cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Colm O hEigeartaigh (JIRA)" <j...@apache.org>
Subject [jira] [Resolved] (CXF-6222) Password can end up in log file
Date Tue, 27 Jan 2015 15:30:34 GMT

     [ https://issues.apache.org/jira/browse/CXF-6222?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Colm O hEigeartaigh resolved CXF-6222.
--------------------------------------
    Resolution: Fixed

> Password can end up in log file
> -------------------------------
>
>                 Key: CXF-6222
>                 URL: https://issues.apache.org/jira/browse/CXF-6222
>             Project: CXF
>          Issue Type: Bug
>          Components: Core
>            Reporter: Donald Kwakkel
>            Assignee: Colm O hEigeartaigh
>             Fix For: 3.0.4, 2.7.15
>
>
> In AuthPolicyValidatingInterceptor when a policy has no username, password can end up
in log file. 
> {code}
>  public void handleMessage(Message message) throws Fault {
>         AuthorizationPolicy policy = message.get(AuthorizationPolicy.class);
>         if (policy == null || policy.getUserName() == null || policy.getPassword() ==
null) {
>             String name = null;
>             String password = null;
>             if (policy != null) {
>                 name = policy.getUserName();
>                 password = policy.getPassword();
>             }
>             org.apache.cxf.common.i18n.Message errorMsg = 
>                 new org.apache.cxf.common.i18n.Message("NO_USER_PASSWORD", 
>                                                        BUNDLE, 
>                                                        name, password);
>             LOG.warning(errorMsg.toString());
>             throw new SecurityException(errorMsg.toString());
>         }
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message