Author: fhanik
Date: Tue Jan 11 17:28:05 2011
New Revision: 1057743
URL: http://svn.apache.org/viewvc?rev=1057743&view=rev
Log:
Mask the password through all the JMX operations
Added:
tomcat/trunk/modules/jdbc-pool/java/org/apache/tomcat/jdbc/pool/PoolUtilities.java
(with props)
tomcat/trunk/modules/jdbc-pool/test/org/apache/tomcat/jdbc/test/JmxPasswordTest.java
(with props)
Modified:
tomcat/trunk/modules/jdbc-pool/build.properties.default
tomcat/trunk/modules/jdbc-pool/java/org/apache/tomcat/jdbc/pool/PooledConnection.java
tomcat/trunk/modules/jdbc-pool/java/org/apache/tomcat/jdbc/pool/jmx/ConnectionPool.java
tomcat/trunk/modules/jdbc-pool/sign.sh
tomcat/trunk/modules/jdbc-pool/test/org/apache/tomcat/jdbc/test/Async0IdleTestBug50477.java
Modified: tomcat/trunk/modules/jdbc-pool/build.properties.default
URL:
http://svn.apache.org/viewvc/tomcat/trunk/modules/jdbc-pool/build.properties.default?rev=1057743&r1=1057742&r2=1057743&view=diff
==============================================================================
--- tomcat/trunk/modules/jdbc-pool/build.properties.default (original)
+++ tomcat/trunk/modules/jdbc-pool/build.properties.default Tue Jan 11 17:28:05
2011
@@ -28,7 +28,7 @@
version.major=1
version.minor=0
version.build=9
-version.patch=1
+version.patch=2
version.suffix=
# ----- Default Base Path for Dependent Packages -----
Added:
tomcat/trunk/modules/jdbc-pool/java/org/apache/tomcat/jdbc/pool/PoolUtilities.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/modules/jdbc-pool/java/org/apache/tomcat/jdbc/pool/PoolUtilities.java?rev=1057743&view=auto
==============================================================================
---
tomcat/trunk/modules/jdbc-pool/java/org/apache/tomcat/jdbc/pool/PoolUtilities.java
(added)
+++
tomcat/trunk/modules/jdbc-pool/java/org/apache/tomcat/jdbc/pool/PoolUtilities.java
Tue Jan 11 17:28:05 2011
@@ -0,0 +1,43 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.tomcat.jdbc.pool;
+
+import java.util.Properties;
+
+/**
+ *
+ * @author fhanik
+ *
+ */
+public class PoolUtilities {
+
+ public static final String PROP_USER = "user";
+
+ public static final String PROP_PASSWORD = "password";
+
+ public static Properties clone(Properties p) {
+ Properties c = new Properties();
+ c.putAll(p);
+ return c;
+ }
+
+ public static Properties cloneWithoutPassword(Properties p) {
+ Properties result = clone(p);
+ result.remove(PROP_PASSWORD);
+ return result;
+ }
+}
Propchange:
tomcat/trunk/modules/jdbc-pool/java/org/apache/tomcat/jdbc/pool/PoolUtilities.java
------------------------------------------------------------------------------
svn:eol-style = native
Modified:
tomcat/trunk/modules/jdbc-pool/java/org/apache/tomcat/jdbc/pool/PooledConnection.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/modules/jdbc-pool/java/org/apache/tomcat/jdbc/pool/PooledConnection.java?rev=1057743&r1=1057742&r2=1057743&view=diff
==============================================================================
---
tomcat/trunk/modules/jdbc-pool/java/org/apache/tomcat/jdbc/pool/PooledConnection.java
(original)
+++
tomcat/trunk/modules/jdbc-pool/java/org/apache/tomcat/jdbc/pool/PooledConnection.java
Tue Jan 11 17:28:05 2011
@@ -41,9 +41,9 @@ public class PooledConnection {
*/
private static final Log log = LogFactory.getLog(PooledConnection.class);
- public static final String PROP_USER = "user";
+ public static final String PROP_USER = PoolUtilities.PROP_USER;
- public static final String PROP_PASSWORD = "password";
+ public static final String PROP_PASSWORD = PoolUtilities.PROP_PASSWORD;
/**
* Validate when connection is borrowed flag
@@ -61,7 +61,6 @@ public class PooledConnection {
* Validate when connection is initialized flag
*/
public static final int VALIDATE_INIT = 4;
-
/**
* The properties for the connection pool
*/
@@ -260,7 +259,7 @@ public class PooledConnection {
pwd = poolProperties.getPassword();
getAttributes().put(PROP_PASSWORD, pwd);
}
- Properties properties = clone(poolProperties.getDbProperties());
+ Properties properties =
PoolUtilities.clone(poolProperties.getDbProperties());
if (usr != null) properties.setProperty(PROP_USER, usr);
if (pwd != null) properties.setProperty(PROP_PASSWORD, pwd);
@@ -287,12 +286,6 @@ public class PooledConnection {
}
}
- private Properties clone(Properties p) {
- Properties c = new Properties();
- c.putAll(p);
- return c;
- }
-
/**
*
* @return true if connect() was called successfully and disconnect has
not yet been called
Modified:
tomcat/trunk/modules/jdbc-pool/java/org/apache/tomcat/jdbc/pool/jmx/ConnectionPool.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/modules/jdbc-pool/java/org/apache/tomcat/jdbc/pool/jmx/ConnectionPool.java?rev=1057743&r1=1057742&r2=1057743&view=diff
==============================================================================
---
tomcat/trunk/modules/jdbc-pool/java/org/apache/tomcat/jdbc/pool/jmx/ConnectionPool.java
(original)
+++
tomcat/trunk/modules/jdbc-pool/java/org/apache/tomcat/jdbc/pool/jmx/ConnectionPool.java
Tue Jan 11 17:28:05 2011
@@ -29,6 +29,7 @@ import javax.management.NotificationList
import org.apache.juli.logging.Log;
import org.apache.juli.logging.LogFactory;
import org.apache.tomcat.jdbc.pool.PoolConfiguration;
+import org.apache.tomcat.jdbc.pool.PoolUtilities;
import org.apache.tomcat.jdbc.pool.Validator;
import org.apache.tomcat.jdbc.pool.PoolProperties.InterceptorDefinition;
@@ -184,7 +185,7 @@ public class ConnectionPool extends Noti
}
public Properties getDbProperties() {
- return getPoolProperties().getDbProperties();
+ return
PoolUtilities.cloneWithoutPassword(getPoolProperties().getDbProperties());
}
public String getDefaultCatalog() {
Modified: tomcat/trunk/modules/jdbc-pool/sign.sh
URL:
http://svn.apache.org/viewvc/tomcat/trunk/modules/jdbc-pool/sign.sh?rev=1057743&r1=1057742&r2=1057743&view=diff
==============================================================================
--- tomcat/trunk/modules/jdbc-pool/sign.sh (original)
+++ tomcat/trunk/modules/jdbc-pool/sign.sh Tue Jan 11 17:28:05 2011
@@ -15,7 +15,7 @@
# See the License for the specific language governing permissions and
# limitations under the License.
-VERSION=v1.0.9.1
+VERSION=v1.0.9.2
for i in $(find output/release/$VERSION -name "*.zip" -o -name "*.tar.gz"); do
echo Signing $i
echo $1|gpg --passphrase-fd 0 -a -b $i
Modified:
tomcat/trunk/modules/jdbc-pool/test/org/apache/tomcat/jdbc/test/Async0IdleTestBug50477.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/modules/jdbc-pool/test/org/apache/tomcat/jdbc/test/Async0IdleTestBug50477.java?rev=1057743&r1=1057742&r2=1057743&view=diff
==============================================================================
---
tomcat/trunk/modules/jdbc-pool/test/org/apache/tomcat/jdbc/test/Async0IdleTestBug50477.java
(original)
+++
tomcat/trunk/modules/jdbc-pool/test/org/apache/tomcat/jdbc/test/Async0IdleTestBug50477.java
Tue Jan 11 17:28:05 2011
@@ -1,4 +1,3 @@
-
/*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
Added:
tomcat/trunk/modules/jdbc-pool/test/org/apache/tomcat/jdbc/test/JmxPasswordTest.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/modules/jdbc-pool/test/org/apache/tomcat/jdbc/test/JmxPasswordTest.java?rev=1057743&view=auto
==============================================================================
---
tomcat/trunk/modules/jdbc-pool/test/org/apache/tomcat/jdbc/test/JmxPasswordTest.java
(added)
+++
tomcat/trunk/modules/jdbc-pool/test/org/apache/tomcat/jdbc/test/JmxPasswordTest.java
Tue Jan 11 17:28:05 2011
@@ -0,0 +1,71 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.tomcat.jdbc.test;
+
+import java.lang.management.ManagementFactory;
+import java.util.Hashtable;
+import java.util.Properties;
+
+import javax.management.JMX;
+import javax.management.MBeanServer;
+import javax.management.ObjectName;
+
+import org.apache.tomcat.jdbc.pool.ConnectionPool;
+import org.apache.tomcat.jdbc.pool.PoolUtilities;
+import org.apache.tomcat.jdbc.pool.jmx.ConnectionPoolMBean;
+import org.apache.tomcat.jdbc.test.driver.Driver;
+
+public class JmxPasswordTest extends DefaultTestCase{
+ public static final String password = "password";
+ public static final String username = "username";
+ public static ObjectName oname = null;
+
+ public JmxPasswordTest(String s) {
+ super(s);
+ }
+
+ @Override
+ public void setUp() throws Exception {
+ super.setUp();
+ this.datasource.setDriverClassName(Driver.class.getName());
+ this.datasource.setUrl("jdbc:tomcat:test");
+ this.datasource.setPassword(password);
+ this.datasource.setUsername(username);
+ this.datasource.getConnection().close();
+ MBeanServer mbs = ManagementFactory.getPlatformMBeanServer();
+ String domain = "tomcat.jdbc";
+ Hashtable<String,String> properties = new Hashtable<String,String>();
+ properties.put("type", "ConnectionPool");
+ properties.put("class", this.getClass().getName());
+ oname = new ObjectName(domain,properties);
+ ConnectionPool pool = datasource.createPool();
+ org.apache.tomcat.jdbc.pool.jmx.ConnectionPool jmxPool = new
org.apache.tomcat.jdbc.pool.jmx.ConnectionPool(pool);
+ mbs.registerMBean(jmxPool, oname);
+
+ }
+
+ public void testPassword() throws Exception {
+ assertEquals("Passwords should match when not using
JMX.",password,datasource.getPoolProperties().getPassword());
+ MBeanServer mbs = ManagementFactory.getPlatformMBeanServer();
+ ConnectionPoolMBean mbean = JMX.newMBeanProxy(mbs, oname,
ConnectionPoolMBean.class);
+ String jmxPassword = mbean.getPassword();
+ Properties jmxProperties = mbean.getDbProperties();
+ assertFalse("Passwords should not match.",
password.equals(jmxPassword));
+ assertEquals("Password property should be missing",
jmxProperties.containsKey(PoolUtilities.PROP_PASSWORD));
+ }
+
+}
Propchange:
tomcat/trunk/modules/jdbc-pool/test/org/apache/tomcat/jdbc/test/JmxPasswordTest.java
------------------------------------------------------------------------------
svn:eol-style = native
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
