Updated Branches: refs/heads/master 9d5bd2245 -> d6aa78289
CAMEL-4974: Added santizie option to JMX to hide sensitive information like password in URIs exposed in JMX MBean names and attributes. Project: http://git-wip-us.apache.org/repos/asf/camel/repo Commit: http://git-wip-us.apache.org/repos/asf/camel/commit/d6aa7828 Tree: http://git-wip-us.apache.org/repos/asf/camel/tree/d6aa7828 Diff: http://git-wip-us.apache.org/repos/asf/camel/diff/d6aa7828 Branch: refs/heads/master Commit: d6aa78289b0a6cda4e9cc4d1fc4db0d2b6a41701 Parents: 9d5bd22 Author: Claus Ibsen <davscl...@apache.org> Authored: Tue Jul 30 10:02:16 2013 +0200 Committer: Claus Ibsen <davscl...@apache.org> Committed: Tue Jul 30 10:13:30 2013 +0200 ---------------------------------------------------------------------- .../management/DefaultRequiredModelMBean.java | 24 +++++++++++++++++--- .../apache/camel/component/jms/JmsEndpoint.java | 2 +- .../component/zookeeper/ZooKeeperEndpoint.java | 2 +- 3 files changed, 23 insertions(+), 5 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/camel/blob/d6aa7828/camel-core/src/main/java/org/apache/camel/management/DefaultRequiredModelMBean.java ---------------------------------------------------------------------- diff --git a/camel-core/src/main/java/org/apache/camel/management/DefaultRequiredModelMBean.java b/camel-core/src/main/java/org/apache/camel/management/DefaultRequiredModelMBean.java index 1af511c..fd6fdad 100644 --- a/camel-core/src/main/java/org/apache/camel/management/DefaultRequiredModelMBean.java +++ b/camel-core/src/main/java/org/apache/camel/management/DefaultRequiredModelMBean.java @@ -21,20 +21,22 @@ import javax.management.MBeanException; import javax.management.MBeanOperationInfo; import javax.management.ReflectionException; import javax.management.RuntimeOperationsException; -import javax.management.modelmbean.ModelMBeanInfo; import javax.management.modelmbean.RequiredModelMBean; import org.apache.camel.util.ObjectHelper; import org.apache.camel.util.URISupport; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; /** - * A {@link RequiredModelMBean} which allows us to intercept invoking operations. + * A {@link RequiredModelMBean} which allows us to intercept invoking operations on the MBean. * <p/> * For example if sanitize has been enabled on JMX, then we use this implementation * to hide sensitive information from the returned JMX attributes / operations. */ public class DefaultRequiredModelMBean extends RequiredModelMBean { + private static final Logger LOG = LoggerFactory.getLogger(DefaultRequiredModelMBean.class); private boolean sanitize; public DefaultRequiredModelMBean() throws MBeanException, RuntimeOperationsException { @@ -54,7 +56,7 @@ public class DefaultRequiredModelMBean extends RequiredModelMBean { Object answer = super.invoke(opName, opArgs, sig); // sanitize the answer if enabled and it was a String type (we cannot sanitize other types) if (sanitize && answer instanceof String && ObjectHelper.isNotEmpty(answer) && isSanitizedOperation(opName)) { - answer = URISupport.sanitizeUri((String) answer); + answer = sanitize(opName, (String) answer); } return answer; } @@ -71,4 +73,20 @@ public class DefaultRequiredModelMBean extends RequiredModelMBean { } return false; } + + /** + * Sanitizes the returned value from invoking the operation + * + * @param opName the operation name invoked + * @param value the current value + * @return the sanitized value + */ + protected String sanitize(String opName, String value) { + String answer = URISupport.sanitizeUri(value); + if (LOG.isTraceEnabled()) { + LOG.trace("Sanitizing JMX operation: {}.{} value: {} -> {}", + new Object[]{getMBeanInfo().getClassName(), opName, value, answer}); + } + return answer; + } } http://git-wip-us.apache.org/repos/asf/camel/blob/d6aa7828/components/camel-jms/src/main/java/org/apache/camel/component/jms/JmsEndpoint.java ---------------------------------------------------------------------- diff --git a/components/camel-jms/src/main/java/org/apache/camel/component/jms/JmsEndpoint.java b/components/camel-jms/src/main/java/org/apache/camel/component/jms/JmsEndpoint.java index 0b1741a..e8545fa 100644 --- a/components/camel-jms/src/main/java/org/apache/camel/component/jms/JmsEndpoint.java +++ b/components/camel-jms/src/main/java/org/apache/camel/component/jms/JmsEndpoint.java @@ -1130,7 +1130,7 @@ public class JmsEndpoint extends DefaultEndpoint implements HeaderFilterStrategy return getCamelContext().getName(); } - @ManagedAttribute(description = "Endpoint Uri") + @ManagedAttribute(description = "Endpoint Uri", sanitize = true) @Override public String getEndpointUri() { return super.getEndpointUri(); http://git-wip-us.apache.org/repos/asf/camel/blob/d6aa7828/components/camel-zookeeper/src/main/java/org/apache/camel/component/zookeeper/ZooKeeperEndpoint.java ---------------------------------------------------------------------- diff --git a/components/camel-zookeeper/src/main/java/org/apache/camel/component/zookeeper/ZooKeeperEndpoint.java b/components/camel-zookeeper/src/main/java/org/apache/camel/component/zookeeper/ZooKeeperEndpoint.java index 369d699..9832eff 100644 --- a/components/camel-zookeeper/src/main/java/org/apache/camel/component/zookeeper/ZooKeeperEndpoint.java +++ b/components/camel-zookeeper/src/main/java/org/apache/camel/component/zookeeper/ZooKeeperEndpoint.java @@ -66,7 +66,7 @@ public class ZooKeeperEndpoint extends DefaultEndpoint { return connectionManager; } - @ManagedAttribute(description = "Session Password") + @ManagedAttribute(description = "Session Password", sanitize = true) public byte[] getSessionPassword() { return getConfiguration().getSessionPassword(); }
