[jira] [Created] (CXF-6222) Password can end up in log file

Donald Kwakkel (JIRA) Mon, 26 Jan 2015 06:08:01 -0800

Donald Kwakkel created CXF-6222:
-----------------------------------

             Summary: Password can end up in log file
                 Key: CXF-6222
                 URL: https://issues.apache.org/jira/browse/CXF-6222
             Project: CXF
          Issue Type: Bug
          Components: Core
            Reporter: Donald Kwakkel



In AuthPolicyValidatingInterceptor when a policy has no username, password can 
end up in log file. 

{code}
 public void handleMessage(Message message) throws Fault {

        AuthorizationPolicy policy = message.get(AuthorizationPolicy.class);
        if (policy == null || policy.getUserName() == null || 
policy.getPassword() == null) {
            String name = null;
            String password = null;
            if (policy != null) {
                name = policy.getUserName();
                password = policy.getPassword();
            }
            org.apache.cxf.common.i18n.Message errorMsg = 
                new org.apache.cxf.common.i18n.Message("NO_USER_PASSWORD", 
                                                       BUNDLE, 
                                                       name, password);
            LOG.warning(errorMsg.toString());
            throw new SecurityException(errorMsg.toString());
        }
{code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Created] (CXF-6222) Password can end up in log file

Reply via email to