cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Michael Heß (Created) (JIRA) <j...@apache.org>
Subject [jira] [Created] (CXF-3895) add support for Jetty's password obfuscation methods
Date Mon, 07 Nov 2011 09:23:52 GMT
add support for Jetty's password obfuscation methods
----------------------------------------------------

                 Key: CXF-3895
                 URL: https://issues.apache.org/jira/browse/CXF-3895
             Project: CXF
          Issue Type: Improvement
          Components: Configuration
    Affects Versions: 2.4.2
         Environment: Java 6
Windows XP SP3
CXF 2.4.2
            Reporter: Michael Heß
            Priority: Minor


For SSL connectors, the Jetty configuration allows definition of keystore and truststore passwords
in a obfuscated fashion. See http://wiki.eclipse.org/Jetty/Howto/Secure_Passwords for details.
Currently this does not work when using the Spring based configuration for jetty, i.e. using
for example this

<sec:keyStore type="JKS" password="OBF:1sot1v961saj1v9i1v941sar1v9g1sox" file="conf/keystore"
/>

will lead to an exception on startup, which is identical to those that come up when an invalid
keystore password is provided.

My guess is, that the "OBF:" prefix is not detected by the configuration hook, and therefore
the provided password string is used as-is. (But I am just guessing here...)

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

       

Mime
View raw message