Repository: commons-dbcp Updated Branches: refs/heads/master bc71c883e -> 93b0d6b3a
[DBCP-499] org.apache.commons.dbcp2.managed.DataSourceXAConnectionFactory should use a char[] instead of a String to save passwords. Project: http://git-wip-us.apache.org/repos/asf/commons-dbcp/repo Commit: http://git-wip-us.apache.org/repos/asf/commons-dbcp/commit/93b0d6b3 Tree: http://git-wip-us.apache.org/repos/asf/commons-dbcp/tree/93b0d6b3 Diff: http://git-wip-us.apache.org/repos/asf/commons-dbcp/diff/93b0d6b3 Branch: refs/heads/master Commit: 93b0d6b3acb2d3be277ca8c2799badb005686429 Parents: bc71c88 Author: Gary Gregory <[email protected]> Authored: Sun Jun 10 11:08:33 2018 -0600 Committer: Gary Gregory <[email protected]> Committed: Sun Jun 10 11:08:33 2018 -0600 ---------------------------------------------------------------------- src/changes/changes.xml | 3 ++ .../dbcp2/DataSourceConnectionFactory.java | 4 +- .../java/org/apache/commons/dbcp2/Utils.java | 23 +++++++++ .../managed/DataSourceXAConnectionFactory.java | 49 ++++++++++++++++---- 4 files changed, 67 insertions(+), 12 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/commons-dbcp/blob/93b0d6b3/src/changes/changes.xml ---------------------------------------------------------------------- diff --git a/src/changes/changes.xml b/src/changes/changes.xml index 676d879..b6a1da5 100644 --- a/src/changes/changes.xml +++ b/src/changes/changes.xml @@ -85,6 +85,9 @@ The <action> type attribute can be add,update,fix,remove. <action dev="ggregory" type="update" issue="DBCP-498" due-to="Gary Gregory"> org.apache.commons.dbcp2.DataSourceConnectionFactory should use a char[] instead of a String to save passwords. </action> + <action dev="ggregory" type="update" issue="DBCP-499" due-to="Gary Gregory"> + org.apache.commons.dbcp2.managed.DataSourceXAConnectionFactory should use a char[] instead of a String to save passwords. + </action> </release> <release version="2.3.0" date="2018-05-12" description="This is a minor release, including bug fixes and enhancements."> <action dev="pschumacher" type="fix" issue="DBCP-476" due-to="Gary Evesson, Richard Cordova"> http://git-wip-us.apache.org/repos/asf/commons-dbcp/blob/93b0d6b3/src/main/java/org/apache/commons/dbcp2/DataSourceConnectionFactory.java ---------------------------------------------------------------------- diff --git a/src/main/java/org/apache/commons/dbcp2/DataSourceConnectionFactory.java b/src/main/java/org/apache/commons/dbcp2/DataSourceConnectionFactory.java index a42a91c..f1529f1 100644 --- a/src/main/java/org/apache/commons/dbcp2/DataSourceConnectionFactory.java +++ b/src/main/java/org/apache/commons/dbcp2/DataSourceConnectionFactory.java @@ -75,7 +75,7 @@ public class DataSourceConnectionFactory implements ConnectionFactory { public DataSourceConnectionFactory(final DataSource dataSource, final String userName, final String password) { this.dataSource = dataSource; this.userName = userName; - this.userPassword = password != null ? password.toCharArray() : null; + this.userPassword = Utils.toCharArray(password); } @Override @@ -83,6 +83,6 @@ public class DataSourceConnectionFactory implements ConnectionFactory { if (null == userName && null == userPassword) { return dataSource.getConnection(); } - return dataSource.getConnection(userName, userPassword == null ? null : String.valueOf(userPassword)); + return dataSource.getConnection(userName, Utils.toString(userPassword)); } } http://git-wip-us.apache.org/repos/asf/commons-dbcp/blob/93b0d6b3/src/main/java/org/apache/commons/dbcp2/Utils.java ---------------------------------------------------------------------- diff --git a/src/main/java/org/apache/commons/dbcp2/Utils.java b/src/main/java/org/apache/commons/dbcp2/Utils.java index 1ead9ca..4ae0119 100644 --- a/src/main/java/org/apache/commons/dbcp2/Utils.java +++ b/src/main/java/org/apache/commons/dbcp2/Utils.java @@ -134,4 +134,27 @@ public final class Utils { final MessageFormat mf = new MessageFormat(msg); return mf.format(args, new StringBuffer(), null).toString(); } + + /** + * Converts the given String to a char[]. + * + * @param value + * may be null. + * @return a char[] or null. + */ + public static char[] toCharArray(final String value) { + return value != null ? value.toCharArray() : null; + } + + + /** + * Converts the given char[] to a String. + * + * @param value + * may be null. + * @return a String or null. + */ + public static String toString(final char[] value) { + return value == null ? null : String.valueOf(value); + } } http://git-wip-us.apache.org/repos/asf/commons-dbcp/blob/93b0d6b3/src/main/java/org/apache/commons/dbcp2/managed/DataSourceXAConnectionFactory.java ---------------------------------------------------------------------- diff --git a/src/main/java/org/apache/commons/dbcp2/managed/DataSourceXAConnectionFactory.java b/src/main/java/org/apache/commons/dbcp2/managed/DataSourceXAConnectionFactory.java index c3a66f0..47d6de3 100644 --- a/src/main/java/org/apache/commons/dbcp2/managed/DataSourceXAConnectionFactory.java +++ b/src/main/java/org/apache/commons/dbcp2/managed/DataSourceXAConnectionFactory.java @@ -25,6 +25,8 @@ import javax.sql.XADataSource; import javax.transaction.TransactionManager; import javax.transaction.xa.XAResource; +import org.apache.commons.dbcp2.Utils; + import java.sql.Connection; import java.sql.SQLException; @@ -38,7 +40,7 @@ public class DataSourceXAConnectionFactory implements XAConnectionFactory { private final TransactionRegistry transactionRegistry; private final XADataSource xaDataSource; private String userName; - private String password; + private char[] userPassword; /** * Creates an DataSourceXAConnectionFactory which uses the specified XADataSource to create database @@ -48,7 +50,7 @@ public class DataSourceXAConnectionFactory implements XAConnectionFactory { * @param xaDataSource the data source from which connections will be retrieved */ public DataSourceXAConnectionFactory(final TransactionManager transactionManager, final XADataSource xaDataSource) { - this(transactionManager, xaDataSource, null, null); + this(transactionManager, xaDataSource, null, (char[]) null); } /** @@ -58,9 +60,10 @@ public class DataSourceXAConnectionFactory implements XAConnectionFactory { * @param transactionManager the transaction manager in which connections will be enlisted * @param xaDataSource the data source from which connections will be retrieved * @param userName the user name used for authenticating new connections or null for unauthenticated - * @param password the password used for authenticating new connections + * @param userPassword the password used for authenticating new connections */ - public DataSourceXAConnectionFactory(final TransactionManager transactionManager, final XADataSource xaDataSource, final String userName, final String password) { + public DataSourceXAConnectionFactory(final TransactionManager transactionManager, final XADataSource xaDataSource, + final String userName, final char[] userPassword) { if (transactionManager == null) { throw new NullPointerException("transactionManager is null"); } @@ -71,7 +74,21 @@ public class DataSourceXAConnectionFactory implements XAConnectionFactory { this.transactionRegistry = new TransactionRegistry(transactionManager); this.xaDataSource = xaDataSource; this.userName = userName; - this.password = password; + this.userPassword = userPassword; + } + + /** + * Creates an DataSourceXAConnectionFactory which uses the specified XADataSource to create database + * connections. The connections are enlisted into transactions using the specified transaction manager. + * + * @param transactionManager the transaction manager in which connections will be enlisted + * @param xaDataSource the data source from which connections will be retrieved + * @param userName the user name used for authenticating new connections or null for unauthenticated + * @param userPassword the password used for authenticating new connections + */ + public DataSourceXAConnectionFactory(final TransactionManager transactionManager, final XADataSource xaDataSource, + final String userName, final String userPassword) { + this(transactionManager, xaDataSource, userName, Utils.toCharArray(userPassword)); } /** @@ -92,10 +109,23 @@ public class DataSourceXAConnectionFactory implements XAConnectionFactory { /** * Sets the password used to authenticate new connections. - * @param password the password used for authenticating the connection or null for unauthenticated + * + * @param userPassword + * the password used for authenticating the connection or null for unauthenticated. + * @since 2.4.0 + */ + public void setPassword(final char[] userPassword) { + this.userPassword = userPassword; + } + + /** + * Sets the password used to authenticate new connections. + * + * @param userPassword + * the password used for authenticating the connection or null for unauthenticated */ - public void setPassword(final String password) { - this.password = password; + public void setPassword(final String userPassword) { + this.userPassword = Utils.toCharArray(userPassword); } @Override @@ -110,7 +140,7 @@ public class DataSourceXAConnectionFactory implements XAConnectionFactory { if (userName == null) { xaConnection = xaDataSource.getXAConnection(); } else { - xaConnection = xaDataSource.getXAConnection(userName, password); + xaConnection = xaDataSource.getXAConnection(userName, Utils.toString(userPassword)); } // get the real connection and XAResource from the connection @@ -143,7 +173,6 @@ public class DataSourceXAConnectionFactory implements XAConnectionFactory { } }); - return connection; } }
