[jboss-cvs] JBossAS SVN: r79320 - in trunk/system-jmx/src/main/org/jboss: system/deployers and 1 other directory.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Thu Oct 9 20:46:36 EDT 2008
Author: mmoyses
Date: 2008-10-09 20:46:36 -0400 (Thu, 09 Oct 2008)
New Revision: 79320
Modified:
trunk/system-jmx/src/main/org/jboss/deployment/XSLSubDeployer.java
trunk/system-jmx/src/main/org/jboss/system/deployers/ServiceDeploymentDeployer.java
Log:
JBAS-6068: mask passwords printed in the logs
Modified: trunk/system-jmx/src/main/org/jboss/deployment/XSLSubDeployer.java
===================================================================
--- trunk/system-jmx/src/main/org/jboss/deployment/XSLSubDeployer.java 2008-10-10 00:38:36 UTC (rev 79319)
+++ trunk/system-jmx/src/main/org/jboss/deployment/XSLSubDeployer.java 2008-10-10 00:46:36 UTC (rev 79320)
@@ -173,10 +173,15 @@
trans.transform(s, r);
di.document = (Document) r.getNode();
- log.debug("transformed into doc: " + di.document);
if (log.isDebugEnabled())
{
+ log.debug("transformed into doc: " + di.document);
String docStr = DOMWriter.printNode(di.document, true);
+ int index = docStr.toLowerCase().indexOf("password");
+ if (index != -1)
+ {
+ docStr = maskPasswords(docStr, index);
+ }
log.debug("transformed into doc: " + docStr);
}
}
@@ -239,4 +244,37 @@
throw new DeploymentException("Could not create document builder for dd", pce);
}
}
+
+ /**
+ * Masks passwords so they are not visible in the log.
+ *
+ * @param original <code>String</code> plain-text passwords
+ * @param index index where the password keyword was found
+ * @return modified <code>String</code> with masked passwords
+ */
+ private String maskPasswords(String original, int index)
+ {
+ StringBuilder sb = new StringBuilder(original);
+ String modified = null;
+ int startPasswdStringIndex = sb.indexOf(">", index);
+ if (startPasswdStringIndex != -1)
+ {
+ // checks if the keyword 'password' was not in a comment
+ if (sb.charAt(startPasswdStringIndex - 1) != '-')
+ {
+ int endPasswdStringIndex = sb.indexOf("<", startPasswdStringIndex);
+ if (endPasswdStringIndex != -1) // shouldn't happen, but check anyway
+ {
+ sb.replace(startPasswdStringIndex + 1, endPasswdStringIndex, "****");
+ }
+ }
+ modified = sb.toString();
+ // unlikely event of more than one password
+ index = modified.toLowerCase().indexOf("password", startPasswdStringIndex);
+ if (index != -1)
+ return maskPasswords(modified, index);
+ return modified;
+ }
+ return original;
+ }
}
Modified: trunk/system-jmx/src/main/org/jboss/system/deployers/ServiceDeploymentDeployer.java
===================================================================
--- trunk/system-jmx/src/main/org/jboss/system/deployers/ServiceDeploymentDeployer.java 2008-10-10 00:38:36 UTC (rev 79319)
+++ trunk/system-jmx/src/main/org/jboss/system/deployers/ServiceDeploymentDeployer.java 2008-10-10 00:46:36 UTC (rev 79320)
@@ -93,7 +93,16 @@
log.debug("Service deployment has no services: " + deployment.getName());
return;
}
- log.debug(DOMWriter.printNode(config, true));
+ if (log.isDebugEnabled())
+ {
+ String docStr = DOMWriter.printNode(config, true);
+ int index = docStr.toLowerCase().indexOf("password");
+ if (index != -1)
+ {
+ docStr = maskPasswords(docStr, index);
+ }
+ log.debug(docStr);
+ }
ServiceMetaDataParser parser = new ServiceMetaDataParser(config);
services = parser.parse();
deployment.setServices(services);
@@ -146,4 +155,37 @@
removeServiceComponent(unit, deployment);
}
}
+
+ /**
+ * Masks passwords so they are not visible in the log.
+ *
+ * @param original <code>String</code> plain-text passwords
+ * @param index index where the password keyword was found
+ * @return modified <code>String</code> with masked passwords
+ */
+ private String maskPasswords(String original, int index)
+ {
+ StringBuilder sb = new StringBuilder(original);
+ String modified = null;
+ int startPasswdStringIndex = sb.indexOf(">", index);
+ if (startPasswdStringIndex != -1)
+ {
+ // checks if the keyword 'password' was not in a comment
+ if (sb.charAt(startPasswdStringIndex - 1) != '-')
+ {
+ int endPasswdStringIndex = sb.indexOf("<", startPasswdStringIndex);
+ if (endPasswdStringIndex != -1) // shouldn't happen, but check anyway
+ {
+ sb.replace(startPasswdStringIndex + 1, endPasswdStringIndex, "****");
+ }
+ }
+ modified = sb.toString();
+ // unlikely event of more than one password
+ index = modified.toLowerCase().indexOf("password", startPasswdStringIndex);
+ if (index != -1)
+ return maskPasswords(modified, index);
+ return modified;
+ }
+ return original;
+ }
}
More information about the jboss-cvs-commits
mailing list