cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Donald Kwakkel (JIRA)" <j...@apache.org>
Subject [jira] [Created] (CXF-6222) Password can end up in log file
Date Mon, 26 Jan 2015 14:07:34 GMT
Donald Kwakkel created CXF-6222:
-----------------------------------

             Summary: Password can end up in log file
                 Key: CXF-6222
                 URL: https://issues.apache.org/jira/browse/CXF-6222
             Project: CXF
          Issue Type: Bug
          Components: Core
            Reporter: Donald Kwakkel


In AuthPolicyValidatingInterceptor when a policy has no username, password can end up in log
file. 

{code}
 public void handleMessage(Message message) throws Fault {

        AuthorizationPolicy policy = message.get(AuthorizationPolicy.class);
        if (policy == null || policy.getUserName() == null || policy.getPassword() == null)
{
            String name = null;
            String password = null;
            if (policy != null) {
                name = policy.getUserName();
                password = policy.getPassword();
            }
            org.apache.cxf.common.i18n.Message errorMsg = 
                new org.apache.cxf.common.i18n.Message("NO_USER_PASSWORD", 
                                                       BUNDLE, 
                                                       name, password);
            LOG.warning(errorMsg.toString());
            throw new SecurityException(errorMsg.toString());
        }
{code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message