Repository: commons-dbcp Updated Branches: refs/heads/master 3187c92b9 -> 0b10d14e4
[DBCP-498] org.apache.commons.dbcp2.DataSourceConnectionFactory should use a char[] instead of a String to save passwords. Project: http://git-wip-us.apache.org/repos/asf/commons-dbcp/repo Commit: http://git-wip-us.apache.org/repos/asf/commons-dbcp/commit/0b10d14e Tree: http://git-wip-us.apache.org/repos/asf/commons-dbcp/tree/0b10d14e Diff: http://git-wip-us.apache.org/repos/asf/commons-dbcp/diff/0b10d14e Branch: refs/heads/master Commit: 0b10d14e48d1937621edcfebec24a2caa6676184 Parents: 3187c92 Author: Gary Gregory <[email protected]> Authored: Sun Jun 10 10:28:35 2018 -0600 Committer: Gary Gregory <[email protected]> Committed: Sun Jun 10 10:28:35 2018 -0600 ---------------------------------------------------------------------- src/changes/changes.xml | 3 ++ .../dbcp2/DataSourceConnectionFactory.java | 32 ++++++++++++++++---- 2 files changed, 29 insertions(+), 6 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/commons-dbcp/blob/0b10d14e/src/changes/changes.xml ---------------------------------------------------------------------- diff --git a/src/changes/changes.xml b/src/changes/changes.xml index 4691f8d..b76d938 100644 --- a/src/changes/changes.xml +++ b/src/changes/changes.xml @@ -82,6 +82,9 @@ The <action> type attribute can be add,update,fix,remove. <action dev="ggregory" type="update" issue="DBCP-497" due-to="Gary Gregory"> Deprecate use of PStmtKeyCPDS in favor of PStmtKey. </action> + <action dev="ggregory" type="update" issue="DBCP-498" due-to="Gary Gregory"> + org.apache.commons.dbcp2.DataSourceConnectionFactory should use a char[] instead of a String to save passwords. + </action> </release> <release version="2.3.0" date="2018-05-12" description="This is a minor release, including bug fixes and enhancements."> <action dev="pschumacher" type="fix" issue="DBCP-476" due-to="Gary Evesson, Richard Cordova"> http://git-wip-us.apache.org/repos/asf/commons-dbcp/blob/0b10d14e/src/main/java/org/apache/commons/dbcp2/DataSourceConnectionFactory.java ---------------------------------------------------------------------- diff --git a/src/main/java/org/apache/commons/dbcp2/DataSourceConnectionFactory.java b/src/main/java/org/apache/commons/dbcp2/DataSourceConnectionFactory.java index f7bb5f8..a42a91c 100644 --- a/src/main/java/org/apache/commons/dbcp2/DataSourceConnectionFactory.java +++ b/src/main/java/org/apache/commons/dbcp2/DataSourceConnectionFactory.java @@ -18,6 +18,7 @@ package org.apache.commons.dbcp2; import java.sql.Connection; import java.sql.SQLException; + import javax.sql.DataSource; /** @@ -32,20 +33,38 @@ public class DataSourceConnectionFactory implements ConnectionFactory { private final String userName; - private final String userPassword; + private final char[] userPassword; /** * Constructs an instance for the given DataSource. - * + * * @param dataSource * The DataSource for this factory. */ public DataSourceConnectionFactory(final DataSource dataSource) { - this(dataSource, null, null); + this(dataSource, null, (char[]) null); } + /** * Constructs an instance for the given DataSource. - * + * + * @param dataSource + * The DataSource for this factory. + * @param userName + * The user name. + * @param userPassword + * The user password. + * @since 2.4.0 + */ + public DataSourceConnectionFactory(final DataSource dataSource, final String userName, final char[] userPassword) { + this.dataSource = dataSource; + this.userName = userName; + this.userPassword = userPassword; + } + + /** + * Constructs an instance for the given DataSource. + * * @param dataSource * The DataSource for this factory. * @param userName @@ -56,13 +75,14 @@ public class DataSourceConnectionFactory implements ConnectionFactory { public DataSourceConnectionFactory(final DataSource dataSource, final String userName, final String password) { this.dataSource = dataSource; this.userName = userName; - this.userPassword = password; + this.userPassword = password != null ? password.toCharArray() : null; } + @Override public Connection createConnection() throws SQLException { if (null == userName && null == userPassword) { return dataSource.getConnection(); } - return dataSource.getConnection(userName, userPassword); + return dataSource.getConnection(userName, userPassword == null ? null : String.valueOf(userPassword)); } }
