[
https://issues.apache.org/jira/browse/ARTEMIS-3573?focusedWorklogId=710400&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-710400
]
ASF GitHub Bot logged work on ARTEMIS-3573:
-------------------------------------------
Author: ASF GitHub Bot
Created on: 18/Jan/22 11:03
Start Date: 18/Jan/22 11:03
Worklog Time Spent: 10m
Work Description: gemmellr commented on a change in pull request #3851:
URL: https://github.com/apache/activemq-artemis/pull/3851#discussion_r786614799
##########
File path: docs/user-manual/en/masking-passwords.md
##########
@@ -434,12 +453,16 @@ the
`org.apache.activemq.artemis.utils.SensitiveDataCodec<T>` interface:
```java
public interface SensitiveDataCodec<T> {
- T decode(Object mask) throws Exception;
+ T decode(Object encodedValue) throws Exception;
- T encode(Object secret) throws Exception;
+ T encode(Object value) throws Exception;
default void init(Map<String, String> params) throws Exception {
- };
+ }
+
+ default boolean verify(T value, T encodedValue) {
+ return false;
+ }
Review comment:
This isnt really to do with your change but with the original doc. I
dont see a particular need to have the full interface listed in the docs, and
then also a descriptive implementation of it. The impl makes the interface very
clear, its pretty trivial anyway, and anyone considering implementing it will
obviously find it the actual interface themselves regardless.
I would personally just remove the interface listing and the text below it
(or collapse into the paragraph above in some way), leaving the impl with its
already clear outline and comments.
##########
File path:
artemis-commons/src/main/java/org/apache/activemq/artemis/utils/LazyHashProcessor.java
##########
@@ -0,0 +1,55 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * <p>
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * <p>
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.activemq.artemis.utils;
+
+public abstract class LazyHashProcessor implements HashProcessor {
+ private HashProcessor hashProcessor;
+ private RuntimeException supplierException;
+
+ public HashProcessor getHashProcessor() {
+ if (supplierException != null) {
+ throw supplierException;
+ }
+
+ if (hashProcessor == null) {
+ try {
+ hashProcessor = createHashProcessor();
+ } catch (RuntimeException e) {
+ supplierException = e;
+ throw supplierException;
+ } catch (Exception e) {
+ supplierException = new RuntimeException(e);
+ throw supplierException;
+ }
+ }
+
+ return hashProcessor;
+ }
Review comment:
Does this method need to be made thread safe, or is it ok that multiple
threads could create a processor?
##########
File path:
artemis-commons/src/main/java/org/apache/activemq/artemis/utils/DefaultSensitiveStringCodec.java
##########
@@ -188,6 +190,16 @@ public String encode(String secret) throws Exception {
BigInteger n = new BigInteger(encoding);
return n.toString(16);
}
+
+ @Override
+ public boolean verify(String inputValue, String storedValue) {
+ try {
+ return Objects.equals(storedValue,
encode(String.valueOf(inputValue)));
Review comment:
If going with a string, probably dont need the String.valueOf(string)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: gitbox-unsubscr...@activemq.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
Issue Time Tracking
-------------------
Worklog Id: (was: 710400)
Time Spent: 4h 20m (was: 4h 10m)
> Support PropertiesLoginModule custom password codecs
> ----------------------------------------------------
>
> Key: ARTEMIS-3573
> URL: https://issues.apache.org/jira/browse/ARTEMIS-3573
> Project: ActiveMQ Artemis
> Issue Type: Improvement
> Reporter: Domenico Francesco Bruscino
> Assignee: Domenico Francesco Bruscino
> Priority: Major
> Time Spent: 4h 20m
> Remaining Estimate: 0h
>
> The `PropertiesLoginModule` login module supports only the
> `DefaultSensitiveStringCodec` codec to verify the user passwords.
> Add a property to set a custom password codec, i.e.
> org.apache.activemq.jaas.properties.password.codec="org.apache.activemq.artemis.tests.integration.security.MD5SensitiveDataCodec"
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
