You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@commons.apache.org by gg...@apache.org on 2018/11/13 19:07:27 UTC
commons-dbcp git commit: - [DBCP-528]
org.apache.commons.dbcp2.DriverManagerConnectionFactory should use a char[]
instead of a String to store passwords. - [DBCP-517] Make defensive copies of
char[] passwords.
Repository: commons-dbcp
Updated Branches:
refs/heads/master 34cd3da6f -> ebd133cf7
- [DBCP-528] org.apache.commons.dbcp2.DriverManagerConnectionFactory
should use a char[] instead of a String to store passwords.
- [DBCP-517] Make defensive copies of char[] passwords.
Project: http://git-wip-us.apache.org/repos/asf/commons-dbcp/repo
Commit: http://git-wip-us.apache.org/repos/asf/commons-dbcp/commit/ebd133cf
Tree: http://git-wip-us.apache.org/repos/asf/commons-dbcp/tree/ebd133cf
Diff: http://git-wip-us.apache.org/repos/asf/commons-dbcp/diff/ebd133cf
Branch: refs/heads/master
Commit: ebd133cf778dbee92a1fd175443253ba2bebadf3
Parents: 34cd3da
Author: Gary Gregory <ga...@gmail.com>
Authored: Tue Nov 13 12:07:24 2018 -0700
Committer: Gary Gregory <ga...@gmail.com>
Committed: Tue Nov 13 12:07:24 2018 -0700
----------------------------------------------------------------------
src/changes/changes.xml | 3 +++
.../dbcp2/DataSourceConnectionFactory.java | 2 +-
.../dbcp2/DriverManagerConnectionFactory.java | 24 +++++++++++++++++---
.../TestDriverManagerConnectionFactory.java | 6 ++---
4 files changed, 28 insertions(+), 7 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/commons-dbcp/blob/ebd133cf/src/changes/changes.xml
----------------------------------------------------------------------
diff --git a/src/changes/changes.xml b/src/changes/changes.xml
index 98f341c..f02828f 100644
--- a/src/changes/changes.xml
+++ b/src/changes/changes.xml
@@ -85,6 +85,9 @@ The <action> type attribute can be add,update,fix,remove.
<action dev="ggregory" type="add" issue="DBCP-527" due-to="Gary Gregory">
Add getters to some classes.
</action>
+ <action dev="ggregory" type="add" issue="DBCP-528" due-to="Gary Gregory">
+ org.apache.commons.dbcp2.DriverManagerConnectionFactory should use a char[] instead of a String to store passwords.
+ </action>
</release>
<release version="2.5.0" date="2018-07-15" description="This is a minor release, including bug fixes and enhancements.">
<action dev="ggregory" type="update" issue="DBCP-505" due-to="Gary Gregory">
http://git-wip-us.apache.org/repos/asf/commons-dbcp/blob/ebd133cf/src/main/java/org/apache/commons/dbcp2/DataSourceConnectionFactory.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/commons/dbcp2/DataSourceConnectionFactory.java b/src/main/java/org/apache/commons/dbcp2/DataSourceConnectionFactory.java
index 050c3bb..19a0c18 100644
--- a/src/main/java/org/apache/commons/dbcp2/DataSourceConnectionFactory.java
+++ b/src/main/java/org/apache/commons/dbcp2/DataSourceConnectionFactory.java
@@ -58,7 +58,7 @@ public class DataSourceConnectionFactory implements ConnectionFactory {
public DataSourceConnectionFactory(final DataSource dataSource, final String userName, final char[] userPassword) {
this.dataSource = dataSource;
this.userName = userName;
- this.userPassword = userPassword;
+ this.userPassword = Utils.clone(userPassword);
}
/**
http://git-wip-us.apache.org/repos/asf/commons-dbcp/blob/ebd133cf/src/main/java/org/apache/commons/dbcp2/DriverManagerConnectionFactory.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/commons/dbcp2/DriverManagerConnectionFactory.java b/src/main/java/org/apache/commons/dbcp2/DriverManagerConnectionFactory.java
index 24c506c..eeb1373 100644
--- a/src/main/java/org/apache/commons/dbcp2/DriverManagerConnectionFactory.java
+++ b/src/main/java/org/apache/commons/dbcp2/DriverManagerConnectionFactory.java
@@ -42,7 +42,7 @@ public class DriverManagerConnectionFactory implements ConnectionFactory {
private final String userName;
- private final String userPassword;
+ private final char[] userPassword;
private final Properties properties;
@@ -87,10 +87,28 @@ public class DriverManagerConnectionFactory implements ConnectionFactory {
* the user's password
*/
public DriverManagerConnectionFactory(final String connectionUri, final String userName,
+ final char[] userPassword) {
+ this.connectionUri = connectionUri;
+ this.userName = userName;
+ this.userPassword = Utils.clone(userPassword);
+ this.properties = null;
+ }
+
+ /**
+ * Constructor for DriverManagerConnectionFactory.
+ *
+ * @param connectionUri
+ * a database url of the form <code>jdbc:<em>subprotocol</em>:<em>subname</em></code>
+ * @param userName
+ * the database user
+ * @param userPassword
+ * the user's password
+ */
+ public DriverManagerConnectionFactory(final String connectionUri, final String userName,
final String userPassword) {
this.connectionUri = connectionUri;
this.userName = userName;
- this.userPassword = userPassword;
+ this.userPassword = Utils.toCharArray(userPassword);
this.properties = null;
}
@@ -100,7 +118,7 @@ public class DriverManagerConnectionFactory implements ConnectionFactory {
if (userName == null && userPassword == null) {
return DriverManager.getConnection(connectionUri);
}
- return DriverManager.getConnection(connectionUri, userName, userPassword);
+ return DriverManager.getConnection(connectionUri, userName, Utils.toString(userPassword));
}
return DriverManager.getConnection(connectionUri, properties);
}
http://git-wip-us.apache.org/repos/asf/commons-dbcp/blob/ebd133cf/src/test/java/org/apache/commons/dbcp2/TestDriverManagerConnectionFactory.java
----------------------------------------------------------------------
diff --git a/src/test/java/org/apache/commons/dbcp2/TestDriverManagerConnectionFactory.java b/src/test/java/org/apache/commons/dbcp2/TestDriverManagerConnectionFactory.java
index 959a47c..d053a25 100644
--- a/src/test/java/org/apache/commons/dbcp2/TestDriverManagerConnectionFactory.java
+++ b/src/test/java/org/apache/commons/dbcp2/TestDriverManagerConnectionFactory.java
@@ -75,19 +75,19 @@ public class TestDriverManagerConnectionFactory {
@Test(expected=SQLException.class) // thrown by TestDriver due to invalid password
public void testDriverManagerWithoutPassword() throws SQLException {
- final DriverManagerConnectionFactory cf = new DriverManagerConnectionFactory("jdbc:apache:commons:testdriver", "user", null);
+ final DriverManagerConnectionFactory cf = new DriverManagerConnectionFactory("jdbc:apache:commons:testdriver", "user", (char[]) null);
cf.createConnection();
}
@Test(expected=ArrayIndexOutOfBoundsException.class) // thrown by TestDriver due to missing user
public void testDriverManagerWithoutCredentials() throws SQLException {
- final DriverManagerConnectionFactory cf = new DriverManagerConnectionFactory("jdbc:apache:commons:testdriver", null, null);
+ final DriverManagerConnectionFactory cf = new DriverManagerConnectionFactory("jdbc:apache:commons:testdriver", null, (char[]) null);
cf.createConnection();
}
@Test
public void testDriverManagerCredentialsInUrl() throws SQLException {
- final DriverManagerConnectionFactory cf = new DriverManagerConnectionFactory("jdbc:apache:commons:testdriver;user=foo;password=bar", null, null);
+ final DriverManagerConnectionFactory cf = new DriverManagerConnectionFactory("jdbc:apache:commons:testdriver;user=foo;password=bar", null, (char[]) null);
cf.createConnection();
}