[jboss-cvs] JBossAS SVN: r79329 - projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/login.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Thu Oct 9 23:26:55 EDT 2008
Author: mmoyses
Date: 2008-10-09 23:26:55 -0400 (Thu, 09 Oct 2008)
New Revision: 79329
Modified:
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/login/AuthenticationInfo.java
Log:
SECURITY-283: mask passwords/credentials in the log.
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/login/AuthenticationInfo.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/login/AuthenticationInfo.java 2008-10-10 03:10:17 UTC (rev 79328)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/login/AuthenticationInfo.java 2008-10-10 03:26:55 UTC (rev 79329)
@@ -26,6 +26,7 @@
import java.util.Map;
import java.util.Map.Entry;
+import javax.naming.Context;
import javax.security.auth.AuthPermission;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.AppConfigurationEntry;
@@ -56,8 +57,6 @@
this.name = name;
}
-
-
public void addAppConfigurationEntry(AppConfigurationEntry entry)
{
moduleEntries.add(entry);
@@ -98,14 +97,19 @@
buffer.append("[" + i + "]");
buffer.append("\nLoginModule Class: " + entry.getLoginModuleName());
buffer.append("\nControlFlag: " + entry.getControlFlag());
- buffer.append("\nOptions:");
+ buffer.append("\nOptions:\n");
Map<String, ?> options = entry.getOptions();
Iterator iter = options.entrySet().iterator();
while (iter.hasNext())
{
Entry e = (Entry) iter.next();
- buffer.append("name=" + e.getKey());
- buffer.append(", value=" + e.getValue());
+ String name = (String) e.getKey();
+ String value = (String) e.getValue();
+ if (name.toLowerCase().equals("password") || name.toLowerCase().equals("bindcredential")
+ || name.toLowerCase().equals(Context.SECURITY_CREDENTIALS))
+ value = "****";
+ buffer.append("name=" + name);
+ buffer.append(", value=" + value);
buffer.append("\n");
}
}
More information about the jboss-cvs-commits
mailing list