Repository: commons-dbcp Updated Branches: refs/heads/master 85b999886 -> b4d173d35
[DBCP-501] org.apache.commons.dbcp2.datasources.CPDSConnectionFactory should use a char[] instead of a String to store passwords. Project: http://git-wip-us.apache.org/repos/asf/commons-dbcp/repo Commit: http://git-wip-us.apache.org/repos/asf/commons-dbcp/commit/b4d173d3 Tree: http://git-wip-us.apache.org/repos/asf/commons-dbcp/tree/b4d173d3 Diff: http://git-wip-us.apache.org/repos/asf/commons-dbcp/diff/b4d173d3 Branch: refs/heads/master Commit: b4d173d3519854993014731e8b8c1e73a137379b Parents: 85b9998 Author: Gary Gregory <[email protected]> Authored: Sun Jun 10 11:40:02 2018 -0600 Committer: Gary Gregory <[email protected]> Committed: Sun Jun 10 11:40:02 2018 -0600 ---------------------------------------------------------------------- src/changes/changes.xml | 3 + .../datasources/CPDSConnectionFactory.java | 85 ++++++++++++++------ .../datasources/PooledConnectionManager.java | 8 ++ 3 files changed, 73 insertions(+), 23 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/commons-dbcp/blob/b4d173d3/src/changes/changes.xml ---------------------------------------------------------------------- diff --git a/src/changes/changes.xml b/src/changes/changes.xml index 76b1a36..6fe260e 100644 --- a/src/changes/changes.xml +++ b/src/changes/changes.xml @@ -91,6 +91,9 @@ The <action> type attribute can be add,update,fix,remove. <action dev="ggregory" type="update" issue="DBCP-500" due-to="Gary Gregory"> org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS should use a char[] instead of a String to store passwords. </action> + <action dev="ggregory" type="update" issue="DBCP-501" due-to="Gary Gregory"> + org.apache.commons.dbcp2.datasources.CPDSConnectionFactory should use a char[] instead of a String to store passwords. + </action> </release> <release version="2.3.0" date="2018-05-12" description="This is a minor release, including bug fixes and enhancements."> <action dev="pschumacher" type="fix" issue="DBCP-476" due-to="Gary Evesson, Richard Cordova"> http://git-wip-us.apache.org/repos/asf/commons-dbcp/blob/b4d173d3/src/main/java/org/apache/commons/dbcp2/datasources/CPDSConnectionFactory.java ---------------------------------------------------------------------- diff --git a/src/main/java/org/apache/commons/dbcp2/datasources/CPDSConnectionFactory.java b/src/main/java/org/apache/commons/dbcp2/datasources/CPDSConnectionFactory.java index 5c08931..004080a 100644 --- a/src/main/java/org/apache/commons/dbcp2/datasources/CPDSConnectionFactory.java +++ b/src/main/java/org/apache/commons/dbcp2/datasources/CPDSConnectionFactory.java @@ -44,8 +44,7 @@ import org.apache.commons.pool2.impl.DefaultPooledObject; * @since 2.0 */ class CPDSConnectionFactory - implements PooledObjectFactory<PooledConnectionAndInfo>, - ConnectionEventListener, PooledConnectionManager { + implements PooledObjectFactory<PooledConnectionAndInfo>, ConnectionEventListener, PooledConnectionManager { private static final String NO_KEY_MESSAGE = "close() was called on a Connection, but " @@ -57,10 +56,9 @@ class CPDSConnectionFactory private final boolean rollbackAfterValidation; private ObjectPool<PooledConnectionAndInfo> pool; private final String userName; - private String password = null; + private char[] userPassword; private long maxConnLifetimeMillis = -1; - /** * Map of PooledConnections for which close events are ignored. * Connections are muted when they are being validated. @@ -75,35 +73,67 @@ class CPDSConnectionFactory new ConcurrentHashMap<>(); /** - * Create a new {@code PoolableConnectionFactory}. + * Creates a new {@code PoolableConnectionFactory}. * - * @param cpds the ConnectionPoolDataSource from which to obtain - * PooledConnection's - * @param validationQuery a query to use to {@link #validateObject - * validate} {@link Connection}s. Should return at least one row. - * May be {@code null} in which case {@link Connection#isValid(int)} will - * be used to validate connections. - * @param validationQueryTimeout Timeout in seconds before validation fails - * @param rollbackAfterValidation whether a rollback should be issued - * after {@link #validateObject validating} {@link Connection}s. - * @param userName The user name to use to create connections - * @param password The password to use to create connections + * @param cpds + * the ConnectionPoolDataSource from which to obtain PooledConnection's + * @param validationQuery + * a query to use to {@link #validateObject validate} {@link Connection}s. Should return at least one + * row. May be {@code null} in which case {@link Connection#isValid(int)} will be used to validate + * connections. + * @param validationQueryTimeout + * Timeout in seconds before validation fails + * @param rollbackAfterValidation + * whether a rollback should be issued after {@link #validateObject validating} {@link Connection}s. + * @param userName + * The user name to use to create connections + * @param userPassword + * The password to use to create connections + * @since 2.4.0 */ public CPDSConnectionFactory(final ConnectionPoolDataSource cpds, final String validationQuery, final int validationQueryTimeout, final boolean rollbackAfterValidation, final String userName, - final String password) { + final char[] userPassword) { this.cpds = cpds; this.validationQuery = validationQuery; this.validationQueryTimeout = validationQueryTimeout; this.userName = userName; - this.password = password; + this.userPassword = userPassword; this.rollbackAfterValidation = rollbackAfterValidation; } /** + * Creates a new {@code PoolableConnectionFactory}. + * + * @param cpds + * the ConnectionPoolDataSource from which to obtain PooledConnection's + * @param validationQuery + * a query to use to {@link #validateObject validate} {@link Connection}s. Should return at least one + * row. May be {@code null} in which case {@link Connection#isValid(int)} will be used to validate + * connections. + * @param validationQueryTimeout + * Timeout in seconds before validation fails + * @param rollbackAfterValidation + * whether a rollback should be issued after {@link #validateObject validating} {@link Connection}s. + * @param userName + * The user name to use to create connections + * @param userPassword + * The password to use to create connections + */ + public CPDSConnectionFactory(final ConnectionPoolDataSource cpds, + final String validationQuery, + final int validationQueryTimeout, + final boolean rollbackAfterValidation, + final String userName, + final String userPassword) { + this(cpds, validationQuery, validationQueryTimeout, rollbackAfterValidation, userName, + Utils.toCharArray(userPassword)); + } + + /** * Returns the object pool used to pool connections created by this factory. * * @return ObjectPool managing pooled connections @@ -129,7 +159,7 @@ class CPDSConnectionFactory if (userName == null) { pc = cpds.getPooledConnection(); } else { - pc = cpds.getPooledConnection(userName, password); + pc = cpds.getPooledConnection(userName, Utils.toString(userPassword)); } if (pc == null) { @@ -139,7 +169,7 @@ class CPDSConnectionFactory // should we add this object as a listener or the pool. // consider the validateObject method in decision pc.addConnectionEventListener(this); - pci = new PooledConnectionAndInfo(pc, userName, password); + pci = new PooledConnectionAndInfo(pc, userName, Utils.toString(userPassword)); pcMap.put(pc, pci); } catch (final SQLException e) { throw new RuntimeException(e.getMessage()); @@ -322,11 +352,20 @@ class CPDSConnectionFactory /** * Sets the database password used when creating new connections. * - * @param password new password + * @param userPassword new password + */ + public synchronized void setPassword(final char[] userPassword) { + this.userPassword = userPassword; + } + + /** + * Sets the database password used when creating new connections. + * + * @param userPassword new password */ @Override - public synchronized void setPassword(final String password) { - this.password = password; + public synchronized void setPassword(final String userPassword) { + this.userPassword = Utils.toCharArray(userPassword); } /** http://git-wip-us.apache.org/repos/asf/commons-dbcp/blob/b4d173d3/src/main/java/org/apache/commons/dbcp2/datasources/PooledConnectionManager.java ---------------------------------------------------------------------- diff --git a/src/main/java/org/apache/commons/dbcp2/datasources/PooledConnectionManager.java b/src/main/java/org/apache/commons/dbcp2/datasources/PooledConnectionManager.java index f67cfb6..17af372 100644 --- a/src/main/java/org/apache/commons/dbcp2/datasources/PooledConnectionManager.java +++ b/src/main/java/org/apache/commons/dbcp2/datasources/PooledConnectionManager.java @@ -37,6 +37,14 @@ interface PooledConnectionManager { */ void invalidate(PooledConnection pc) throws SQLException; +// /** +// * Sets the database password used when creating connections. +// * +// * @param password password used when authenticating to the database +// * @since 3.0.0 +// */ +// void setPassword(char[] password); + /** * Sets the database password used when creating connections. *
