Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Fixed
-
webconsole-4.3.4
-
None
Description
With FELIX-3168 support for password meta type data has been added. Not only meta data with type="password" are detected as such but also string meta data containing "password" in the id (https://github.com/apache/felix/blame/trunk/webconsole/src/main/java/org/apache/felix/webconsole/internal/configuration/MetaTypeSupport.java#L183).
This heuristic does not really work well. E.g. in Oak there is property with id="passwordHashAlgorithm" (type string) (https://github.com/apache/jackrabbit-oak/blob/2acda3156cfad9993310e7aa0492cdc0b65aa5f7/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenConfigurationImpl.java#L65) which should clearly not be detected as password type.
Attachments
Issue Links
- is broken by
-
FELIX-3168 Add support for new PASSWORD attribute type of Metatype service
- Closed
- relates to
-
FELIX-6428 Provide a compatibility switch to enable password detection heuristic
- Closed