Uploaded image for project: 'NiFi Registry'
  1. NiFi Registry
  2. NIFIREG-183

Suppress user details service password in application log

    XMLWordPrintableJSON

    Details

    • Type: Improvement
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 0.2.0
    • Fix Version/s: None

      Description

      During application startup, the NiFi Registry prints a generated password to the $NIFI_REG_HOME/logs/nifi-registry-app.log file. This is (I believe) done by the org.springframework.boot.autoconfigure.security.servlet.UserDetailsServiceAutoConfiguration class (relevant decompiled source code below). I'm not sure what this password is used for, but we should change the logging severity settings for this class to suppress that message by default, and investigate why this is occurring in the first place.

      Example log output:

      2018-07-02 18:22:53,334 INFO [main] o.s.b.a.s.s.UserDetailsServiceAutoConfiguration
      
      Using generated security password: 0eacc3b6-a307-4592-a76e-2e056f327542
      

      Decompiled source code:

      private String getOrDeducePassword(User user, PasswordEncoder encoder) {
              String password = user.getPassword();
              if (user.isPasswordGenerated()) {
                  logger.info(String.format("%n%nUsing generated security password: %s%n", user.getPassword()));
              }
      
              return encoder == null && !PASSWORD_ALGORITHM_PATTERN.matcher(password).matches() ? "{noop}" + password : password;
          }
      

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              alopresto Andy LoPresto
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated: