This is an automated email from the ASF dual-hosted git repository. rombert pushed a commit to annotated tag org.apache.sling.jcr.repoinit-1.1.2 in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-jcr-repoinit.git
commit c29c1f8e36c74d25748fb6e3bc50b701402279f2 Author: Bertrand Delacretaz <[email protected]> AuthorDate: Fri Nov 25 09:32:10 2016 +0000 SLING-6219 - warn if creating users with cleartext passwords git-svn-id: https://svn.apache.org/repos/asf/sling/trunk/bundles/jcr/repoinit@1771262 13f79535-47bb-0310-9956-ffa450edef68 --- .../java/org/apache/sling/jcr/repoinit/impl/UserVisitor.java | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/src/main/java/org/apache/sling/jcr/repoinit/impl/UserVisitor.java b/src/main/java/org/apache/sling/jcr/repoinit/impl/UserVisitor.java index 28ad210..5612c0a 100644 --- a/src/main/java/org/apache/sling/jcr/repoinit/impl/UserVisitor.java +++ b/src/main/java/org/apache/sling/jcr/repoinit/impl/UserVisitor.java @@ -68,8 +68,16 @@ class UserVisitor extends DoNothingVisitor { final String id = u.getUsername(); try { if(!UserUtil.serviceExists(session, id)) { - log.info("Creating user {}", id); - UserUtil.createUser(session, id, u.getPassword()); + final String pwd = u.getPassword(); + if(pwd != null) { + // TODO we might revise this warning once we're able + // to create users by providing their encoded password + // using u.getPasswordEncoding - for now I think only cleartext works + log.warn("Creating user {} with cleartext password - should NOT be used on production systems", id); + } else { + log.info("Creating user {}", id); + } + UserUtil.createUser(session, id, pwd); } else { log.info("User {} already exists, no changes made", id); } -- To stop receiving notification emails like this one, please contact "[email protected]" <[email protected]>.
