Uploaded image for project: 'Felix'
  1. Felix
  2. FELIX-5661

The heuristic to derive the password type from the metatype id does not work reliably

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: webconsole-4.3.4
    • Fix Version/s: webconsole-4.3.18
    • Component/s: Web Console
    • Labels:
      None

      Description

      With FELIX-3168 support for password meta type data has been added. Not only meta data with type="password" are detected as such but also string meta data containing "password" in the id (https://github.com/apache/felix/blame/trunk/webconsole/src/main/java/org/apache/felix/webconsole/internal/configuration/MetaTypeSupport.java#L183).
      This heuristic does not really work well. E.g. in Oak there is property with id="passwordHashAlgorithm" (type string) (https://github.com/apache/jackrabbit-oak/blob/2acda3156cfad9993310e7aa0492cdc0b65aa5f7/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenConfigurationImpl.java#L65) which should clearly not be detected as password type.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                olli Oliver Lietz
                Reporter:
                kwin Konrad Windszus
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: