Uploaded image for project: 'Felix'
  1. Felix
  2. FELIX-5661

The heuristic to derive the password type from the metatype id does not work reliably

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • webconsole-4.3.4
    • webconsole-4.4.0
    • Web Console
    • None

    Description

      With FELIX-3168 support for password meta type data has been added. Not only meta data with type="password" are detected as such but also string meta data containing "password" in the id (https://github.com/apache/felix/blame/trunk/webconsole/src/main/java/org/apache/felix/webconsole/internal/configuration/MetaTypeSupport.java#L183).
      This heuristic does not really work well. E.g. in Oak there is property with id="passwordHashAlgorithm" (type string) (https://github.com/apache/jackrabbit-oak/blob/2acda3156cfad9993310e7aa0492cdc0b65aa5f7/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenConfigurationImpl.java#L65) which should clearly not be detected as password type.

      Attachments

        Issue Links

          is broken by

          Improvement - An improvement or enhancement to an existing feature or task. FELIX-3168 Add support for new PASSWORD attribute type of Metatype service

          • Major - Major loss of function.
          • Closed
          relates to

          Improvement - An improvement or enhancement to an existing feature or task. FELIX-6428 Provide a compatibility switch to enable password detection heuristic

          • Major - Major loss of function.
          • Closed

          Activity

            People

              olli Oliver Lietz
              kwin Konrad Windszus
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: