Andy LoPresto created NIFIREG-183:
-------------------------------------
Summary: Suppress user details service password in application log
Key: NIFIREG-183
URL: https://issues.apache.org/jira/browse/NIFIREG-183
Project: NiFi Registry
Issue Type: Improvement
Affects Versions: 0.2.0
Reporter: Andy LoPresto
During application startup, the NiFi Registry prints a generated password to
the {{$NIFI_REG_HOME/logs/nifi-registry-app.log}} file. This is (I believe)
done by the
{{org.springframework.boot.autoconfigure.security.servlet.UserDetailsServiceAutoConfiguration}}
class (relevant decompiled source code below). I'm not sure what this password
is used for, but we should change the logging severity settings for this class
to suppress that message by default, and investigate why this is occurring in
the first place.
Example log output:
{code}
2018-07-02 18:22:53,334 INFO [main]
o.s.b.a.s.s.UserDetailsServiceAutoConfiguration
Using generated security password: 0eacc3b6-a307-4592-a76e-2e056f327542
{code}
Decompiled source code:
{code}
private String getOrDeducePassword(User user, PasswordEncoder encoder) {
String password = user.getPassword();
if (user.isPasswordGenerated()) {
logger.info(String.format("%n%nUsing generated security password:
%s%n", user.getPassword()));
}
return encoder == null &&
!PASSWORD_ALGORITHM_PATTERN.matcher(password).matches() ? "{noop}" + password :
password;
}
{code}
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
