This is an automated email from the ASF dual-hosted git repository.
cziegeler pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/felix-dev.git
The following commit(s) were added to refs/heads/master by this push:
new e08d253 FELIX-6428 : Provide a compatibility switch to enable
password detection heuristic
e08d253 is described below
commit e08d253420b3895d6b35219a2b08b879a62a90d5
Author: Carsten Ziegeler <[email protected]>
AuthorDate: Thu Jun 10 10:18:32 2021 +0200
FELIX-6428 : Provide a compatibility switch to enable password detection
heuristic
---
webconsole/changelog.txt | 1 +
.../ConfigurationAdminConfigurationPrinter.java | 4 +--
.../internal/configuration/MetaTypeSupport.java | 17 ++++++++++---
.../servlet/ConfigurationMetatypeSupport.java | 11 ++++++++
.../internal/servlet/ConfigurationUtil.java | 29 ++++++++++++++++++++++
.../webconsole/internal/servlet/OsgiManager.java | 25 +++++++++++++++++++
.../main/resources/OSGI-INF/l10n/bundle.properties | 4 +++
7 files changed, 86 insertions(+), 5 deletions(-)
diff --git a/webconsole/changelog.txt b/webconsole/changelog.txt
index 809ae90..92d0bd4 100644
--- a/webconsole/changelog.txt
+++ b/webconsole/changelog.txt
@@ -1,6 +1,7 @@
Changes in 4.6.2
----------------
** Improvement
+ * [FELIX-6428] - Provide a compatibility switch to enable password
detection heuristic
* [FELIX-6427] - Obfuscate configuration properties marked as password in
metatype in configuration printer
* [FELIX-6390] - Refactor the default authentication mechanism of the
webconsole to be a WebConsoleSecurityProvider2
* [FELIX-6423] - Use property type password for password
diff --git
a/webconsole/src/main/java/org/apache/felix/webconsole/internal/configuration/ConfigurationAdminConfigurationPrinter.java
b/webconsole/src/main/java/org/apache/felix/webconsole/internal/configuration/ConfigurationAdminConfigurationPrinter.java
index 6e7a37f..45c3243 100644
---
a/webconsole/src/main/java/org/apache/felix/webconsole/internal/configuration/ConfigurationAdminConfigurationPrinter.java
+++
b/webconsole/src/main/java/org/apache/felix/webconsole/internal/configuration/ConfigurationAdminConfigurationPrinter.java
@@ -194,9 +194,9 @@ public class ConfigurationAdminConfigurationPrinter extends
AbstractConfiguratio
// pid, factory pid and bundle location are already printed
if ( ConfigAdminSupport.CONFIG_PROPERTIES_HIDE.contains(key) )
{
- continue;
+ continue;
}
- final Object value = obfuscateProperties.contains(key) ?
"********" : props.get(key);
+ final Object value = (obfuscateProperties.contains(key) ||
MetaTypeSupport.isPasswordProperty(key)) ? "********" : props.get(key);
ConfigurationRender.infoLine(pw, " ", key, value);
}
}
diff --git
a/webconsole/src/main/java/org/apache/felix/webconsole/internal/configuration/MetaTypeSupport.java
b/webconsole/src/main/java/org/apache/felix/webconsole/internal/configuration/MetaTypeSupport.java
index 0b6eb42..2848ded 100644
---
a/webconsole/src/main/java/org/apache/felix/webconsole/internal/configuration/MetaTypeSupport.java
+++
b/webconsole/src/main/java/org/apache/felix/webconsole/internal/configuration/MetaTypeSupport.java
@@ -28,6 +28,7 @@ import java.util.List;
import java.util.Vector;
import org.apache.felix.utils.json.JSONWriter;
+import org.apache.felix.webconsole.internal.servlet.OsgiManager;
import org.osgi.framework.Bundle;
import org.osgi.framework.BundleContext;
import org.osgi.service.metatype.AttributeDefinition;
@@ -41,15 +42,12 @@ import org.osgi.service.metatype.AttributeDefinition;
*/
class MetaTypeSupport
{
-
-
/**
* Marker value of password fields used as dummy values and
* indicating unmodified values.
*/
static final String PASSWORD_PLACEHOLDER_VALUE = "unmodified";
//$NON-NLS-1$
-
static Bundle getBundle( final BundleContext bundleContext, final String
bundleLocation )
{
if ( bundleLocation == null )
@@ -275,8 +273,21 @@ class MetaTypeSupport
}
+ public static boolean isPasswordProperty( final String name )
+ {
+ if ( name == null || !OsgiManager.ENABLE_SECRET_HEURISTICS )
+ {
+ return false;
+ }
+ return name.toLowerCase().indexOf( "password" ) != -1; //$NON-NLS-1$
+ }
+
static int getAttributeType( final PropertyDescriptor ad )
{
+ if ( ad.getType() == AttributeDefinition.STRING && isPasswordProperty(
ad.getID() ) )
+ {
+ return AttributeDefinition.PASSWORD;
+ }
return ad.getType();
}
diff --git
a/webconsole/src/main/java/org/apache/felix/webconsole/internal/servlet/ConfigurationMetatypeSupport.java
b/webconsole/src/main/java/org/apache/felix/webconsole/internal/servlet/ConfigurationMetatypeSupport.java
index 1715601..cac5440 100644
---
a/webconsole/src/main/java/org/apache/felix/webconsole/internal/servlet/ConfigurationMetatypeSupport.java
+++
b/webconsole/src/main/java/org/apache/felix/webconsole/internal/servlet/ConfigurationMetatypeSupport.java
@@ -107,6 +107,11 @@ class ConfigurationMetatypeSupport extends
ConfigurationSupport implements MetaT
adList.add( new AttributeDefinitionImpl( pwKey, getString( rb,
"metadata." + pwKey + ".name", pwKey ),
getString( rb, "metadata." + pwKey + ".description", pwKey ) )
);
+ // boolean props
+ final String propKey = OsgiManager.PROP_ENABLE_SECRET_HEURISTIC;
+ adList.add( new AttributeDefinitionImpl( propKey, getString( rb,
"metadata." + propKey + ".name", propKey ),
+ getString( rb, "metadata." + propKey + ".description", propKey
), OsgiManager.DEFAULT_ENABLE_SECRET_HEURISTIC ) );
+
// log level is select - so no simple default value; requires
localized option labels
adList.add( new AttributeDefinitionImpl( OsgiManager.PROP_LOG_LEVEL,
getString( rb,
"metadata.loglevel.name", OsgiManager.PROP_LOG_LEVEL ),
//$NON-NLS-1$
@@ -226,6 +231,12 @@ class ConfigurationMetatypeSupport extends
ConfigurationSupport implements MetaT
this( id, name, description, PASSWORD, null, 0, null, null );
}
+ AttributeDefinitionImpl( final String id, final String name, final
String description, final boolean defaultValue )
+ {
+ this( id, name, description, BOOLEAN, new String[]
+ { String.valueOf(defaultValue) }, 0, null, null );
+ }
+
AttributeDefinitionImpl( final String id, final String name, final
String description, final String defaultValue )
{
this( id, name, description, STRING, new String[]
diff --git
a/webconsole/src/main/java/org/apache/felix/webconsole/internal/servlet/ConfigurationUtil.java
b/webconsole/src/main/java/org/apache/felix/webconsole/internal/servlet/ConfigurationUtil.java
index 52f2b34..1c4ffde 100644
---
a/webconsole/src/main/java/org/apache/felix/webconsole/internal/servlet/ConfigurationUtil.java
+++
b/webconsole/src/main/java/org/apache/felix/webconsole/internal/servlet/ConfigurationUtil.java
@@ -197,4 +197,33 @@ public class ConfigurationUtil
return ret;
}
+
+ /**
+ * Returns the value of the named property from the configuration. If the
property does
+ * not exist, the default value <code>def</code> is returned.
+ *
+ * @param config The properties from which to returned the named one
+ * @param name The name of the property to return
+ * @param def The default value if the named property does not exist
+ * @return The value of the named property as a boolean or <code>def</code>
+ * if the property does not exist
+ */
+ public static boolean getProperty(Map<String, Object> config, String name,
+ boolean def)
+ {
+ Object value = config.get(name);
+ if (value instanceof Boolean)
+ {
+ return ((Boolean) value).booleanValue();
+ }
+
+ if (value != null)
+ {
+ return Boolean.getBoolean(value.toString());
+ }
+
+ // use default
+ return def;
+ }
+
}
diff --git
a/webconsole/src/main/java/org/apache/felix/webconsole/internal/servlet/OsgiManager.java
b/webconsole/src/main/java/org/apache/felix/webconsole/internal/servlet/OsgiManager.java
index 767da5b..9261e8d 100644
---
a/webconsole/src/main/java/org/apache/felix/webconsole/internal/servlet/OsgiManager.java
+++
b/webconsole/src/main/java/org/apache/felix/webconsole/internal/servlet/OsgiManager.java
@@ -96,6 +96,7 @@ public class OsgiManager extends GenericServlet
*
* @deprecated use {@link WebConsoleConstants#ATTR_APP_ROOT} instead
*/
+ @Deprecated
private static final String ATTR_APP_ROOT_OLD = OsgiManager.class.getName()
+ ".appRoot";
@@ -106,6 +107,7 @@ public class OsgiManager extends GenericServlet
*
* @deprecated use {@link WebConsoleConstants#ATTR_LABEL_MAP} instead
*/
+ @Deprecated
private static final String ATTR_LABEL_MAP_OLD =
OsgiManager.class.getName()
+ ".labelMap";
@@ -162,6 +164,8 @@ public class OsgiManager extends GenericServlet
static final String PROP_LOCALE = "locale"; //$NON-NLS-1$
+ static final String PROP_ENABLE_SECRET_HEURISTIC =
"secret.heuristic.enabled"; //$NON-NLS-1$
+
static final String PROP_HTTP_SERVICE_SELECTOR = "http.service.filter";
//$NON-NLS-1$
public static final int DEFAULT_LOG_LEVEL = LogService.LOG_WARNING;
@@ -178,6 +182,9 @@ public class OsgiManager extends GenericServlet
static final String DEFAULT_HTTP_SERVICE_SELECTOR = ""; //$NON-NLS-1$
+ /** Default value for secret heuristics */
+ public static final boolean DEFAULT_ENABLE_SECRET_HEURISTIC = false;
+
private static final String HEADER_AUTHORIZATION = "Authorization";
//$NON-NLS-1$
private static final String HEADER_WWW_AUTHENTICATE = "WWW-Authenticate";
//$NON-NLS-1$
@@ -210,6 +217,9 @@ public class OsgiManager extends GenericServlet
"org.apache.felix.webconsole.internal.system.VMStatPlugin",
"vmstat", //$NON-NLS-1$ //$NON-NLS-2$
};
+ /** Flag to control whether secret heuristics is enabled */
+ public static volatile boolean ENABLE_SECRET_HEURISTICS =
OsgiManager.DEFAULT_ENABLE_SECRET_HEURISTIC;
+
private BundleContext bundleContext;
private HttpServiceTracker httpServiceTracker;
@@ -363,6 +373,7 @@ public class OsgiManager extends GenericServlet
this.configurationListener = bundleContext.registerService(
"org.osgi.service.cm.ManagedService", //$NON-NLS-1$
new ServiceFactory()
{
+ @Override
public Object getService( Bundle bundle, ServiceRegistration
registration )
{
/*
@@ -386,6 +397,7 @@ public class OsgiManager extends GenericServlet
}
+ @Override
public void ungetService( Bundle bundle, ServiceRegistration
registration, Object service )
{
// do nothing
@@ -473,6 +485,7 @@ public class OsgiManager extends GenericServlet
/**
* @see javax.servlet.GenericServlet#init()
*/
+ @Override
public void init()
{
// base class initialization not needed, since the GenericServlet.init
@@ -485,6 +498,7 @@ public class OsgiManager extends GenericServlet
/**
* @see javax.servlet.GenericServlet#service(javax.servlet.ServletRequest,
javax.servlet.ServletResponse)
*/
+ @Override
public void service(final ServletRequest req, final ServletResponse res)
throws ServletException, IOException
{
@@ -493,6 +507,7 @@ public class OsgiManager extends GenericServlet
{
AccessController.doPrivileged(new
PrivilegedExceptionAction<Object>()
{
+ @Override
public Object run() throws Exception
{
service((HttpServletRequest) req, (HttpServletResponse)
res);
@@ -722,6 +737,7 @@ public class OsgiManager extends GenericServlet
/**
* @see javax.servlet.GenericServlet#destroy()
*/
+ @Override
public void destroy()
{
// base class destroy not needed, since the GenericServlet.destroy
@@ -829,6 +845,7 @@ public class OsgiManager extends GenericServlet
/**
* @see javax.servlet.ServletRequestWrapper#getLocale()
*/
+ @Override
public Locale getLocale()
{
return locale;
@@ -899,6 +916,7 @@ public class OsgiManager extends GenericServlet
return httpServiceSelector == null;
}
+ @Override
public HttpService addingService(ServiceReference<HttpService>
reference)
{
HttpService service = super.addingService(reference);
@@ -906,6 +924,7 @@ public class OsgiManager extends GenericServlet
return service;
}
+ @Override
public void removedService(ServiceReference<HttpService> reference,
HttpService service)
{
osgiManager.unbindHttpService(service);
@@ -921,6 +940,7 @@ public class OsgiManager extends GenericServlet
super(osgiManager.getBundleContext(), BrandingPlugin.class, null);
}
+ @Override
public BrandingPlugin addingService(ServiceReference<BrandingPlugin>
reference)
{
BrandingPlugin plugin = super.addingService(reference);
@@ -928,6 +948,7 @@ public class OsgiManager extends GenericServlet
return plugin;
}
+ @Override
public void removedService(ServiceReference<BrandingPlugin> reference,
BrandingPlugin service)
{
AbstractWebConsolePlugin.setBrandingPlugin(null);
@@ -1114,6 +1135,10 @@ public class OsgiManager extends GenericServlet
httpServiceTracker = null;
}
+ // secret heuristics
+ final boolean enableHeuristics = ConfigurationUtil.getProperty(config,
PROP_ENABLE_SECRET_HEURISTIC, DEFAULT_ENABLE_SECRET_HEURISTIC);
+ OsgiManager.ENABLE_SECRET_HEURISTICS = enableHeuristics;
+
// get enabled plugins
String[] plugins = ConfigurationUtil.getStringArrayProperty(config,
PROP_ENABLED_PLUGINS);
enabledPlugins = null == plugins ? null : new
HashSet<String>(Arrays.asList(plugins));
diff --git a/webconsole/src/main/resources/OSGI-INF/l10n/bundle.properties
b/webconsole/src/main/resources/OSGI-INF/l10n/bundle.properties
index 6fbc505..9cc31c6 100644
--- a/webconsole/src/main/resources/OSGI-INF/l10n/bundle.properties
+++ b/webconsole/src/main/resources/OSGI-INF/l10n/bundle.properties
@@ -275,6 +275,10 @@ metadata.loglevel.description=Logging Level
metadata.locale.name=Locale
metadata.locale.description=If set, this locale forces the localization to use
this locale instead of the one requested by the web browser
+metadata.secret.heuristic.enabled.name=Secret Heuristics
+metadata.secret.heuristic.enabled.description=If enabled, password properties
are detected based on their name in addition to their metatype information.
+
# https://issues.apache.org/jira/browse/FELIX-3491
bundles.success.title=Success
bundles.success.text=Operation completed succesfully.
+
