Re: [PR] ARTEMIS-5659 support masking JDBC URL [activemq-artemis]

Mon, 22 Sep 2025 08:07:10 -0700 


jbertram commented on code in PR #5922:
URL: https://github.com/apache/activemq-artemis/pull/5922#discussion_r2368904476


##########
artemis-server/src/main/java/org/apache/activemq/artemis/core/deployers/impl/FileConfigurationParser.java:
##########
@@ -2015,7 +2015,20 @@ private DatabaseStorageConfiguration 
createDatabaseStoreConfig(Element storeNode
       conf.setLargeMessageTableName(getString(storeNode, 
"large-message-table-name", conf.getLargeMessageTableName(), NO_CHECK));
       conf.setPageStoreTableName(getString(storeNode, "page-store-table-name", 
conf.getPageStoreTableName(), NO_CHECK));
       conf.setNodeManagerStoreTableName(getString(storeNode, 
"node-manager-store-table-name", conf.getNodeManagerStoreTableName(), 
NO_CHECK));
-      conf.setJdbcConnectionUrl(getString(storeNode, "jdbc-connection-url", 
conf.getJdbcConnectionUrl(), NO_CHECK));
+      String jdbcConnectionUrl = getString(storeNode, "jdbc-connection-url", 
conf.getJdbcConnectionUrl(), NO_CHECK);
+
+      /*
+       * Support for masking the JDBC connection URL can break uses-cases with 
<mask-password>true</mask-password> in
+       * broker.xml and an existing, unmasked jdbc-connection-url because the 
broker will try to unmask a value that is
+       * not masked resulting in an IllegalStateException. To deal with this 
we ensure the jdbc-connection-url does not
+       * start with "jdbc:" before trying to unmask it. If it does start with 
"jdbc:" then we know that it's already
+       * unmasked and we shouldn't attempt to unmask it.
+       */
+      if (jdbcConnectionUrl != null && !jdbcConnectionUrl.startsWith("jdbc:")) 
{
+         jdbcConnectionUrl = 
PasswordMaskingUtil.resolveMask(mainConfig.isMaskPassword(), jdbcConnectionUrl, 
mainConfig.getPasswordCodec());

Review Comment:
   Fixed.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
For further information, visit: https://activemq.apache.org/contact

Reply via email to