You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@geronimo.apache.org by Jeremy Boynes <jb...@apache.org> on 2005/04/12 23:35:26 UTC

Re: svn commit: r161124 - geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/SecurityServiceImpl.java

We shouldn't log the passwords.

--
Jeremy

adc@apache.org wrote:
> Author: adc
> Date: Tue Apr 12 14:32:56 2005
> New Revision: 161124
> 
> URL: http://svn.apache.org/viewcvs?view=rev&rev=161124
> Log:
> Better logging.
> 
> Modified:
>     geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/SecurityServiceImpl.java
> 
> Modified: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/SecurityServiceImpl.java
> URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/SecurityServiceImpl.java?view=diff&r1=161123&r2=161124
> ==============================================================================
> --- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/SecurityServiceImpl.java (original)
> +++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/SecurityServiceImpl.java Tue Apr 12 14:32:56 2005
> @@ -42,8 +42,6 @@
>  
>      public static boolean POLICY_INSTALLED = false;
>  
> -    private final ServerInfo serverInfo;
> -
>      private final Log log = LogFactory.getLog(SecurityServiceImpl.class);
>  
>      /**
> @@ -54,9 +52,8 @@
>      public SecurityServiceImpl(ClassLoader classLoader, ServerInfo serverInfo, String policyConfigurationFactory,
>                                 String policyProvider, String keyStore, String keyStorePassword,
>                                 String trustStore, String trustStorePassword)
> -            throws PolicyContextException, ClassNotFoundException, IllegalAccessException, InstantiationException {
> -
> -        this.serverInfo = serverInfo;
> +            throws PolicyContextException, ClassNotFoundException, IllegalAccessException, InstantiationException
> +    {
>  
>          /**
>           *  @see "JSR 115 4.6.1" Container Subject Policy Context Handler
> @@ -81,14 +78,16 @@
>          if (policyConfigurationFactory != null)
>              PolicyConfigurationFactory.getPolicyConfigurationFactory();
>  
> -        if (keyStore != null)
> -            keyStore = sysOverRide(serverInfo.resolvePath(keyStore), KEYSTORE);
> -        sysOverRide(keyStorePassword, KEYSTORE_PASSWORD);
> -
> -        if (trustStore != null)
> -            trustStore = sysOverRide(serverInfo.resolvePath(trustStore), TRUSTSTORE);
> -        sysOverRide(trustStore, TRUSTSTORE);
> -        sysOverRide(trustStorePassword, TRUSTSTORE_PASSWORD);
> +        if (keyStore != null) sysOverRide(serverInfo.resolvePath(keyStore), KEYSTORE);
> +        if (keyStorePassword != null) sysOverRide(keyStorePassword, KEYSTORE_PASSWORD);
> +
> +        if (trustStore != null) sysOverRide(serverInfo.resolvePath(trustStore), TRUSTSTORE);
> +        if (trustStorePassword != null) sysOverRide(trustStorePassword, TRUSTSTORE_PASSWORD);
> +
> +        log.info(KEYSTORE + ": " + System.getProperty(KEYSTORE));
> +        log.info(KEYSTORE_PASSWORD + ": " + System.getProperty(KEYSTORE_PASSWORD));
> +        log.info(TRUSTSTORE + ": " + System.getProperty(TRUSTSTORE));
> +        log.info(TRUSTSTORE_PASSWORD + ": " + System.getProperty(TRUSTSTORE_PASSWORD));
>  
>          log.info("JACC factory registered");
>      }
> 
>

Re: svn commit: r161124 - geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/SecurityServiceImpl.java

Posted by "Alan D. Cabrera" <ad...@toolazydogs.com>.

Doh!

Jeremy Boynes wrote:

> We shouldn't log the passwords.
>
> -- 
> Jeremy
>
> adc@apache.org wrote:
>
>> Author: adc
>> Date: Tue Apr 12 14:32:56 2005
>> New Revision: 161124
>>
>> URL: http://svn.apache.org/viewcvs?view=rev&rev=161124
>> Log:
>> Better logging.
>>
>> Modified:
>>     
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/SecurityServiceImpl.java 
>>
>>
>> Modified: 
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/SecurityServiceImpl.java 
>>
>> URL: 
>> http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/SecurityServiceImpl.java?view=diff&r1=161123&r2=161124 
>>
>> ============================================================================== 
>>
>> --- 
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/SecurityServiceImpl.java 
>> (original)
>> +++ 
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/SecurityServiceImpl.java 
>> Tue Apr 12 14:32:56 2005
>> @@ -42,8 +42,6 @@
>>  
>>      public static boolean POLICY_INSTALLED = false;
>>  
>> -    private final ServerInfo serverInfo;
>> -
>>      private final Log log = 
>> LogFactory.getLog(SecurityServiceImpl.class);
>>  
>>      /**
>> @@ -54,9 +52,8 @@
>>      public SecurityServiceImpl(ClassLoader classLoader, ServerInfo 
>> serverInfo, String policyConfigurationFactory,
>>                                 String policyProvider, String 
>> keyStore, String keyStorePassword,
>>                                 String trustStore, String 
>> trustStorePassword)
>> -            throws PolicyContextException, ClassNotFoundException, 
>> IllegalAccessException, InstantiationException {
>> -
>> -        this.serverInfo = serverInfo;
>> +            throws PolicyContextException, ClassNotFoundException, 
>> IllegalAccessException, InstantiationException
>> +    {
>>  
>>          /**
>>           *  @see "JSR 115 4.6.1" Container Subject Policy Context 
>> Handler
>> @@ -81,14 +78,16 @@
>>          if (policyConfigurationFactory != null)
>>              PolicyConfigurationFactory.getPolicyConfigurationFactory();
>>  
>> -        if (keyStore != null)
>> -            keyStore = sysOverRide(serverInfo.resolvePath(keyStore), 
>> KEYSTORE);
>> -        sysOverRide(keyStorePassword, KEYSTORE_PASSWORD);
>> -
>> -        if (trustStore != null)
>> -            trustStore = 
>> sysOverRide(serverInfo.resolvePath(trustStore), TRUSTSTORE);
>> -        sysOverRide(trustStore, TRUSTSTORE);
>> -        sysOverRide(trustStorePassword, TRUSTSTORE_PASSWORD);
>> +        if (keyStore != null) 
>> sysOverRide(serverInfo.resolvePath(keyStore), KEYSTORE);
>> +        if (keyStorePassword != null) sysOverRide(keyStorePassword, 
>> KEYSTORE_PASSWORD);
>> +
>> +        if (trustStore != null) 
>> sysOverRide(serverInfo.resolvePath(trustStore), TRUSTSTORE);
>> +        if (trustStorePassword != null) 
>> sysOverRide(trustStorePassword, TRUSTSTORE_PASSWORD);
>> +
>> +        log.info(KEYSTORE + ": " + System.getProperty(KEYSTORE));
>> +        log.info(KEYSTORE_PASSWORD + ": " + 
>> System.getProperty(KEYSTORE_PASSWORD));
>> +        log.info(TRUSTSTORE + ": " + System.getProperty(TRUSTSTORE));
>> +        log.info(TRUSTSTORE_PASSWORD + ": " + 
>> System.getProperty(TRUSTSTORE_PASSWORD));
>>  
>>          log.info("JACC factory registered");
>>      }
>>
>>