commons-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ol...@apache.org
Subject cvs commit: jakarta-commons/httpclient/src/java/org/apache/commons/httpclient/auth BasicScheme.java DigestScheme.java NTLMScheme.java
Date Wed, 13 Aug 2003 19:57:10 GMT
olegk       2003/08/13 12:57:10

  Modified:    httpclient/src/java/org/apache/commons/httpclient/auth
                        BasicScheme.java DigestScheme.java NTLMScheme.java
  Log:
  Fixes the problem of Basic, Digest & NTLM authentication schemes leaking passwords in
clear text to the log.
  
  Contributed by Oleg Kalnichevski
  
  Revision  Changes    Path
  1.6       +4 -4      jakarta-commons/httpclient/src/java/org/apache/commons/httpclient/auth/BasicScheme.java
  
  Index: BasicScheme.java
  ===================================================================
  RCS file: /home/cvs/jakarta-commons/httpclient/src/java/org/apache/commons/httpclient/auth/BasicScheme.java,v
  retrieving revision 1.5
  retrieving revision 1.6
  diff -u -r1.5 -r1.6
  --- BasicScheme.java	22 Jul 2003 18:10:24 -0000	1.5
  +++ BasicScheme.java	13 Aug 2003 19:57:10 -0000	1.6
  @@ -137,7 +137,7 @@
           } catch (ClassCastException e) {
               throw new InvalidCredentialsException(
                "Credentials cannot be used for basic authentication: " 
  -              + credentials.toString());
  +              + credentials.getClass().getName());
           }
           return BasicScheme.authenticate(usernamepassword);
       }
  
  
  
  1.6       +5 -5      jakarta-commons/httpclient/src/java/org/apache/commons/httpclient/auth/DigestScheme.java
  
  Index: DigestScheme.java
  ===================================================================
  RCS file: /home/cvs/jakarta-commons/httpclient/src/java/org/apache/commons/httpclient/auth/DigestScheme.java,v
  retrieving revision 1.5
  retrieving revision 1.6
  diff -u -r1.5 -r1.6
  --- DigestScheme.java	22 Jul 2003 18:10:24 -0000	1.5
  +++ DigestScheme.java	13 Aug 2003 19:57:10 -0000	1.6
  @@ -155,8 +155,8 @@
               usernamepassword = (UsernamePasswordCredentials) credentials;
           } catch (ClassCastException e) {
               throw new InvalidCredentialsException(
  -             "Credentials cannot be used for basic authentication: " 
  -              + credentials.toString());
  +             "Credentials cannot be used for digest authentication: " 
  +              + credentials.getClass().getName());
           }
           this.getParameters().put("cnonce", createCnonce());
           this.getParameters().put("methodname", method);
  
  
  
  1.10      +4 -4      jakarta-commons/httpclient/src/java/org/apache/commons/httpclient/auth/NTLMScheme.java
  
  Index: NTLMScheme.java
  ===================================================================
  RCS file: /home/cvs/jakarta-commons/httpclient/src/java/org/apache/commons/httpclient/auth/NTLMScheme.java,v
  retrieving revision 1.9
  retrieving revision 1.10
  diff -u -r1.9 -r1.10
  --- NTLMScheme.java	22 Jul 2003 18:10:25 -0000	1.9
  +++ NTLMScheme.java	13 Aug 2003 19:57:10 -0000	1.10
  @@ -218,7 +218,7 @@
           } catch (ClassCastException e) {
               throw new InvalidCredentialsException(
                "Credentials cannot be used for NTLM authentication: " 
  -              + credentials.toString());
  +              + credentials.getClass().getName());
           }
           return NTLMScheme.authenticate(ntcredentials, this.ntlmchallenge);
       }    
  
  
  

Mime
View raw message