[jboss-cvs] Picketbox SVN: r479 - in branches/4.0.17.SP2-bz-1022318/security-jboss-sx/jbosssx/src/main/java/org/jboss/security: auth/spi and 2 other directories.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Thu Oct 24 11:30:06 EDT 2013
Author: dehort
Date: 2013-10-24 11:30:06 -0400 (Thu, 24 Oct 2013)
New Revision: 479
Modified:
branches/4.0.17.SP2-bz-1022318/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/callback/LdapCallbackHandler.java
branches/4.0.17.SP2-bz-1022318/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/spi/LdapExtLoginModule.java
branches/4.0.17.SP2-bz-1022318/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/spi/LdapLoginModule.java
branches/4.0.17.SP2-bz-1022318/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/spi/LdapUsersLoginModule.java
branches/4.0.17.SP2-bz-1022318/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/mapping/providers/attribute/LdapAttributeMappingProvider.java
branches/4.0.17.SP2-bz-1022318/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/mapping/providers/role/LdapRolesMappingProvider.java
Log:
Applying a patch for James Livingston
[bz-1022318]
Modified: branches/4.0.17.SP2-bz-1022318/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/callback/LdapCallbackHandler.java
===================================================================
--- branches/4.0.17.SP2-bz-1022318/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/callback/LdapCallbackHandler.java 2013-10-24 15:20:34 UTC (rev 478)
+++ branches/4.0.17.SP2-bz-1022318/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/callback/LdapCallbackHandler.java 2013-10-24 15:30:06 UTC (rev 479)
@@ -408,7 +408,7 @@
env.setProperty(Context.SECURITY_PRINCIPAL, dn);
if (credential != null)
env.put(Context.SECURITY_CREDENTIALS, credential);
- PicketBoxLogger.LOGGER.traceLDAPConnectionEnv(env);
+ this.traceLDAPEnv(env);
return new InitialLdapContext(env, null);
}
@@ -470,6 +470,24 @@
return userDN;
}
+ /**
+ * <p>
+ * Logs the specified LDAP env, masking security-sensitive information (passwords).
+ * </p>
+ *
+ * @param env the LDAP env to be logged.
+ */
+ private void traceLDAPEnv(Properties env)
+ {
+ Properties tmp = new Properties();
+ tmp.putAll(env);
+ if (tmp.containsKey(Context.SECURITY_CREDENTIALS))
+ tmp.setProperty(Context.SECURITY_CREDENTIALS, "******");
+ if (tmp.containsKey(BIND_CREDENTIAL))
+ tmp.setProperty(BIND_CREDENTIAL, "******");
+ PicketBoxLogger.LOGGER.traceLDAPConnectionEnv(tmp);
+ }
+
@SuppressWarnings("rawtypes")
protected void safeClose(NamingEnumeration results)
{
Modified: branches/4.0.17.SP2-bz-1022318/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/spi/LdapExtLoginModule.java
===================================================================
--- branches/4.0.17.SP2-bz-1022318/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/spi/LdapExtLoginModule.java 2013-10-24 15:20:34 UTC (rev 478)
+++ branches/4.0.17.SP2-bz-1022318/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/spi/LdapExtLoginModule.java 2013-10-24 15:30:06 UTC (rev 479)
@@ -763,11 +763,29 @@
env.setProperty(Context.SECURITY_PRINCIPAL, dn);
if (credential != null)
env.put(Context.SECURITY_CREDENTIALS, credential);
- PicketBoxLogger.LOGGER.traceLDAPConnectionEnv(env);
+ this.traceLDAPEnv(env);
return new InitialLdapContext(env, null);
}
- //JBAS-3438 : Handle "/" correctly
+ /**
+ * <p>
+ * Logs the specified LDAP env, masking security-sensitive information (passwords).
+ * </p>
+ *
+ * @param env the LDAP env to be logged.
+ */
+ private void traceLDAPEnv(Properties env)
+ {
+ Properties tmp = new Properties();
+ tmp.putAll(env);
+ if (tmp.containsKey(Context.SECURITY_CREDENTIALS))
+ tmp.setProperty(Context.SECURITY_CREDENTIALS, "******");
+ if (tmp.containsKey(BIND_CREDENTIAL))
+ tmp.setProperty(BIND_CREDENTIAL, "******");
+ PicketBoxLogger.LOGGER.traceLDAPConnectionEnv(tmp);
+ }
+
+ //JBAS-3438 : Handle "/" correctly
private String canonicalize(String searchResult)
{
String result = searchResult;
Modified: branches/4.0.17.SP2-bz-1022318/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/spi/LdapLoginModule.java
===================================================================
--- branches/4.0.17.SP2-bz-1022318/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/spi/LdapLoginModule.java 2013-10-24 15:20:34 UTC (rev 478)
+++ branches/4.0.17.SP2-bz-1022318/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/spi/LdapLoginModule.java 2013-10-24 15:30:06 UTC (rev 479)
@@ -185,7 +185,8 @@
private static final String SEARCH_SCOPE_OPT = "searchScope";
private static final String SECURITY_DOMAIN_OPT = "jaasSecurityDomain";
private static final String ALLOW_EMPTY_PASSWORDS = "allowEmptyPasswords";
-
+ private static final String BIND_CREDENTIAL = "bindCredential";
+
private static final String[] ALL_VALID_OPTIONS =
{
PRINCIPAL_DN_PREFIX_OPT,
@@ -351,7 +352,7 @@
env.setProperty(Context.SECURITY_PRINCIPAL, userDN);
env.put(Context.SECURITY_CREDENTIALS, credential);
- PicketBoxLogger.LOGGER.traceLDAPConnectionEnv(env);
+ this.traceLDAPEnv(env);
InitialLdapContext ctx = null;
ClassLoader currentTCCL = SecurityActions.getContextClassLoader();
@@ -544,4 +545,23 @@
}
}
}
+
+ /**
+ * <p>
+ * Logs the specified LDAP env, masking security-sensitive information (passwords).
+ * </p>
+ *
+ * @param env the LDAP env to be logged.
+ */
+ private void traceLDAPEnv(Properties env)
+ {
+ Properties tmp = new Properties();
+ tmp.putAll(env);
+ if (tmp.containsKey(Context.SECURITY_CREDENTIALS))
+ tmp.setProperty(Context.SECURITY_CREDENTIALS, "******");
+ if (tmp.containsKey(BIND_CREDENTIAL))
+ tmp.setProperty(BIND_CREDENTIAL, "******");
+ PicketBoxLogger.LOGGER.traceLDAPConnectionEnv(tmp);
+ }
+
}
Modified: branches/4.0.17.SP2-bz-1022318/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/spi/LdapUsersLoginModule.java
===================================================================
--- branches/4.0.17.SP2-bz-1022318/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/spi/LdapUsersLoginModule.java 2013-10-24 15:20:34 UTC (rev 478)
+++ branches/4.0.17.SP2-bz-1022318/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/spi/LdapUsersLoginModule.java 2013-10-24 15:30:06 UTC (rev 479)
@@ -278,7 +278,7 @@
env.setProperty(Context.SECURITY_PRINCIPAL, dn);
if (credential != null)
env.put(Context.SECURITY_CREDENTIALS, credential);
- PicketBoxLogger.LOGGER.traceLDAPConnectionEnv(env);
+ this.traceLDAPEnv(env);
return new InitialLdapContext(env, null);
}
@@ -329,4 +329,23 @@
return userDN;
}
+
+ /**
+ * <p>
+ * Logs the specified LDAP env, masking security-sensitive information (passwords).
+ * </p>
+ *
+ * @param env the LDAP env to be logged.
+ */
+ private void traceLDAPEnv(Properties env)
+ {
+ Properties tmp = new Properties();
+ tmp.putAll(env);
+ if (tmp.containsKey(Context.SECURITY_CREDENTIALS))
+ tmp.setProperty(Context.SECURITY_CREDENTIALS, "******");
+ if (tmp.containsKey(BIND_CREDENTIAL))
+ tmp.setProperty(BIND_CREDENTIAL, "******");
+ PicketBoxLogger.LOGGER.traceLDAPConnectionEnv(tmp);
+ }
+
}
Modified: branches/4.0.17.SP2-bz-1022318/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/mapping/providers/attribute/LdapAttributeMappingProvider.java
===================================================================
--- branches/4.0.17.SP2-bz-1022318/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/mapping/providers/attribute/LdapAttributeMappingProvider.java 2013-10-24 15:20:34 UTC (rev 478)
+++ branches/4.0.17.SP2-bz-1022318/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/mapping/providers/attribute/LdapAttributeMappingProvider.java 2013-10-24 15:30:06 UTC (rev 479)
@@ -316,12 +316,30 @@
env.setProperty(Context.SECURITY_PRINCIPAL, dn);
if (credential != null)
env.put(Context.SECURITY_CREDENTIALS, credential);
- PicketBoxLogger.LOGGER.traceLDAPConnectionEnv(env);
+ this.traceLDAPEnv(env);
return new InitialLdapContext(env, null);
}
-
- private String[] getNeededAttributes(String commaSeparatedList)
+
+ /**
+ * <p>
+ * Logs the specified LDAP env, masking security-sensitive information (passwords).
+ * </p>
+ *
+ * @param env the LDAP env to be logged.
+ */
+ private void traceLDAPEnv(Properties env)
{
+ Properties tmp = new Properties();
+ tmp.putAll(env);
+ if (tmp.containsKey(Context.SECURITY_CREDENTIALS))
+ tmp.setProperty(Context.SECURITY_CREDENTIALS, "******");
+ if (tmp.containsKey(BIND_CREDENTIAL))
+ tmp.setProperty(BIND_CREDENTIAL, "******");
+ PicketBoxLogger.LOGGER.traceLDAPConnectionEnv(tmp);
+ }
+
+ private String[] getNeededAttributes(String commaSeparatedList)
+ {
ArrayList<String> arrayList = new ArrayList<String>();
if (commaSeparatedList != null)
{
Modified: branches/4.0.17.SP2-bz-1022318/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/mapping/providers/role/LdapRolesMappingProvider.java
===================================================================
--- branches/4.0.17.SP2-bz-1022318/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/mapping/providers/role/LdapRolesMappingProvider.java 2013-10-24 15:20:34 UTC (rev 478)
+++ branches/4.0.17.SP2-bz-1022318/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/mapping/providers/role/LdapRolesMappingProvider.java 2013-10-24 15:30:06 UTC (rev 479)
@@ -260,7 +260,7 @@
env.setProperty(Context.SECURITY_PRINCIPAL, dn);
if (credential != null)
env.put(Context.SECURITY_CREDENTIALS, credential);
- PicketBoxLogger.LOGGER.traceLDAPConnectionEnv(env);
+ this.traceLDAPEnv(env);
return new InitialLdapContext(env, null);
}
@@ -384,4 +384,22 @@
}
}
+ /**
+ * <p>
+ * Logs the specified LDAP env, masking security-sensitive information (passwords).
+ * </p>
+ *
+ * @param env the LDAP env to be logged.
+ */
+ private void traceLDAPEnv(Properties env)
+ {
+ Properties tmp = new Properties();
+ tmp.putAll(env);
+ if (tmp.containsKey(Context.SECURITY_CREDENTIALS))
+ tmp.setProperty(Context.SECURITY_CREDENTIALS, "******");
+ if (tmp.containsKey(BIND_CREDENTIAL))
+ tmp.setProperty(BIND_CREDENTIAL, "******");
+ PicketBoxLogger.LOGGER.traceLDAPConnectionEnv(tmp);
+ }
+
}
More information about the jboss-cvs-commits
mailing list