[jboss-cvs] JBossAS SVN: r79320 - in trunk/system-jmx/src/main/org/jboss: system/deployers and 1 other directory.

jboss-cvs-commits at lists.jboss.org jboss-cvs-commits at lists.jboss.org
Thu Oct 9 20:46:36 EDT 2008 

Author: mmoyses
Date: 2008-10-09 20:46:36 -0400 (Thu, 09 Oct 2008)
New Revision: 79320

Modified:
   trunk/system-jmx/src/main/org/jboss/deployment/XSLSubDeployer.java
   trunk/system-jmx/src/main/org/jboss/system/deployers/ServiceDeploymentDeployer.java
Log:
JBAS-6068: mask passwords printed in the logs

Modified: trunk/system-jmx/src/main/org/jboss/deployment/XSLSubDeployer.java
===================================================================
--- trunk/system-jmx/src/main/org/jboss/deployment/XSLSubDeployer.java	2008-10-10 00:38:36 UTC (rev 79319)
+++ trunk/system-jmx/src/main/org/jboss/deployment/XSLSubDeployer.java	2008-10-10 00:46:36 UTC (rev 79320)
@@ -173,10 +173,15 @@
          trans.transform(s, r);
          
          di.document = (Document) r.getNode();
-         log.debug("transformed into doc: " + di.document);
          if (log.isDebugEnabled())
          {
+            log.debug("transformed into doc: " + di.document);
             String docStr = DOMWriter.printNode(di.document, true);
+            int index = docStr.toLowerCase().indexOf("password"); 
+            if (index != -1)
+            {
+               docStr = maskPasswords(docStr, index);
+            }
             log.debug("transformed into doc: " + docStr);
          }
       }
@@ -239,4 +244,37 @@
          throw new DeploymentException("Could not create document builder for dd", pce);
       }
    }
+   
+   /**
+    * Masks passwords so they are not visible in the log.
+    * 
+    * @param original <code>String</code> plain-text passwords
+    * @param index index where the password keyword was found
+    * @return modified <code>String</code> with masked passwords
+    */
+   private String maskPasswords(String original, int index)
+   {
+      StringBuilder sb = new StringBuilder(original);
+      String modified = null;
+      int startPasswdStringIndex = sb.indexOf(">", index);
+      if (startPasswdStringIndex != -1)
+      {
+         // checks if the keyword 'password' was not in a comment
+         if (sb.charAt(startPasswdStringIndex - 1) != '-')
+         {
+            int endPasswdStringIndex = sb.indexOf("<", startPasswdStringIndex);
+            if (endPasswdStringIndex != -1) // shouldn't happen, but check anyway
+            {
+               sb.replace(startPasswdStringIndex + 1, endPasswdStringIndex, "****");
+            }
+         }
+         modified = sb.toString();
+         // unlikely event of more than one password
+         index = modified.toLowerCase().indexOf("password", startPasswdStringIndex);
+         if (index != -1)
+            return maskPasswords(modified, index);
+         return modified;
+      }
+      return original;
+   }
 }

Modified: trunk/system-jmx/src/main/org/jboss/system/deployers/ServiceDeploymentDeployer.java
===================================================================
--- trunk/system-jmx/src/main/org/jboss/system/deployers/ServiceDeploymentDeployer.java	2008-10-10 00:38:36 UTC (rev 79319)
+++ trunk/system-jmx/src/main/org/jboss/system/deployers/ServiceDeploymentDeployer.java	2008-10-10 00:46:36 UTC (rev 79320)
@@ -93,7 +93,16 @@
                   log.debug("Service deployment has no services: " + deployment.getName());
                   return;
                }
-               log.debug(DOMWriter.printNode(config, true));
+               if (log.isDebugEnabled())
+               {
+                  String docStr = DOMWriter.printNode(config, true);
+                  int index = docStr.toLowerCase().indexOf("password"); 
+                  if (index != -1)
+                  {
+                     docStr = maskPasswords(docStr, index);
+                  }
+                  log.debug(docStr);
+               }
                ServiceMetaDataParser parser = new ServiceMetaDataParser(config);
                services = parser.parse();
                deployment.setServices(services);
@@ -146,4 +155,37 @@
          removeServiceComponent(unit, deployment);
       }
    }
+   
+   /**
+    * Masks passwords so they are not visible in the log.
+    * 
+    * @param original <code>String</code> plain-text passwords
+    * @param index index where the password keyword was found
+    * @return modified <code>String</code> with masked passwords
+    */
+   private String maskPasswords(String original, int index)
+   {
+      StringBuilder sb = new StringBuilder(original);
+      String modified = null;
+      int startPasswdStringIndex = sb.indexOf(">", index);
+      if (startPasswdStringIndex != -1)
+      {
+         // checks if the keyword 'password' was not in a comment
+         if (sb.charAt(startPasswdStringIndex - 1) != '-')
+         {
+            int endPasswdStringIndex = sb.indexOf("<", startPasswdStringIndex);
+            if (endPasswdStringIndex != -1) // shouldn't happen, but check anyway
+            {
+               sb.replace(startPasswdStringIndex + 1, endPasswdStringIndex, "****");
+            }
+         }
+         modified = sb.toString();
+         // unlikely event of more than one password
+         index = modified.toLowerCase().indexOf("password", startPasswdStringIndex);
+         if (index != -1)
+            return maskPasswords(modified, index);
+         return modified;
+      }
+      return original;
+   }
 }

More information about the jboss-cvs-commits mailing list