From: fhanik <fhanik@13f79535-47bb-0310-9956-ffa450edef68>
Date: Tue, 11 Jan 2011 17:28:05 +0000 (+0000)
Subject: Mask the password through all the JMX operations
X-Git-Url: https://git.internetallee.de/?a=commitdiff_plain;h=e844ea6931b4a1aab0b5b588aff4ccb4cb899f1e;p=tomcat7.0

Mask the password through all the JMX operations


git-svn-id: https://svn.apache.org/repos/asf/tomcat/trunk@1057743 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/modules/jdbc-pool/build.properties.default b/modules/jdbc-pool/build.properties.default
index b3bf62aee..1bcba8e94 100644
--- a/modules/jdbc-pool/build.properties.default
+++ b/modules/jdbc-pool/build.properties.default
@@ -28,7 +28,7 @@
 version.major=1
 version.minor=0
 version.build=9
-version.patch=1
+version.patch=2
 version.suffix=
 
 # ----- Default Base Path for Dependent Packages -----
diff --git a/modules/jdbc-pool/java/org/apache/tomcat/jdbc/pool/PoolUtilities.java b/modules/jdbc-pool/java/org/apache/tomcat/jdbc/pool/PoolUtilities.java
new file mode 100644
index 000000000..0b2a5ed96
--- /dev/null
+++ b/modules/jdbc-pool/java/org/apache/tomcat/jdbc/pool/PoolUtilities.java
@@ -0,0 +1,43 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.tomcat.jdbc.pool;
+
+import java.util.Properties;
+
+/**
+ * 
+ * @author fhanik
+ *
+ */
+public class PoolUtilities {
+    
+    public static final String PROP_USER = "user";
+    
+    public static final String PROP_PASSWORD = "password";
+    
+    public static Properties clone(Properties p) {
+        Properties c = new Properties();
+        c.putAll(p);
+        return c;
+    }
+    
+    public static Properties cloneWithoutPassword(Properties p) {
+        Properties result = clone(p);
+        result.remove(PROP_PASSWORD);
+        return result;
+    }
+}
diff --git a/modules/jdbc-pool/java/org/apache/tomcat/jdbc/pool/PooledConnection.java b/modules/jdbc-pool/java/org/apache/tomcat/jdbc/pool/PooledConnection.java
index 4f622fe61..3f270a83e 100644
--- a/modules/jdbc-pool/java/org/apache/tomcat/jdbc/pool/PooledConnection.java
+++ b/modules/jdbc-pool/java/org/apache/tomcat/jdbc/pool/PooledConnection.java
@@ -41,9 +41,9 @@ public class PooledConnection {
      */
     private static final Log log = LogFactory.getLog(PooledConnection.class);
 
-    public static final String PROP_USER = "user";
+    public static final String PROP_USER = PoolUtilities.PROP_USER;
     
-    public static final String PROP_PASSWORD = "password";
+    public static final String PROP_PASSWORD = PoolUtilities.PROP_PASSWORD;
     
     /**
      * Validate when connection is borrowed flag
@@ -61,7 +61,6 @@ public class PooledConnection {
      * Validate when connection is initialized flag
      */
     public static final int VALIDATE_INIT = 4;
-
     /**
      * The properties for the connection pool
      */
@@ -260,7 +259,7 @@ public class PooledConnection {
             pwd = poolProperties.getPassword();
             getAttributes().put(PROP_PASSWORD, pwd);
         }
-        Properties properties = clone(poolProperties.getDbProperties());
+        Properties properties = PoolUtilities.clone(poolProperties.getDbProperties());
         if (usr != null) properties.setProperty(PROP_USER, usr);
         if (pwd != null) properties.setProperty(PROP_PASSWORD, pwd);
 
@@ -287,12 +286,6 @@ public class PooledConnection {
         }
     }
     
-    private Properties clone(Properties p) {
-        Properties c = new Properties();
-        c.putAll(p);
-        return c;
-    }
-    
     /**
      * 
      * @return true if connect() was called successfully and disconnect has not yet been called
diff --git a/modules/jdbc-pool/java/org/apache/tomcat/jdbc/pool/jmx/ConnectionPool.java b/modules/jdbc-pool/java/org/apache/tomcat/jdbc/pool/jmx/ConnectionPool.java
index 99b55b6e0..657cf0e8e 100644
--- a/modules/jdbc-pool/java/org/apache/tomcat/jdbc/pool/jmx/ConnectionPool.java
+++ b/modules/jdbc-pool/java/org/apache/tomcat/jdbc/pool/jmx/ConnectionPool.java
@@ -29,6 +29,7 @@ import javax.management.NotificationListener;
 import org.apache.juli.logging.Log;
 import org.apache.juli.logging.LogFactory;
 import org.apache.tomcat.jdbc.pool.PoolConfiguration;
+import org.apache.tomcat.jdbc.pool.PoolUtilities;
 import org.apache.tomcat.jdbc.pool.Validator;
 import org.apache.tomcat.jdbc.pool.PoolProperties.InterceptorDefinition;
 
@@ -184,7 +185,7 @@ public class ConnectionPool extends NotificationBroadcasterSupport implements Co
     }
 
     public Properties getDbProperties() {
-        return getPoolProperties().getDbProperties();
+        return PoolUtilities.cloneWithoutPassword(getPoolProperties().getDbProperties());
     }
 
     public String getDefaultCatalog() {
diff --git a/modules/jdbc-pool/sign.sh b/modules/jdbc-pool/sign.sh
index 1f3381ee9..6911066db 100755
--- a/modules/jdbc-pool/sign.sh
+++ b/modules/jdbc-pool/sign.sh
@@ -15,7 +15,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-VERSION=v1.0.9.1
+VERSION=v1.0.9.2
 for i in $(find output/release/$VERSION -name "*.zip" -o -name "*.tar.gz"); do
   echo Signing $i
   echo $1|gpg --passphrase-fd 0 -a -b $i
diff --git a/modules/jdbc-pool/test/org/apache/tomcat/jdbc/test/Async0IdleTestBug50477.java b/modules/jdbc-pool/test/org/apache/tomcat/jdbc/test/Async0IdleTestBug50477.java
index cebc458be..cfc92101e 100644
--- a/modules/jdbc-pool/test/org/apache/tomcat/jdbc/test/Async0IdleTestBug50477.java
+++ b/modules/jdbc-pool/test/org/apache/tomcat/jdbc/test/Async0IdleTestBug50477.java
@@ -1,4 +1,3 @@
-
 /*
  * Licensed to the Apache Software Foundation (ASF) under one or more
  * contributor license agreements.  See the NOTICE file distributed with
diff --git a/modules/jdbc-pool/test/org/apache/tomcat/jdbc/test/JmxPasswordTest.java b/modules/jdbc-pool/test/org/apache/tomcat/jdbc/test/JmxPasswordTest.java
new file mode 100644
index 000000000..46a94cace
--- /dev/null
+++ b/modules/jdbc-pool/test/org/apache/tomcat/jdbc/test/JmxPasswordTest.java
@@ -0,0 +1,71 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.tomcat.jdbc.test;
+
+import java.lang.management.ManagementFactory;
+import java.util.Hashtable;
+import java.util.Properties;
+
+import javax.management.JMX;
+import javax.management.MBeanServer;
+import javax.management.ObjectName;
+
+import org.apache.tomcat.jdbc.pool.ConnectionPool;
+import org.apache.tomcat.jdbc.pool.PoolUtilities;
+import org.apache.tomcat.jdbc.pool.jmx.ConnectionPoolMBean;
+import org.apache.tomcat.jdbc.test.driver.Driver;
+
+public class JmxPasswordTest extends DefaultTestCase{
+    public static final String password = "password";
+    public static final String username = "username";
+    public static ObjectName oname = null;
+    
+    public JmxPasswordTest(String s) {
+        super(s);
+    }
+    
+    @Override
+    public void setUp() throws Exception {
+        super.setUp();
+        this.datasource.setDriverClassName(Driver.class.getName());
+        this.datasource.setUrl("jdbc:tomcat:test");
+        this.datasource.setPassword(password);
+        this.datasource.setUsername(username);
+        this.datasource.getConnection().close();
+        MBeanServer mbs = ManagementFactory.getPlatformMBeanServer();
+        String domain = "tomcat.jdbc";
+        Hashtable<String,String> properties = new Hashtable<String,String>();
+        properties.put("type", "ConnectionPool");
+        properties.put("class", this.getClass().getName());
+        oname = new ObjectName(domain,properties);
+        ConnectionPool pool = datasource.createPool();
+        org.apache.tomcat.jdbc.pool.jmx.ConnectionPool jmxPool = new org.apache.tomcat.jdbc.pool.jmx.ConnectionPool(pool);
+        mbs.registerMBean(jmxPool, oname);
+        
+    }
+    
+    public void testPassword() throws Exception {
+        assertEquals("Passwords should match when not using JMX.",password,datasource.getPoolProperties().getPassword());
+        MBeanServer mbs = ManagementFactory.getPlatformMBeanServer();
+        ConnectionPoolMBean mbean = JMX.newMBeanProxy(mbs, oname, ConnectionPoolMBean.class);
+        String jmxPassword = mbean.getPassword();
+        Properties jmxProperties = mbean.getDbProperties();
+        assertFalse("Passwords should not match.", password.equals(jmxPassword));
+        assertEquals("Password property should be missing", jmxProperties.containsKey(PoolUtilities.PROP_PASSWORD));
+    }
+    
+}