[jboss-cvs] JBossAS SVN: r79329 - projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/login.

jboss-cvs-commits at lists.jboss.org jboss-cvs-commits at lists.jboss.org
Thu Oct 9 23:26:55 EDT 2008 

Author: mmoyses
Date: 2008-10-09 23:26:55 -0400 (Thu, 09 Oct 2008)
New Revision: 79329

Modified:
   projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/login/AuthenticationInfo.java
Log:
SECURITY-283: mask passwords/credentials in the log.

Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/login/AuthenticationInfo.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/login/AuthenticationInfo.java	2008-10-10 03:10:17 UTC (rev 79328)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/login/AuthenticationInfo.java	2008-10-10 03:26:55 UTC (rev 79329)
@@ -26,6 +26,7 @@
 import java.util.Map;
 import java.util.Map.Entry;
 
+import javax.naming.Context;
 import javax.security.auth.AuthPermission;
 import javax.security.auth.callback.CallbackHandler;
 import javax.security.auth.login.AppConfigurationEntry;
@@ -56,8 +57,6 @@
       this.name = name;
    }
 
-
-
    public void addAppConfigurationEntry(AppConfigurationEntry entry)
    {
       moduleEntries.add(entry);
@@ -98,14 +97,19 @@
          buffer.append("[" + i + "]");
          buffer.append("\nLoginModule Class: " + entry.getLoginModuleName());
          buffer.append("\nControlFlag: " + entry.getControlFlag());
-         buffer.append("\nOptions:");
+         buffer.append("\nOptions:\n");
          Map<String, ?> options = entry.getOptions();
          Iterator iter = options.entrySet().iterator();
          while (iter.hasNext())
          {
             Entry e = (Entry) iter.next();
-            buffer.append("name=" + e.getKey());
-            buffer.append(", value=" + e.getValue());
+            String name = (String) e.getKey();
+            String value = (String) e.getValue();
+            if (name.toLowerCase().equals("password") || name.toLowerCase().equals("bindcredential")
+                  || name.toLowerCase().equals(Context.SECURITY_CREDENTIALS))
+               value = "****";
+            buffer.append("name=" + name);
+            buffer.append(", value=" + value);
             buffer.append("\n");
          }
       }

More information about the jboss-cvs-commits mailing list