Repository: commons-dbcp Updated Branches: refs/heads/master 7dfe5908c -> 1d0496004
[DBCP-500] org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS should use a char[] instead of a String to store passwords. Project: http://git-wip-us.apache.org/repos/asf/commons-dbcp/repo Commit: http://git-wip-us.apache.org/repos/asf/commons-dbcp/commit/1d049600 Tree: http://git-wip-us.apache.org/repos/asf/commons-dbcp/tree/1d049600 Diff: http://git-wip-us.apache.org/repos/asf/commons-dbcp/diff/1d049600 Branch: refs/heads/master Commit: 1d049600404981120633155a69a2effa10b26cfb Parents: 7dfe590 Author: Gary Gregory <[email protected]> Authored: Sun Jun 10 11:26:49 2018 -0600 Committer: Gary Gregory <[email protected]> Committed: Sun Jun 10 11:26:49 2018 -0600 ---------------------------------------------------------------------- src/changes/changes.xml | 7 ++- .../dbcp2/cpdsadapter/DriverAdapterCPDS.java | 55 ++++++++++++++------ .../cpdsadapter/TestDriverAdapterCPDS.java | 4 +- 3 files changed, 47 insertions(+), 19 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/commons-dbcp/blob/1d049600/src/changes/changes.xml ---------------------------------------------------------------------- diff --git a/src/changes/changes.xml b/src/changes/changes.xml index b6a1da5..76b1a36 100644 --- a/src/changes/changes.xml +++ b/src/changes/changes.xml @@ -83,10 +83,13 @@ The <action> type attribute can be add,update,fix,remove. Deprecate use of PStmtKeyCPDS in favor of PStmtKey. </action> <action dev="ggregory" type="update" issue="DBCP-498" due-to="Gary Gregory"> - org.apache.commons.dbcp2.DataSourceConnectionFactory should use a char[] instead of a String to save passwords. + org.apache.commons.dbcp2.DataSourceConnectionFactory should use a char[] instead of a String to store passwords. </action> <action dev="ggregory" type="update" issue="DBCP-499" due-to="Gary Gregory"> - org.apache.commons.dbcp2.managed.DataSourceXAConnectionFactory should use a char[] instead of a String to save passwords. + org.apache.commons.dbcp2.managed.DataSourceXAConnectionFactory should use a char[] instead of a String to store passwords. + </action> + <action dev="ggregory" type="update" issue="DBCP-500" due-to="Gary Gregory"> + org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS should use a char[] instead of a String to store passwords. </action> </release> <release version="2.3.0" date="2018-05-12" description="This is a minor release, including bug fixes and enhancements."> http://git-wip-us.apache.org/repos/asf/commons-dbcp/blob/1d049600/src/main/java/org/apache/commons/dbcp2/cpdsadapter/DriverAdapterCPDS.java ---------------------------------------------------------------------- diff --git a/src/main/java/org/apache/commons/dbcp2/cpdsadapter/DriverAdapterCPDS.java b/src/main/java/org/apache/commons/dbcp2/cpdsadapter/DriverAdapterCPDS.java index a955411..58a0749 100644 --- a/src/main/java/org/apache/commons/dbcp2/cpdsadapter/DriverAdapterCPDS.java +++ b/src/main/java/org/apache/commons/dbcp2/cpdsadapter/DriverAdapterCPDS.java @@ -39,6 +39,7 @@ import javax.sql.PooledConnection; import org.apache.commons.dbcp2.DelegatingPreparedStatement; import org.apache.commons.dbcp2.PStmtKey; +import org.apache.commons.dbcp2.Utils; import org.apache.commons.pool2.KeyedObjectPool; import org.apache.commons.pool2.impl.BaseObjectPoolConfig; import org.apache.commons.pool2.impl.GenericKeyedObjectPool; @@ -108,14 +109,14 @@ public class DriverAdapterCPDS /** Description */ private String description; - /** Password */ - private String password; - /** Url name */ private String url; /** User name */ private String userName; + + /** User password */ + private char[] userPassword; /** Driver class name */ private String driver; @@ -168,13 +169,13 @@ public class DriverAdapterCPDS /** * Attempt to establish a database connection. * - * @param userName + * @param pooledUserName * name to be used for the connection - * @param pass + * @param pooledUserPassword * password to be used fur the connection */ @Override - public PooledConnection getPooledConnection(final String userName, final String pass) + public PooledConnection getPooledConnection(final String pooledUserName, final String pooledUserPassword) throws SQLException { getConnectionCalled = true; PooledConnectionImpl pci = null; @@ -182,13 +183,13 @@ public class DriverAdapterCPDS // exception upon first invocation. try { if (connectionProperties != null) { - update(connectionProperties, KEY_USER, userName); - update(connectionProperties, KEY_PASSWORD, pass); + update(connectionProperties, KEY_USER, pooledUserName); + update(connectionProperties, KEY_PASSWORD, pooledUserPassword); pci = new PooledConnectionImpl(DriverManager.getConnection( getUrl(), connectionProperties)); } else { pci = new PooledConnectionImpl(DriverManager.getConnection( - getUrl(), userName, pass)); + getUrl(), pooledUserName, pooledUserPassword)); } pci.setAccessToUnderlyingConnectionAllowed(isAccessToUnderlyingConnectionAllowed()); } catch (final ClassCircularityError e) { @@ -197,7 +198,7 @@ public class DriverAdapterCPDS getUrl(), connectionProperties)); } else { pci = new PooledConnectionImpl(DriverManager.getConnection( - getUrl(), userName, pass)); + getUrl(), pooledUserName, pooledUserPassword)); } pci.setAccessToUnderlyingConnectionAllowed(isAccessToUnderlyingConnectionAllowed()); } @@ -437,23 +438,47 @@ public class DriverAdapterCPDS * Gets the value of password for the default user. * * @return value of password. + * @since 2.4.0 + */ + public char[] getPasswordCharArray() { + return userPassword; + } + + /** + * Gets the value of password for the default user. + * + * @return value of password. */ public String getPassword() { - return password; + return Utils.toString(userPassword); } /** * Sets the value of password for the default user. * - * @param v + * @param userPassword + * Value to assign to password. + * @throws IllegalStateException + * if {@link #getPooledConnection()} has been called + */ + public void setPassword(final char[] userPassword) { + assertInitializationAllowed(); + this.userPassword = userPassword; + update(connectionProperties, KEY_PASSWORD, Utils.toString(userPassword)); + } + + /** + * Sets the value of password for the default user. + * + * @param userPassword * Value to assign to password. * @throws IllegalStateException * if {@link #getPooledConnection()} has been called */ - public void setPassword(final String v) { + public void setPassword(final String userPassword) { assertInitializationAllowed(); - this.password = v; - update(connectionProperties, KEY_PASSWORD, v); + this.userPassword = Utils.toCharArray(userPassword); + update(connectionProperties, KEY_PASSWORD, userPassword); } /** http://git-wip-us.apache.org/repos/asf/commons-dbcp/blob/1d049600/src/test/java/org/apache/commons/dbcp2/cpdsadapter/TestDriverAdapterCPDS.java ---------------------------------------------------------------------- diff --git a/src/test/java/org/apache/commons/dbcp2/cpdsadapter/TestDriverAdapterCPDS.java b/src/test/java/org/apache/commons/dbcp2/cpdsadapter/TestDriverAdapterCPDS.java index a641214..98204b8 100644 --- a/src/test/java/org/apache/commons/dbcp2/cpdsadapter/TestDriverAdapterCPDS.java +++ b/src/test/java/org/apache/commons/dbcp2/cpdsadapter/TestDriverAdapterCPDS.java @@ -188,7 +188,7 @@ public class TestDriverAdapterCPDS { public void testSetPasswordNull() throws Exception { pcds.setPassword("Secret"); assertEquals("Secret", pcds.getPassword()); - pcds.setPassword(null); + pcds.setPassword((char[]) null); assertEquals(null, pcds.getPassword()); } @@ -197,7 +197,7 @@ public class TestDriverAdapterCPDS { pcds.setConnectionProperties(new Properties()); pcds.setPassword("Secret"); assertEquals("Secret", pcds.getPassword()); - pcds.setPassword(null); + pcds.setPassword((char[]) null); assertEquals(null, pcds.getPassword()); }
