Author: kkolinko
Date: Fri Mar 22 09:22:55 2013
New Revision: 1459683
URL: http://svn.apache.org/r1459683
Log:
Merged revision 1459681 from tomcat/trunk:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=54599
jdbc-pool: Do not expose connection password via DataSource.toString().
Based on a patch by Daniel Mikusa
Modified:
tomcat/tc7.0.x/trunk/ (props changed)
tomcat/tc7.0.x/trunk/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PoolProperties.java
tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml
Propchange: tomcat/tc7.0.x/trunk/
------------------------------------------------------------------------------
Merged /tomcat/trunk:r1459681
Modified:
tomcat/tc7.0.x/trunk/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PoolProperties.java
URL:
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PoolProperties.java?rev=1459683&r1=1459682&r2=1459683&view=diff
==============================================================================
---
tomcat/tc7.0.x/trunk/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PoolProperties.java
(original)
+++
tomcat/tc7.0.x/trunk/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PoolProperties.java
Fri Mar 22 09:22:55 2013
@@ -802,28 +802,33 @@ public class PoolProperties implements P
StringBuilder buf = new StringBuilder("ConnectionPool[");
try {
String[] fields = DataSourceFactory.ALL_PROPERTIES;
- for (int i=0; i<fields.length; i++) {
+ for (String field: fields) {
final String[] prefix = new String[] {"get","is"};
for (int j=0; j<prefix.length; j++) {
- String name = prefix[j] + fields[i].substring(0,
1).toUpperCase(Locale.ENGLISH) +
- fields[i].substring(1);
+ String name = prefix[j]
+ + field.substring(0, 1).toUpperCase(Locale.ENGLISH)
+ + field.substring(1);
Method m = null;
try {
m = getClass().getMethod(name);
}catch (NoSuchMethodException nm) {
continue;
}
- buf.append(fields[i]);
+ buf.append(field);
buf.append("=");
- buf.append(m.invoke(this, new Object[0]));
+ if (DataSourceFactory.PROP_PASSWORD.equals(field)) {
+ buf.append("********");
+ } else {
+ buf.append(m.invoke(this, new Object[0]));
+ }
buf.append("; ");
break;
}
}
}catch (Exception x) {
- //shouldn;t happen
- x.printStackTrace();
+ //shouldn't happen
+ log.debug("toString() call failed", x);
}
return buf.toString();
}
Modified: tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml
URL:
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml?rev=1459683&r1=1459682&r2=1459683&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml Fri Mar 22 09:22:55 2013
@@ -134,6 +134,11 @@
Patch provided by Martin Lichtin. (violetagg)
</fix>
<fix>
+ <bug>54599</bug>: Do not print connection password in
+ <code>PoolProperties.toString()</code>. Based on a patch by
+ Daniel Mikusa. (kkolinko)
+ </fix>
+ <fix>
<bug>54684</bug>: Add <code>javax.naming.spi</code> to
<code>Import-Package</code> header in MANIFEST.MF in order to resolve
<code>ClassNotFoundException</code> when running in OSGi environment.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
