[CXF-3895] add support for Jetty's password obfuscation methods - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Closed
Priority: Minor
Resolution: Fixed
Affects Version/s: 2.4.2
Fix Version/s: 2.5.1
Component/s: Configuration
Labels:
- configuration
- cxf
- jetty
- keys
- password
- security
Environment:

Java 6
Windows XP SP3
CXF 2.4.2

Estimated Complexity:
Unknown

Description

For SSL connectors, the Jetty configuration allows definition of keystore and truststore passwords in a obfuscated fashion. See http://wiki.eclipse.org/Jetty/Howto/Secure_Passwords for details. Currently this does not work when using the Spring based configuration for jetty, i.e. using for example this

<sec:keyStore type="JKS" password="OBF:1sot1v961saj1v9i1v941sar1v9g1sox" file="conf/keystore" />

will lead to an exception on startup, which is identical to those that come up when an invalid keystore password is provided.

My guess is, that the "OBF:" prefix is not detected by the configuration hook, and therefore the provided password string is used as-is. (But I am just guessing here...)

Attachments

Activity

People

Assignee:: Daniel Kulp

Reporter:: Michael Heß

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 07/Nov/11 09:22

Updated:: 19/Dec/11 16:15

Resolved:: 08/Dec/11 22:00