UsernameTokenProcessor.java
    webservices/wss4j/trunk/test/log4j.properties   (props changed)

Propchange: webservices/wss4j/trunk/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Fri Nov 19 15:34:22 2010
@@ -1 +1 @@
-/webservices/wss4j/branches/1_5_x-fixes:996180,996298,996339,997529,997535,1001926,1002116,1002347,1032939,1036805
+/webservices/wss4j/branches/1_5_x-fixes:996180,996298,996339,997529,997535,1001926,1002116,1002347,1032939,1036805,1036890

Propchange: webservices/wss4j/trunk/src/org/apache/ws/security/WSDocInfo.java
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Fri Nov 19 15:34:22 2010
@@ -1 +1 @@
-/webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/WSDocInfo.java:947604,996180,996298,996339,997529,997535,1001926,1002116,1002347,1032939,1036805
+/webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/WSDocInfo.java:947604,996180,996298,996339,997529,997535,1001926,1002116,1002347,1032939,1036805,1036890

Modified: webservices/wss4j/trunk/src/org/apache/ws/security/components/crypto/AbstractCrypto.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/components/crypto/AbstractCrypto.java?rev=1036901&r1=1036900&r2=1036901&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/components/crypto/AbstractCrypto.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/components/crypto/AbstractCrypto.java Fri Nov 19 15:34:22 2010
@@ -222,8 +222,6 @@ public abstract class AbstractCrypto ext
             java.net.URL url = Loader.getResource(loader, location);
             if (url != null) {
                 is = url.openStream();
-            } else {
-                is = new java.io.FileInputStream(location);
             }
     
             //

Modified: webservices/wss4j/trunk/src/org/apache/ws/security/processor/UsernameTokenProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/processor/UsernameTokenProcessor.java?rev=1036901&r1=1036900&r2=1036901&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/processor/UsernameTokenProcessor.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/processor/UsernameTokenProcessor.java Fri Nov 19 15:34:22 2010
@@ -101,7 +101,7 @@ public class UsernameTokenProcessor impl
         String pwType = ut.getPasswordType();
         if (log.isDebugEnabled()) {
             log.debug("UsernameToken user " + user);
-            log.debug("UsernameToken password " + password);
+            log.debug("UsernameToken password type " + pwType);
         }
         //
         // If the UsernameToken is hashed or plaintext, then retrieve the password from the
@@ -130,9 +130,6 @@ public class UsernameTokenProcessor impl
                 );
             }
             String origPassword = pwCb.getPassword();
-            if (log.isDebugEnabled()) {
-                log.debug("UsernameToken callback password " + origPassword);
-            }
             if (origPassword == null) {
                 if (log.isDebugEnabled()) {
                     log.debug("Callback supplied no password for: " + user);

Propchange: webservices/wss4j/trunk/test/log4j.properties
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Fri Nov 19 15:34:22 2010
@@ -1 +1 @@
-/webservices/wss4j/branches/1_5_x-fixes/test/log4j.properties:1036805
+/webservices/wss4j/branches/1_5_x-fixes/test/log4j.properties:1036805,1036890



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
For additional commands, e-mail: dev-help@ws.apache.org