Zjianru commented on PR #16082: URL: https://github.com/apache/dubbo/pull/16082#issuecomment-3872251308
### Reasoning for the fix I've added `PASSWORD_KEY` to the ignore list to align with how `password` is handled in `validateRegistryConfig`. In `validateRegistryConfig`, the `password` field is only checked for length (`checkLength`), not for pattern (`checkProperty` with `null` pattern). However, `checkParameterName` enforces `PATTERN_NAME_HAS_SYMBOL` on all parameters, which unintentionally forbids special characters (like `@`, `!`) in passwords when they are passed via the parameters map. By ignoring it here, we allow complex passwords to pass. **Note**: This effectively skips the length check for `password` in parameters as well (similar to how `BACKUP_KEY` is handled). Given that `password` usually originates from `RegistryConfig` (where it *is* checked for length) or is a raw string, prioritizing usability (allowing special chars) over strict length validation in this utility method seems appropriate. --- ### 修复逻辑说明 我将 `PASSWORD_KEY` 加入了忽略列表,以对齐 `validateRegistryConfig` 中对密码的处理逻辑。 在 `validateRegistryConfig` 中,`password` 字段仅检查长度 (`checkLength`),而不检查正则模式。然而,`checkParameterName` 强制对所有参数使用 `PATTERN_NAME_HAS_SYMBOL` 进行校验,这导致通过 parameters map 传递密码时,包含特殊字符(如 `@`, `!`)的复杂密码会被拒绝。 通过在此处忽略校验,可以支持复杂密码。 **注**:这样做同时也跳过了参数中密码的长度检查(类似于 `BACKUP_KEY` 的处理方式)。考虑到密码通常来自 `RegistryConfig`(那里已有长度检查),或者作为原始字符串传递,在此工具方法中优先保证可用性(允许特殊字符)比严格的长度校验更重要。 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
