[NIFI-8889] Suppress user details service password in application log - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 1.15.0
Component/s: NiFi Registry
Labels:

Description

During application startup, the NiFi Registry prints a generated password to the $NIFI_REG_HOME/logs/nifi-registry-app.log file. This is (I believe) done by the org.springframework.boot.autoconfigure.security.servlet.UserDetailsServiceAutoConfiguration class (relevant decompiled source code below). I'm not sure what this password is used for, but we should change the logging severity settings for this class to suppress that message by default, and investigate why this is occurring in the first place.

Example log output:

2018-07-02 18:22:53,334 INFO [main] o.s.b.a.s.s.UserDetailsServiceAutoConfiguration

Using generated security password: 0eacc3b6-a307-4592-a76e-2e056f327542

Decompiled source code:

private String getOrDeducePassword(User user, PasswordEncoder encoder) {
        String password = user.getPassword();
        if (user.isPasswordGenerated()) {
            logger.info(String.format("%n%nUsing generated security password: %s%n", user.getPassword()));
        }

        return encoder == null && !PASSWORD_ALGORITHM_PATTERN.matcher(password).matches() ? "{noop}" + password : password;
    }

Attachments

Issue Links

is fixed by

NIFI-9251 Disable unused password generation in Registry

Resolved

Activity

People

Assignee:: David Handermann

Reporter:: Andy LoPresto

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 03/Jul/18 01:33

Updated:: 27/Oct/21 02:01

Resolved:: 27/Oct/21 02:01