You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@commons.apache.org by gg...@apache.org on 2018/06/10 19:05:04 UTC
commons-dbcp git commit: [DBCP-502]
org.apache.commons.dbcp2.datasources internals should use a char[] instead of
a String to store passwords.
Repository: commons-dbcp
Updated Branches:
refs/heads/master 064c81483 -> 3f28c60b2
[DBCP-502] org.apache.commons.dbcp2.datasources internals should use a
char[] instead of a String to store passwords.
Project: http://git-wip-us.apache.org/repos/asf/commons-dbcp/repo
Commit: http://git-wip-us.apache.org/repos/asf/commons-dbcp/commit/3f28c60b
Tree: http://git-wip-us.apache.org/repos/asf/commons-dbcp/tree/3f28c60b
Diff: http://git-wip-us.apache.org/repos/asf/commons-dbcp/diff/3f28c60b
Branch: refs/heads/master
Commit: 3f28c60b2ccbd4d3965eddfc2e652eb0027b10c9
Parents: 064c814
Author: Gary Gregory <ga...@gmail.com>
Authored: Sun Jun 10 13:05:00 2018 -0600
Committer: Gary Gregory <ga...@gmail.com>
Committed: Sun Jun 10 13:05:00 2018 -0600
----------------------------------------------------------------------
src/changes/changes.xml | 3 +
.../datasources/KeyedCPDSConnectionFactory.java | 2 +-
.../datasources/PooledConnectionAndInfo.java | 37 +++++--
.../commons/dbcp2/datasources/UserPassKey.java | 110 ++++++++++++-------
4 files changed, 103 insertions(+), 49 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/commons-dbcp/blob/3f28c60b/src/changes/changes.xml
----------------------------------------------------------------------
diff --git a/src/changes/changes.xml b/src/changes/changes.xml
index 6fe260e..73e7933 100644
--- a/src/changes/changes.xml
+++ b/src/changes/changes.xml
@@ -94,6 +94,9 @@ The <action> type attribute can be add,update,fix,remove.
<action dev="ggregory" type="update" issue="DBCP-501" due-to="Gary Gregory">
org.apache.commons.dbcp2.datasources.CPDSConnectionFactory should use a char[] instead of a String to store passwords.
</action>
+ <action dev="ggregory" type="update" issue="DBCP-502" due-to="Gary Gregory">
+ org.apache.commons.dbcp2.datasources internals should use a char[] instead of a String to store passwords.
+ </action>
</release>
<release version="2.3.0" date="2018-05-12" description="This is a minor release, including bug fixes and enhancements.">
<action dev="pschumacher" type="fix" issue="DBCP-476" due-to="Gary Evesson, Richard Cordova">
http://git-wip-us.apache.org/repos/asf/commons-dbcp/blob/3f28c60b/src/main/java/org/apache/commons/dbcp2/datasources/KeyedCPDSConnectionFactory.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/commons/dbcp2/datasources/KeyedCPDSConnectionFactory.java b/src/main/java/org/apache/commons/dbcp2/datasources/KeyedCPDSConnectionFactory.java
index 98d8fab..160b78f 100644
--- a/src/main/java/org/apache/commons/dbcp2/datasources/KeyedCPDSConnectionFactory.java
+++ b/src/main/java/org/apache/commons/dbcp2/datasources/KeyedCPDSConnectionFactory.java
@@ -336,7 +336,7 @@ class KeyedCPDSConnectionFactory implements KeyedPooledObjectFactory<UserPassKey
@Override
public void closePool(final String userName) throws SQLException {
try {
- pool.clear(new UserPassKey(userName, null));
+ pool.clear(new UserPassKey(userName));
} catch (final Exception ex) {
throw new SQLException("Error closing connection pool", ex);
}
http://git-wip-us.apache.org/repos/asf/commons-dbcp/blob/3f28c60b/src/main/java/org/apache/commons/dbcp2/datasources/PooledConnectionAndInfo.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/commons/dbcp2/datasources/PooledConnectionAndInfo.java b/src/main/java/org/apache/commons/dbcp2/datasources/PooledConnectionAndInfo.java
index 7f9bef8..3a0414d 100644
--- a/src/main/java/org/apache/commons/dbcp2/datasources/PooledConnectionAndInfo.java
+++ b/src/main/java/org/apache/commons/dbcp2/datasources/PooledConnectionAndInfo.java
@@ -19,6 +19,8 @@ package org.apache.commons.dbcp2.datasources;
import javax.sql.PooledConnection;
+import org.apache.commons.dbcp2.Utils;
+
/**
* Immutable poolable object holding a PooledConnection along with the user name and password used to create the
* connection.
@@ -27,15 +29,26 @@ import javax.sql.PooledConnection;
*/
final class PooledConnectionAndInfo {
private final PooledConnection pooledConnection;
- private final String password;
+ private final char[] userPassword;
private final String userName;
- private final UserPassKey upkey;
+ private final UserPassKey upKey;
- PooledConnectionAndInfo(final PooledConnection pc, final String userName, final String password) {
+ /**
+ * @since 2.4.0
+ */
+ PooledConnectionAndInfo(final PooledConnection pc, final String userName, final char[] userPassword) {
this.pooledConnection = pc;
this.userName = userName;
- this.password = password;
- upkey = new UserPassKey(userName, password);
+ this.userPassword = userPassword;
+ this.upKey = new UserPassKey(userName, userPassword);
+ }
+
+ /**
+ * @deprecated Since 2.4.0
+ */
+ @Deprecated
+ PooledConnectionAndInfo(final PooledConnection pc, final String userName, final String userPassword) {
+ this(pc, userName, Utils.toCharArray(userPassword));
}
PooledConnection getPooledConnection() {
@@ -43,7 +56,7 @@ final class PooledConnectionAndInfo {
}
UserPassKey getUserPassKey() {
- return upkey;
+ return upKey;
}
/**
@@ -52,7 +65,17 @@ final class PooledConnectionAndInfo {
* @return value of password.
*/
String getPassword() {
- return password;
+ return Utils.toString(userPassword);
+ }
+
+ /**
+ * Gets the value of password.
+ *
+ * @return value of password.
+ * @since 2.4.0
+ */
+ char[] getPasswordCharArray() {
+ return userPassword;
}
/**
http://git-wip-us.apache.org/repos/asf/commons-dbcp/blob/3f28c60b/src/main/java/org/apache/commons/dbcp2/datasources/UserPassKey.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/commons/dbcp2/datasources/UserPassKey.java b/src/main/java/org/apache/commons/dbcp2/datasources/UserPassKey.java
index ee32bce..55b4a8f 100644
--- a/src/main/java/org/apache/commons/dbcp2/datasources/UserPassKey.java
+++ b/src/main/java/org/apache/commons/dbcp2/datasources/UserPassKey.java
@@ -19,87 +19,115 @@ package org.apache.commons.dbcp2.datasources;
import java.io.Serializable;
+import org.apache.commons.dbcp2.Utils;
+
/**
- * <p>Holds a user name, password pair. Serves as a poolable object key for the KeyedObjectPool
- * backing a SharedPoolDataSource. Two instances with the same user name are considered equal.
- * This ensures that there will be only one keyed pool for each user in the pool. The password
- * is used (along with the user name) by the KeyedCPDSConnectionFactory when creating new connections.</p>
+ * <p>
+ * Holds a user name and password pair. Serves as a poolable object key for the KeyedObjectPool backing a
+ * SharedPoolDataSource. Two instances with the same user name are considered equal. This ensures that there will be
+ * only one keyed pool for each user in the pool. The password is used (along with the user name) by the
+ * KeyedCPDSConnectionFactory when creating new connections.
+ * </p>
*
- * <p>{@link InstanceKeyDataSource#getConnection(String, String)} validates that the password used to create
- * a connection matches the password provided by the client.</p>
+ * <p>
+ * {@link InstanceKeyDataSource#getConnection(String, String)} validates that the password used to create a connection
+ * matches the password provided by the client.
+ * </p>
*
* @since 2.0
*/
class UserPassKey implements Serializable {
private static final long serialVersionUID = 5142970911626584817L;
- private final String password;
private final String userName;
-
- UserPassKey(final String userName, final String password) {
- this.userName = userName;
- this.password = password;
- }
+ private final char[] userPassword;
/**
- * Gets the value of password.
- *
- * @return value of password.
+ * @since 2.4.0
*/
- public String getPassword() {
- return password;
+ UserPassKey(final String userName) {
+ this(userName, (char[]) null);
}
/**
- * Gets the value of user name.
- *
- * @return value of user name.
+ * @since 2.4.0
*/
- public String getUsername() {
- return userName;
+ UserPassKey(final String userName, final char[] password) {
+ this.userName = userName;
+ this.userPassword = password;
+ }
+
+ UserPassKey(final String userName, final String userPassword) {
+ this(userName, Utils.toCharArray(userPassword));
}
/**
- * @return <code>true</code> if the user name fields for both
- * objects are equal. Two instances with the same user name
- * but different passwords are considered equal.
- *
- * @see java.lang.Object#equals(java.lang.Object)
+ * Only takes the user name into account.
*/
@Override
- public boolean equals(final Object obj) {
+ public boolean equals(Object obj) {
+ if (this == obj) {
+ return true;
+ }
if (obj == null) {
return false;
}
-
- if (obj == this) {
- return true;
+ if (getClass() != obj.getClass()) {
+ return false;
}
-
- if (!(obj instanceof UserPassKey)) {
+ UserPassKey other = (UserPassKey) obj;
+ if (userName == null) {
+ if (other.userName != null) {
+ return false;
+ }
+ } else if (!userName.equals(other.userName)) {
return false;
}
+ return true;
+ }
- final UserPassKey key = (UserPassKey) obj;
+ /**
+ * Gets the value of password.
+ *
+ * @return value of password.
+ */
+ public String getPassword() {
+ return Utils.toString(userPassword);
+ }
+
+ /**
+ * Gets the value of password.
+ *
+ * @return value of password.
+ */
+ public char[] getPasswordCharArray() {
+ return userPassword;
+ }
- return this.userName == null ?
- key.userName == null :
- this.userName.equals(key.userName);
+ /**
+ * Gets the value of user name.
+ *
+ * @return value of user name.
+ */
+ public String getUsername() {
+ return userName;
}
/**
- * Returns the hash of the user name.
+ * Only takes the user name into account.
*/
@Override
public int hashCode() {
- return this.userName != null ?
- this.userName.hashCode() : 0;
+ final int prime = 31;
+ int result = 1;
+ result = prime * result + ((userName == null) ? 0 : userName.hashCode());
+ return result;
}
@Override
public String toString() {
final StringBuffer sb = new StringBuffer(50);
sb.append("UserPassKey(");
- sb.append(userName).append(", ").append(password).append(')');
+ sb.append(userName).append(", ").append(userPassword).append(')');
return sb.toString();
}
}