You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@geronimo.apache.org by Jeremy Boynes <jb...@apache.org> on 2005/04/12 23:35:26 UTC
Re: svn commit: r161124 - geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/SecurityServiceImpl.java
We shouldn't log the passwords.
--
Jeremy
adc@apache.org wrote:
> Author: adc
> Date: Tue Apr 12 14:32:56 2005
> New Revision: 161124
>
> URL: http://svn.apache.org/viewcvs?view=rev&rev=161124
> Log:
> Better logging.
>
> Modified:
> geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/SecurityServiceImpl.java
>
> Modified: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/SecurityServiceImpl.java
> URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/SecurityServiceImpl.java?view=diff&r1=161123&r2=161124
> ==============================================================================
> --- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/SecurityServiceImpl.java (original)
> +++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/SecurityServiceImpl.java Tue Apr 12 14:32:56 2005
> @@ -42,8 +42,6 @@
>
> public static boolean POLICY_INSTALLED = false;
>
> - private final ServerInfo serverInfo;
> -
> private final Log log = LogFactory.getLog(SecurityServiceImpl.class);
>
> /**
> @@ -54,9 +52,8 @@
> public SecurityServiceImpl(ClassLoader classLoader, ServerInfo serverInfo, String policyConfigurationFactory,
> String policyProvider, String keyStore, String keyStorePassword,
> String trustStore, String trustStorePassword)
> - throws PolicyContextException, ClassNotFoundException, IllegalAccessException, InstantiationException {
> -
> - this.serverInfo = serverInfo;
> + throws PolicyContextException, ClassNotFoundException, IllegalAccessException, InstantiationException
> + {
>
> /**
> * @see "JSR 115 4.6.1" Container Subject Policy Context Handler
> @@ -81,14 +78,16 @@
> if (policyConfigurationFactory != null)
> PolicyConfigurationFactory.getPolicyConfigurationFactory();
>
> - if (keyStore != null)
> - keyStore = sysOverRide(serverInfo.resolvePath(keyStore), KEYSTORE);
> - sysOverRide(keyStorePassword, KEYSTORE_PASSWORD);
> -
> - if (trustStore != null)
> - trustStore = sysOverRide(serverInfo.resolvePath(trustStore), TRUSTSTORE);
> - sysOverRide(trustStore, TRUSTSTORE);
> - sysOverRide(trustStorePassword, TRUSTSTORE_PASSWORD);
> + if (keyStore != null) sysOverRide(serverInfo.resolvePath(keyStore), KEYSTORE);
> + if (keyStorePassword != null) sysOverRide(keyStorePassword, KEYSTORE_PASSWORD);
> +
> + if (trustStore != null) sysOverRide(serverInfo.resolvePath(trustStore), TRUSTSTORE);
> + if (trustStorePassword != null) sysOverRide(trustStorePassword, TRUSTSTORE_PASSWORD);
> +
> + log.info(KEYSTORE + ": " + System.getProperty(KEYSTORE));
> + log.info(KEYSTORE_PASSWORD + ": " + System.getProperty(KEYSTORE_PASSWORD));
> + log.info(TRUSTSTORE + ": " + System.getProperty(TRUSTSTORE));
> + log.info(TRUSTSTORE_PASSWORD + ": " + System.getProperty(TRUSTSTORE_PASSWORD));
>
> log.info("JACC factory registered");
> }
>
>
Re: svn commit: r161124 - geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/SecurityServiceImpl.java
Posted by "Alan D. Cabrera" <ad...@toolazydogs.com>.
Doh!
Jeremy Boynes wrote:
> We shouldn't log the passwords.
>
> --
> Jeremy
>
> adc@apache.org wrote:
>
>> Author: adc
>> Date: Tue Apr 12 14:32:56 2005
>> New Revision: 161124
>>
>> URL: http://svn.apache.org/viewcvs?view=rev&rev=161124
>> Log:
>> Better logging.
>>
>> Modified:
>>
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/SecurityServiceImpl.java
>>
>>
>> Modified:
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/SecurityServiceImpl.java
>>
>> URL:
>> http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/SecurityServiceImpl.java?view=diff&r1=161123&r2=161124
>>
>> ==============================================================================
>>
>> ---
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/SecurityServiceImpl.java
>> (original)
>> +++
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/SecurityServiceImpl.java
>> Tue Apr 12 14:32:56 2005
>> @@ -42,8 +42,6 @@
>>
>> public static boolean POLICY_INSTALLED = false;
>>
>> - private final ServerInfo serverInfo;
>> -
>> private final Log log =
>> LogFactory.getLog(SecurityServiceImpl.class);
>>
>> /**
>> @@ -54,9 +52,8 @@
>> public SecurityServiceImpl(ClassLoader classLoader, ServerInfo
>> serverInfo, String policyConfigurationFactory,
>> String policyProvider, String
>> keyStore, String keyStorePassword,
>> String trustStore, String
>> trustStorePassword)
>> - throws PolicyContextException, ClassNotFoundException,
>> IllegalAccessException, InstantiationException {
>> -
>> - this.serverInfo = serverInfo;
>> + throws PolicyContextException, ClassNotFoundException,
>> IllegalAccessException, InstantiationException
>> + {
>>
>> /**
>> * @see "JSR 115 4.6.1" Container Subject Policy Context
>> Handler
>> @@ -81,14 +78,16 @@
>> if (policyConfigurationFactory != null)
>> PolicyConfigurationFactory.getPolicyConfigurationFactory();
>>
>> - if (keyStore != null)
>> - keyStore = sysOverRide(serverInfo.resolvePath(keyStore),
>> KEYSTORE);
>> - sysOverRide(keyStorePassword, KEYSTORE_PASSWORD);
>> -
>> - if (trustStore != null)
>> - trustStore =
>> sysOverRide(serverInfo.resolvePath(trustStore), TRUSTSTORE);
>> - sysOverRide(trustStore, TRUSTSTORE);
>> - sysOverRide(trustStorePassword, TRUSTSTORE_PASSWORD);
>> + if (keyStore != null)
>> sysOverRide(serverInfo.resolvePath(keyStore), KEYSTORE);
>> + if (keyStorePassword != null) sysOverRide(keyStorePassword,
>> KEYSTORE_PASSWORD);
>> +
>> + if (trustStore != null)
>> sysOverRide(serverInfo.resolvePath(trustStore), TRUSTSTORE);
>> + if (trustStorePassword != null)
>> sysOverRide(trustStorePassword, TRUSTSTORE_PASSWORD);
>> +
>> + log.info(KEYSTORE + ": " + System.getProperty(KEYSTORE));
>> + log.info(KEYSTORE_PASSWORD + ": " +
>> System.getProperty(KEYSTORE_PASSWORD));
>> + log.info(TRUSTSTORE + ": " + System.getProperty(TRUSTSTORE));
>> + log.info(TRUSTSTORE_PASSWORD + ": " +
>> System.getProperty(TRUSTSTORE_PASSWORD));
>>
>> log.info("JACC factory registered");
>> }
>>
>>