This is an automated email from the ASF dual-hosted git repository.
clebertsuconic pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/activemq-artemis.git
The following commit(s) were added to refs/heads/main by this push:
new a415917d45 ARTEMIS-5659 support masking JDBC URL
a415917d45 is described below
commit a415917d4542fe9c12589f9ff0ee023ef39326ff
Author: Justin Bertram <[email protected]>
AuthorDate: Mon Sep 15 15:09:55 2025 -0500
ARTEMIS-5659 support masking JDBC URL
---
.../deployers/impl/FileConfigurationParser.java | 6 ++-
...=> FileConfigurationDbEncryptedConfigTest.java} | 58 +++++++++++++++++++---
...l => ConfigurationTest-db-encrypted-config.xml} | 7 +--
3 files changed, 59 insertions(+), 12 deletions(-)
diff --git
a/artemis-server/src/main/java/org/apache/activemq/artemis/core/deployers/impl/FileConfigurationParser.java
b/artemis-server/src/main/java/org/apache/activemq/artemis/core/deployers/impl/FileConfigurationParser.java
index 8f100cf59a..43f8934bb1 100644
---
a/artemis-server/src/main/java/org/apache/activemq/artemis/core/deployers/impl/FileConfigurationParser.java
+++
b/artemis-server/src/main/java/org/apache/activemq/artemis/core/deployers/impl/FileConfigurationParser.java
@@ -2015,7 +2015,11 @@ public final class FileConfigurationParser extends
XMLConfigurationUtil {
conf.setLargeMessageTableName(getString(storeNode,
"large-message-table-name", conf.getLargeMessageTableName(), NO_CHECK));
conf.setPageStoreTableName(getString(storeNode, "page-store-table-name",
conf.getPageStoreTableName(), NO_CHECK));
conf.setNodeManagerStoreTableName(getString(storeNode,
"node-manager-store-table-name", conf.getNodeManagerStoreTableName(),
NO_CHECK));
- conf.setJdbcConnectionUrl(getString(storeNode, "jdbc-connection-url",
conf.getJdbcConnectionUrl(), NO_CHECK));
+ String jdbcConnectionUrl = getString(storeNode, "jdbc-connection-url",
conf.getJdbcConnectionUrl(), NO_CHECK);
+ if (jdbcConnectionUrl != null && !jdbcConnectionUrl.startsWith("jdbc:"))
{
+ jdbcConnectionUrl =
PasswordMaskingUtil.resolveMask(jdbcConnectionUrl,
mainConfig.getPasswordCodec());
+ }
+ conf.setJdbcConnectionUrl(jdbcConnectionUrl);
conf.setJdbcDriverClassName(getString(storeNode,
"jdbc-driver-class-name", conf.getJdbcDriverClassName(), NO_CHECK));
conf.setJdbcNetworkTimeout(getInteger(storeNode, "jdbc-network-timeout",
conf.getJdbcNetworkTimeout(), NO_CHECK));
conf.setJdbcLockRenewPeriodMillis(getLong(storeNode,
"jdbc-lock-renew-period", conf.getJdbcLockRenewPeriodMillis(), NO_CHECK));
diff --git
a/artemis-server/src/test/java/org/apache/activemq/artemis/core/config/impl/FileConfigurationDbEncryptedPassTest.java
b/artemis-server/src/test/java/org/apache/activemq/artemis/core/config/impl/FileConfigurationDbEncryptedConfigTest.java
similarity index 53%
rename from
artemis-server/src/test/java/org/apache/activemq/artemis/core/config/impl/FileConfigurationDbEncryptedPassTest.java
rename to
artemis-server/src/test/java/org/apache/activemq/artemis/core/config/impl/FileConfigurationDbEncryptedConfigTest.java
index d1bafd417e..e2a4a7a0f3 100644
---
a/artemis-server/src/test/java/org/apache/activemq/artemis/core/config/impl/FileConfigurationDbEncryptedPassTest.java
+++
b/artemis-server/src/test/java/org/apache/activemq/artemis/core/config/impl/FileConfigurationDbEncryptedConfigTest.java
@@ -16,17 +16,52 @@
*/
package org.apache.activemq.artemis.core.config.impl;
-import static org.junit.jupiter.api.Assertions.assertTrue;
+import java.util.HashMap;
+import java.util.Map;
import org.apache.activemq.artemis.core.config.Configuration;
import org.apache.activemq.artemis.core.config.FileDeploymentManager;
+import
org.apache.activemq.artemis.core.config.storage.DatabaseStorageConfiguration;
+import org.apache.activemq.artemis.utils.RandomUtil;
import org.apache.activemq.artemis.utils.SensitiveDataCodec;
+import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
-public class FileConfigurationDbEncryptedPassTest extends
AbstractConfigurationTestBase {
+import static org.junit.jupiter.api.Assertions.assertEquals;
+
+public class FileConfigurationDbEncryptedConfigTest extends
AbstractConfigurationTestBase {
+
+ private static final String ENCODED_PASSWORD =
RandomUtil.randomUUIDString();
+ private static final String PASSWORD = RandomUtil.randomUUIDString();
+ private static final String ENCODED_USER = RandomUtil.randomUUIDString();
+ private static final String USER = RandomUtil.randomUUIDString();
+ private static final String ENCODED_URL = RandomUtil.randomUUIDString();
+ private static final String URL = RandomUtil.randomUUIDString();
+
+ private static final Map<String, String> SENSITIVE_PROPERTIES = new
HashMap<>();
+
+ static {
+ SENSITIVE_PROPERTIES.put(ENCODED_PASSWORD, PASSWORD);
+ SENSITIVE_PROPERTIES.put(ENCODED_USER, USER);
+ SENSITIVE_PROPERTIES.put(ENCODED_URL, URL);
+ }
protected String getConfigurationName() {
- return "ConfigurationTest-db-encrypted-pass-config.xml";
+ return "ConfigurationTest-db-encrypted-config.xml";
+ }
+
+ @Override
+ @BeforeEach
+ public void setUp() throws Exception {
+ System.setProperty("dbPass", ENCODED_PASSWORD);
+ System.setProperty("dbUser", ENCODED_USER);
+ System.setProperty("dbUrl", ENCODED_URL);
+ runAfter(() -> {
+ System.clearProperty("dbPass");
+ System.clearProperty("dbUser");
+ System.clearProperty("dbUrl");
+ });
+ super.setUp();
}
@Override
@@ -40,7 +75,17 @@ public class FileConfigurationDbEncryptedPassTest extends
AbstractConfigurationT
@Test
public void testJdbcPasswordWithCustomCodec() {
- assertTrue(MySensitiveStringCodec.decoded);
+ assertEquals(PASSWORD,
((DatabaseStorageConfiguration)conf.getStoreConfiguration()).getJdbcPassword());
+ }
+
+ @Test
+ public void testJdbcUserWithCustomCodec() {
+ assertEquals(USER,
((DatabaseStorageConfiguration)conf.getStoreConfiguration()).getJdbcUser());
+ }
+
+ @Test
+ public void testJdbcUrlWithCustomCodec() {
+ assertEquals(URL,
((DatabaseStorageConfiguration)conf.getStoreConfiguration()).getJdbcConnectionUrl());
}
@Test
@@ -64,12 +109,9 @@ public class FileConfigurationDbEncryptedPassTest extends
AbstractConfigurationT
}
public static class MySensitiveStringCodec implements
SensitiveDataCodec<String> {
- public static boolean decoded = false;
-
@Override
public String decode(Object mask) throws Exception {
- decoded = true;
- return null;
+ return SENSITIVE_PROPERTIES.get(mask);
}
@Override
diff --git
a/artemis-server/src/test/resources/ConfigurationTest-db-encrypted-pass-config.xml
b/artemis-server/src/test/resources/ConfigurationTest-db-encrypted-config.xml
similarity index 85%
rename from
artemis-server/src/test/resources/ConfigurationTest-db-encrypted-pass-config.xml
rename to
artemis-server/src/test/resources/ConfigurationTest-db-encrypted-config.xml
index 9caa854e69..45235f4cc0 100644
---
a/artemis-server/src/test/resources/ConfigurationTest-db-encrypted-pass-config.xml
+++
b/artemis-server/src/test/resources/ConfigurationTest-db-encrypted-config.xml
@@ -20,17 +20,18 @@
xsi:schemaLocation="urn:activemq
../../../../activemq-server/src/main/resources/schema/artemis-server.xsd">
<core xmlns="urn:activemq:core">
-
<password-codec>org.apache.activemq.artemis.core.config.impl.FileConfigurationDbEncryptedPassTest$MySensitiveStringCodec</password-codec>
+
<password-codec>org.apache.activemq.artemis.core.config.impl.FileConfigurationDbEncryptedConfigTest$MySensitiveStringCodec</password-codec>
<store>
<database-store>
<jdbc-driver-class-name>foo</jdbc-driver-class-name>
- <jdbc-connection-url>foo</jdbc-connection-url>
+ <jdbc-connection-url>ENC(${dbUrl})</jdbc-connection-url>
<message-table-name>foo</message-table-name>
<bindings-table-name>foo</bindings-table-name>
<large-message-table-name>foo</large-message-table-name>
<page-store-table-name>foo</page-store-table-name>
- <jdbc-password>ENC(foo)</jdbc-password>
+ <jdbc-password>ENC(${dbPass})</jdbc-password>
+ <jdbc-user>ENC(${dbUser})</jdbc-user>
</database-store>
</store>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
For further information, visit: https://activemq.apache.org/contact
