activemq-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Timothy Bish (JIRA)" <j...@apache.org>
Subject [jira] [Resolved] (AMQ-2858) ConnectionInfo does not override toString to stop logging actual Password in case of Warning.
Date Wed, 29 Jun 2011 22:22:28 GMT

     [ https://issues.apache.org/jira/browse/AMQ-2858?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Timothy Bish resolved AMQ-2858.
-------------------------------

       Resolution: Fixed
    Fix Version/s: 5.3.1

Fixed by AMQ-2499

The IntrospectionSupport class maps all properties named "password" to 'XXXX'

> ConnectionInfo does not override toString to stop logging actual Password in case of
Warning. 
> ----------------------------------------------------------------------------------------------
>
>                 Key: AMQ-2858
>                 URL: https://issues.apache.org/jira/browse/AMQ-2858
>             Project: ActiveMQ
>          Issue Type: Bug
>          Components: Broker
>    Affects Versions: 5.3.0
>         Environment: Linux
>            Reporter: Kamal
>            Priority: Critical
>             Fix For: 5.3.1
>
>
> In case of exception as shown below, the ConnectionInfo logged as warning which logs
Password in plain Text. Should have encrypted or log as XXXX or YYYY ... 
> If ConnectionInfo override the BaseCommand's toString(Map<String, Object>overrideFields)
method and set Password as XXXXX... this would be better handled. 
> WARN  org.apache.activemq.broker.TransportConnection.Service [ActiveMQ Transport Stopper:
/134.42.197.187:2512] - Failed to remove connection ConnectionInfo {commandId = 1, responseRequired
= true, connectionId = 4a6df719-b8ed-4431-a97f-52b93078f021, clientId = 2061e6c0-f8e0-4882-860c-89c3fd7e36db,
userName = YYYYX *password = X2342$*, brokerPath = null, brokerMasterConnector = false, manageable
= false, clientMaster = true}
> java.lang.SecurityException: User is not authenticated.
> 	at org.apache.activemq.security.AuthorizationBroker.addDestination(AuthorizationBroker.java:52)
> 	at org.apache.activemq.broker.MutableBrokerFilter.addDestination(MutableBrokerFilter.java:149)
> 	at org.apache.activemq.broker.region.RegionBroker.send(RegionBroker.java:425)
> 	at org.apache.activemq.broker.TransactionBroker.send(TransactionBroker.java:224)
> 	at org.apache.activemq.advisory.AdvisoryBroker.fireAdvisory(AdvisoryBroker.java:439)
> 	at org.apache.activemq.advisory.AdvisoryBroker.fireAdvisory(AdvisoryBroker.java:369)
> 	at org.apache.activemq.advisory.AdvisoryBroker.fireAdvisory(AdvisoryBroker.java:364)
> 	at org.apache.activemq.advisory.AdvisoryBroker.removeConnection(AdvisoryBroker.java:223)
> 	at org.apache.activemq.broker.BrokerFilter.removeConnection(BrokerFilter.java:110)
> 	at org.apache.activemq.broker.BrokerFilter.removeConnection(BrokerFilter.java:110)
> 	at org.apache.activemq.broker.BrokerFilter.removeConnection(BrokerFilter.java:110)
> 	at org.apache.activemq.broker.MutableBrokerFilter.removeConnection(MutableBrokerFilter.java:117)
> 	at org.apache.activemq.broker.TransportConnection.processRemoveConnection(TransportConnection.java:709)
> 	at org.apache.activemq.broker.TransportConnection.doStop(TransportConnection.java:976)
> 	at org.apache.activemq.broker.jmx.ManagedTransportConnection.doStop(ManagedTransportConnection.java:71)
> 	at org.apache.activemq.broker.TransportConnection$3.run(TransportConnection.java:907)

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message