This is an automated email from the ASF dual-hosted git repository. ggregory pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/commons-vfs.git
commit bafb54b49db0cfa9c163fce03f28ff3d09742bb6 Author: Gary Gregory <[email protected]> AuthorDate: Mon Mar 2 07:43:26 2026 -0500 [VFS-861] Http5FileProvider Basic authentication fails: UserAuthenticationData.setData(Type, char[]) should clone its array input. --- .../org/apache/commons/vfs2/UserAuthenticationData.java | 16 ++++++++++------ .../apache/commons/vfs2/UserAuthenticationDataTest.java | 13 +++++++------ src/changes/changes.xml | 1 + 3 files changed, 18 insertions(+), 12 deletions(-) diff --git a/commons-vfs2/src/main/java/org/apache/commons/vfs2/UserAuthenticationData.java b/commons-vfs2/src/main/java/org/apache/commons/vfs2/UserAuthenticationData.java index d2f0d50d0..827e90f43 100644 --- a/commons-vfs2/src/main/java/org/apache/commons/vfs2/UserAuthenticationData.java +++ b/commons-vfs2/src/main/java/org/apache/commons/vfs2/UserAuthenticationData.java @@ -21,6 +21,7 @@ import java.util.Objects; import java.util.TreeMap; import org.apache.commons.lang3.ArrayFill; +import org.apache.commons.lang3.ObjectUtils; /** * Contains various authentication data. @@ -61,7 +62,8 @@ public class UserAuthenticationData { } /** - * @return The hash code. + * {@inheritDoc} + * * @since 2.0 */ @Override @@ -70,6 +72,8 @@ public class UserAuthenticationData { } /** + * {@inheritDoc} + * * @return The type. * @since 2.0 */ @@ -99,7 +103,7 @@ public class UserAuthenticationData { } /** - * Deletes all data stored within this authenticator. + * Clears all data stored within this authenticator. */ public void cleanup() { // step 1: nullify character buffers @@ -121,12 +125,12 @@ public class UserAuthenticationData { } /** - * Sets a data to this collection. + * Sets a typed char array. The array is cloned before storage. * - * @param type The Type to add - * @param data The data associated with the Type + * @param type The Type to add. + * @param data The data associated with the Type. */ public void setData(final Type type, final char[] data) { - authenticationData.put(type, data); + authenticationData.put(type, ObjectUtils.clone(data)); } } diff --git a/commons-vfs2/src/test/java/org/apache/commons/vfs2/UserAuthenticationDataTest.java b/commons-vfs2/src/test/java/org/apache/commons/vfs2/UserAuthenticationDataTest.java index dad4e1b60..29c412d8b 100644 --- a/commons-vfs2/src/test/java/org/apache/commons/vfs2/UserAuthenticationDataTest.java +++ b/commons-vfs2/src/test/java/org/apache/commons/vfs2/UserAuthenticationDataTest.java @@ -24,13 +24,15 @@ import org.junit.jupiter.api.Test; public class UserAuthenticationDataTest { + private static final char[] DATA = "PMC".toCharArray(); + @Test public void testCharacterBasedData() { final UserAuthenticationData data = new UserAuthenticationData(); - final char[] array = "PMC".toCharArray(); + final char[] array = DATA.clone(); data.setData(UserAuthenticationData.USERNAME, array); data.setData(UserAuthenticationData.DOMAIN, "Apache".toCharArray()); - assertSame(array, data.getData(UserAuthenticationData.USERNAME)); + assertArrayEquals(array, data.getData(UserAuthenticationData.USERNAME)); assertArrayEquals("Apache".toCharArray(), data.getData(UserAuthenticationData.DOMAIN)); data.setData(UserAuthenticationData.DOMAIN, "Apache Commons".toCharArray()); assertArrayEquals("Apache Commons".toCharArray(), data.getData(UserAuthenticationData.DOMAIN)); @@ -39,17 +41,16 @@ public class UserAuthenticationDataTest { data.cleanup(); assertNull(data.getData(UserAuthenticationData.USERNAME)); assertNull(data.getData(UserAuthenticationData.DOMAIN)); - final char[] nulls = { 0, 0, 0 }; - assertArrayEquals(nulls, array); + assertArrayEquals(DATA, array); } @Test public void testCustomType() { final UserAuthenticationData.Type type = new UserAuthenticationData.Type("JUNIT"); final UserAuthenticationData data = new UserAuthenticationData(); - final char[] array = "test".toCharArray(); + final char[] array = DATA.clone(); data.setData(type, array); - assertSame(array, data.getData(type)); + assertArrayEquals(array, data.getData(type)); } } diff --git a/src/changes/changes.xml b/src/changes/changes.xml index 971ba5411..20f14dcaf 100644 --- a/src/changes/changes.xml +++ b/src/changes/changes.xml @@ -60,6 +60,7 @@ The <action> type attribute can be add,update,fix,remove. <action type="fix" dev="ggregory" due-to="Gary Gregory">Fix build on Java 25, it's no longer experimental on GH CI.</action> <action type="fix" dev="ggregory" due-to="Gary Gregory">DefaultFileMonitor now restores the current thread's interrupt flag when catching InterruptedException.</action> <action type="fix" dev="ggregory" due-to="Gary Gregory">SftpFileSystem.executeCommand(String, StringBuilder) now restores the current thread's interrupt flag when catching InterruptedException.</action> + <action type="fix" dev="ggregory" due-to="Vaishnavi Kumbhar, Gary Gregory" issue="VFS-861">Http5FileProvider Basic authentication fails: UserAuthenticationData.setData(Type, char[]) should clone its array input.</action> <!-- ADD --> <action type="add" dev="ggregory" due-to="Gary Gregory">Add org.apache.commons.vfs2.provider.ftp.FTPClientWrapper.sendOptions(String, String).</action> <action type="add" dev="ggregory" due-to="Gary Gregory">Add FtpFileSystemConfigBuilder.getControlEncodingCharset(FileSystemOptions) and deprecate getControlEncoding(FileSystemOptions).</action>
