You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cxf.apache.org by "Colm O hEigeartaigh (JIRA)" <ji...@apache.org> on 2015/01/26 17:14:35 UTC
[jira] [Assigned] (CXF-6222) Password can end up in log file
[ https://issues.apache.org/jira/browse/CXF-6222?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Colm O hEigeartaigh reassigned CXF-6222:
----------------------------------------
Assignee: Colm O hEigeartaigh
> Password can end up in log file
> -------------------------------
>
> Key: CXF-6222
> URL: https://issues.apache.org/jira/browse/CXF-6222
> Project: CXF
> Issue Type: Bug
> Components: Core
> Reporter: Donald Kwakkel
> Assignee: Colm O hEigeartaigh
>
> In AuthPolicyValidatingInterceptor when a policy has no username, password can end up in log file.
> {code}
> public void handleMessage(Message message) throws Fault {
> AuthorizationPolicy policy = message.get(AuthorizationPolicy.class);
> if (policy == null || policy.getUserName() == null || policy.getPassword() == null) {
> String name = null;
> String password = null;
> if (policy != null) {
> name = policy.getUserName();
> password = policy.getPassword();
> }
> org.apache.cxf.common.i18n.Message errorMsg =
> new org.apache.cxf.common.i18n.Message("NO_USER_PASSWORD",
> BUNDLE,
> name, password);
> LOG.warning(errorMsg.toString());
> throw new SecurityException(errorMsg.toString());
> }
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)