[
https://issues.apache.org/activemq/browse/AMQ-2858?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=62519#action_62519
]
Dejan Bosanac commented on AMQ-2858:
------------------------------------
This sounds like a duplicate of
https://issues.apache.org/activemq/browse/AMQ-2499 and should be fixed in later
versions
> ConnectionInfo does not override toString to stop logging actual Password in
> case of Warning.
> ----------------------------------------------------------------------------------------------
>
> Key: AMQ-2858
> URL: https://issues.apache.org/activemq/browse/AMQ-2858
> Project: ActiveMQ
> Issue Type: Bug
> Components: Broker
> Affects Versions: 5.3.0
> Environment: Linux
> Reporter: Kamal
> Priority: Critical
>
> In case of exception as shown below, the ConnectionInfo logged as warning
> which logs Password in plain Text. Should have encrypted or log as XXXX or
> YYYY ...
> If ConnectionInfo override the BaseCommand's toString(Map<String,
> Object>overrideFields) method and set Password as XXXXX... this would be
> better handled.
> WARN org.apache.activemq.broker.TransportConnection.Service [ActiveMQ
> Transport Stopper: /134.42.197.187:2512] - Failed to remove connection
> ConnectionInfo {commandId = 1, responseRequired = true, connectionId =
> 4a6df719-b8ed-4431-a97f-52b93078f021, clientId =
> 2061e6c0-f8e0-4882-860c-89c3fd7e36db, userName = YYYYX *password = X2342$*,
> brokerPath = null, brokerMasterConnector = false, manageable = false,
> clientMaster = true}
> java.lang.SecurityException: User is not authenticated.
> at
> org.apache.activemq.security.AuthorizationBroker.addDestination(AuthorizationBroker.java:52)
> at
> org.apache.activemq.broker.MutableBrokerFilter.addDestination(MutableBrokerFilter.java:149)
> at
> org.apache.activemq.broker.region.RegionBroker.send(RegionBroker.java:425)
> at
> org.apache.activemq.broker.TransactionBroker.send(TransactionBroker.java:224)
> at
> org.apache.activemq.advisory.AdvisoryBroker.fireAdvisory(AdvisoryBroker.java:439)
> at
> org.apache.activemq.advisory.AdvisoryBroker.fireAdvisory(AdvisoryBroker.java:369)
> at
> org.apache.activemq.advisory.AdvisoryBroker.fireAdvisory(AdvisoryBroker.java:364)
> at
> org.apache.activemq.advisory.AdvisoryBroker.removeConnection(AdvisoryBroker.java:223)
> at
> org.apache.activemq.broker.BrokerFilter.removeConnection(BrokerFilter.java:110)
> at
> org.apache.activemq.broker.BrokerFilter.removeConnection(BrokerFilter.java:110)
> at
> org.apache.activemq.broker.BrokerFilter.removeConnection(BrokerFilter.java:110)
> at
> org.apache.activemq.broker.MutableBrokerFilter.removeConnection(MutableBrokerFilter.java:117)
> at
> org.apache.activemq.broker.TransportConnection.processRemoveConnection(TransportConnection.java:709)
> at
> org.apache.activemq.broker.TransportConnection.doStop(TransportConnection.java:976)
> at
> org.apache.activemq.broker.jmx.ManagedTransportConnection.doStop(ManagedTransportConnection.java:71)
> at
> org.apache.activemq.broker.TransportConnection$3.run(TransportConnection.java:907)
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
