[
https://issues.apache.org/jira/browse/CXF-6222?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Colm O hEigeartaigh resolved CXF-6222.
--------------------------------------
Resolution: Fixed
> Password can end up in log file
> -------------------------------
>
> Key: CXF-6222
> URL: https://issues.apache.org/jira/browse/CXF-6222
> Project: CXF
> Issue Type: Bug
> Components: Core
> Reporter: Donald Kwakkel
> Assignee: Colm O hEigeartaigh
> Fix For: 3.0.4, 2.7.15
>
>
> In AuthPolicyValidatingInterceptor when a policy has no username, password
> can end up in log file.
> {code}
> public void handleMessage(Message message) throws Fault {
> AuthorizationPolicy policy = message.get(AuthorizationPolicy.class);
> if (policy == null || policy.getUserName() == null ||
> policy.getPassword() == null) {
> String name = null;
> String password = null;
> if (policy != null) {
> name = policy.getUserName();
> password = policy.getPassword();
> }
> org.apache.cxf.common.i18n.Message errorMsg =
> new org.apache.cxf.common.i18n.Message("NO_USER_PASSWORD",
> BUNDLE,
> name, password);
> LOG.warning(errorMsg.toString());
> throw new SecurityException(errorMsg.toString());
> }
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
