From 14ec3cb7b025ac212f7fd33d5e72930f6be84574 Mon Sep 17 00:00:00 2001 From: Domenico Francesco Bruscino Date: Thu, 5 Nov 2020 10:23:23 +0100 Subject: [PATCH] ARTEMIS-2976 Remove password before creating server locator --- .../activemq/artemis/utils/uri/BeanSupport.java | 4 ++++ .../serverLocator/InVMServerLocatorSchema.java | 1 + .../serverLocator/JGroupsServerLocatorSchema.java | 4 ++-- .../serverLocator/TCPServerLocatorSchema.java | 5 +++-- .../serverLocator/UDPServerLocatorSchema.java | 3 ++- .../amqp/broker/ProtonProtocolManagerFactory.java | 2 +- .../hornetq/HornetQProtocolManagerFactory.java | 2 +- .../protocol/mqtt/MQTTProtocolManagerFactory.java | 2 +- .../openwire/OpenWireProtocolManagerFactory.java | 2 +- .../protocol/stomp/StompProtocolManagerFactory.java | 2 +- .../core/impl/CoreProtocolManagerFactory.java | 2 +- .../protocol/AbstractProtocolManagerFactory.java | 13 ------------- 12 files changed, 18 insertions(+), 24 deletions(-) diff --git a/artemis-commons/src/main/java/org/apache/activemq/artemis/utils/uri/BeanSupport.java b/artemis-commons/src/main/java/org/apache/activemq/artemis/utils/uri/BeanSupport.java index d1719ea07c..cbacf01009 100644 --- a/artemis-commons/src/main/java/org/apache/activemq/artemis/utils/uri/BeanSupport.java +++ b/artemis-commons/src/main/java/org/apache/activemq/artemis/utils/uri/BeanSupport.java @@ -71,6 +71,10 @@ public class BeanSupport { return obj; } + public static void stripPasswords(Map properties) { + properties.entrySet().removeIf(entry -> entry.getKey().toLowerCase().contains("password")); + } + public static

P setProperties(P bean, Properties properties) throws IllegalAccessException, NoSuchMethodException, InvocationTargetException { synchronized (beanUtils) { diff --git a/artemis-core-client/src/main/java/org/apache/activemq/artemis/uri/schema/serverLocator/InVMServerLocatorSchema.java b/artemis-core-client/src/main/java/org/apache/activemq/artemis/uri/schema/serverLocator/InVMServerLocatorSchema.java index 1831c74328..df07c79474 100644 --- a/artemis-core-client/src/main/java/org/apache/activemq/artemis/uri/schema/serverLocator/InVMServerLocatorSchema.java +++ b/artemis-core-client/src/main/java/org/apache/activemq/artemis/uri/schema/serverLocator/InVMServerLocatorSchema.java @@ -38,6 +38,7 @@ public class InVMServerLocatorSchema extends AbstractServerLocatorSchema { protected ServerLocator internalNewObject(URI uri, Map query, String name) throws Exception { TransportConfiguration tc = InVMTransportConfigurationSchema.createTransportConfiguration(uri, query, name, "org.apache.activemq.artemis.core.remoting.impl.invm.InVMConnectorFactory"); ServerLocator factory = ActiveMQClient.createServerLocatorWithoutHA(tc); + BeanSupport.stripPasswords(query); return BeanSupport.setData(uri, factory, query); } diff --git a/artemis-core-client/src/main/java/org/apache/activemq/artemis/uri/schema/serverLocator/JGroupsServerLocatorSchema.java b/artemis-core-client/src/main/java/org/apache/activemq/artemis/uri/schema/serverLocator/JGroupsServerLocatorSchema.java index fb5b40894f..830e6a371c 100644 --- a/artemis-core-client/src/main/java/org/apache/activemq/artemis/uri/schema/serverLocator/JGroupsServerLocatorSchema.java +++ b/artemis-core-client/src/main/java/org/apache/activemq/artemis/uri/schema/serverLocator/JGroupsServerLocatorSchema.java @@ -38,10 +38,10 @@ public class JGroupsServerLocatorSchema extends AbstractServerLocatorSchema { @Override protected ServerLocator internalNewObject(URI uri, Map query, String name) throws Exception { - ConnectionOptions options = newConnectionOptions(uri, query); - DiscoveryGroupConfiguration dcConfig = getDiscoveryGroupConfiguration(uri, query, name); + BeanSupport.stripPasswords(query); + ConnectionOptions options = newConnectionOptions(uri, query); if (options.isHa()) { return ActiveMQClient.createServerLocatorWithHA(dcConfig); } else { diff --git a/artemis-core-client/src/main/java/org/apache/activemq/artemis/uri/schema/serverLocator/TCPServerLocatorSchema.java b/artemis-core-client/src/main/java/org/apache/activemq/artemis/uri/schema/serverLocator/TCPServerLocatorSchema.java index 70bfcdda46..b7b6c41c01 100644 --- a/artemis-core-client/src/main/java/org/apache/activemq/artemis/uri/schema/serverLocator/TCPServerLocatorSchema.java +++ b/artemis-core-client/src/main/java/org/apache/activemq/artemis/uri/schema/serverLocator/TCPServerLocatorSchema.java @@ -39,11 +39,12 @@ public class TCPServerLocatorSchema extends AbstractServerLocatorSchema { @Override protected ServerLocator internalNewObject(URI uri, Map query, String name) throws Exception { - ConnectionOptions options = newConnectionOptions(uri, query); - List configurations = TCPTransportConfigurationSchema.getTransportConfigurations(uri, query, TransportConstants.ALLOWABLE_CONNECTOR_KEYS, name, NettyConnectorFactory.class.getName()); TransportConfiguration[] tcs = new TransportConfiguration[configurations.size()]; configurations.toArray(tcs); + + BeanSupport.stripPasswords(query); + ConnectionOptions options = newConnectionOptions(uri, query); if (options.isHa()) { return BeanSupport.setData(uri, ActiveMQClient.createServerLocatorWithHA(tcs), query); } else { diff --git a/artemis-core-client/src/main/java/org/apache/activemq/artemis/uri/schema/serverLocator/UDPServerLocatorSchema.java b/artemis-core-client/src/main/java/org/apache/activemq/artemis/uri/schema/serverLocator/UDPServerLocatorSchema.java index c3bc6ba479..d7cb0c61d5 100644 --- a/artemis-core-client/src/main/java/org/apache/activemq/artemis/uri/schema/serverLocator/UDPServerLocatorSchema.java +++ b/artemis-core-client/src/main/java/org/apache/activemq/artemis/uri/schema/serverLocator/UDPServerLocatorSchema.java @@ -44,10 +44,11 @@ public class UDPServerLocatorSchema extends AbstractServerLocatorSchema { @Override protected ServerLocator internalNewObject(URI uri, Map query, String name) throws Exception { - ConnectionOptions options = newConnectionOptions(uri, query); DiscoveryGroupConfiguration dgc = getDiscoveryGroupConfiguration(uri, query, getHost(uri), getPort(uri), name); + BeanSupport.stripPasswords(query); + ConnectionOptions options = newConnectionOptions(uri, query); if (options.isHa()) { return ActiveMQClient.createServerLocatorWithHA(dgc); } else { diff --git a/artemis-protocols/artemis-amqp-protocol/src/main/java/org/apache/activemq/artemis/protocol/amqp/broker/ProtonProtocolManagerFactory.java b/artemis-protocols/artemis-amqp-protocol/src/main/java/org/apache/activemq/artemis/protocol/amqp/broker/ProtonProtocolManagerFactory.java index 3fff61264f..ba15817884 100644 --- a/artemis-protocols/artemis-amqp-protocol/src/main/java/org/apache/activemq/artemis/protocol/amqp/broker/ProtonProtocolManagerFactory.java +++ b/artemis-protocols/artemis-amqp-protocol/src/main/java/org/apache/activemq/artemis/protocol/amqp/broker/ProtonProtocolManagerFactory.java @@ -53,7 +53,7 @@ public class ProtonProtocolManagerFactory extends AbstractProtocolManagerFactory final Map parameters, List incomingInterceptors, List outgoingInterceptors) throws Exception { - stripPasswordParameters(parameters); + BeanSupport.stripPasswords(parameters); return BeanSupport.setData(new ProtonProtocolManager(this, server, incomingInterceptors, outgoingInterceptors), parameters); } diff --git a/artemis-protocols/artemis-hornetq-protocol/src/main/java/org/apache/activemq/artemis/core/protocol/hornetq/HornetQProtocolManagerFactory.java b/artemis-protocols/artemis-hornetq-protocol/src/main/java/org/apache/activemq/artemis/core/protocol/hornetq/HornetQProtocolManagerFactory.java index cb8cc167c0..9d0232d63b 100644 --- a/artemis-protocols/artemis-hornetq-protocol/src/main/java/org/apache/activemq/artemis/core/protocol/hornetq/HornetQProtocolManagerFactory.java +++ b/artemis-protocols/artemis-hornetq-protocol/src/main/java/org/apache/activemq/artemis/core/protocol/hornetq/HornetQProtocolManagerFactory.java @@ -50,7 +50,7 @@ public class HornetQProtocolManagerFactory extends CoreProtocolManagerFactory { hqIncoming.add(new HQFilterConversionInterceptor()); hqOutgoing.add(new HQPropertiesConversionInterceptor(false)); - stripPasswordParameters(parameters); + BeanSupport.stripPasswords(parameters); return BeanSupport.setData(new HornetQProtocolManager(this, server, hqIncoming, hqOutgoing), parameters); } diff --git a/artemis-protocols/artemis-mqtt-protocol/src/main/java/org/apache/activemq/artemis/core/protocol/mqtt/MQTTProtocolManagerFactory.java b/artemis-protocols/artemis-mqtt-protocol/src/main/java/org/apache/activemq/artemis/core/protocol/mqtt/MQTTProtocolManagerFactory.java index 499d3e4704..d1653046b2 100644 --- a/artemis-protocols/artemis-mqtt-protocol/src/main/java/org/apache/activemq/artemis/core/protocol/mqtt/MQTTProtocolManagerFactory.java +++ b/artemis-protocols/artemis-mqtt-protocol/src/main/java/org/apache/activemq/artemis/core/protocol/mqtt/MQTTProtocolManagerFactory.java @@ -46,7 +46,7 @@ public class MQTTProtocolManagerFactory extends AbstractProtocolManagerFactory parameters, List incomingInterceptors, List outgoingInterceptors) throws Exception { - stripPasswordParameters(parameters); + BeanSupport.stripPasswords(parameters); return BeanSupport.setData(new MQTTProtocolManager(server, connectedClients, sessionStates, incomingInterceptors, outgoingInterceptors), parameters); } diff --git a/artemis-protocols/artemis-openwire-protocol/src/main/java/org/apache/activemq/artemis/core/protocol/openwire/OpenWireProtocolManagerFactory.java b/artemis-protocols/artemis-openwire-protocol/src/main/java/org/apache/activemq/artemis/core/protocol/openwire/OpenWireProtocolManagerFactory.java index ceb6a054d6..d40e2efc8a 100644 --- a/artemis-protocols/artemis-openwire-protocol/src/main/java/org/apache/activemq/artemis/core/protocol/openwire/OpenWireProtocolManagerFactory.java +++ b/artemis-protocols/artemis-openwire-protocol/src/main/java/org/apache/activemq/artemis/core/protocol/openwire/OpenWireProtocolManagerFactory.java @@ -43,7 +43,7 @@ public class OpenWireProtocolManagerFactory extends AbstractProtocolManagerFacto Map parameters, final List incomingInterceptors, List outgoingInterceptors) throws Exception { - stripPasswordParameters(parameters); + BeanSupport.stripPasswords(parameters); return BeanSupport.setData(new OpenWireProtocolManager(this, server), parameters); } diff --git a/artemis-protocols/artemis-stomp-protocol/src/main/java/org/apache/activemq/artemis/core/protocol/stomp/StompProtocolManagerFactory.java b/artemis-protocols/artemis-stomp-protocol/src/main/java/org/apache/activemq/artemis/core/protocol/stomp/StompProtocolManagerFactory.java index f6c61c60b4..cbef253d0b 100644 --- a/artemis-protocols/artemis-stomp-protocol/src/main/java/org/apache/activemq/artemis/core/protocol/stomp/StompProtocolManagerFactory.java +++ b/artemis-protocols/artemis-stomp-protocol/src/main/java/org/apache/activemq/artemis/core/protocol/stomp/StompProtocolManagerFactory.java @@ -41,7 +41,7 @@ public class StompProtocolManagerFactory extends AbstractProtocolManagerFactory< final Map parameters, final List incomingInterceptors, List outgoingInterceptors) throws Exception { - stripPasswordParameters(parameters); + BeanSupport.stripPasswords(parameters); return BeanSupport.setData(new StompProtocolManager(this, server, filterInterceptors(incomingInterceptors), filterInterceptors(outgoingInterceptors)), parameters); } diff --git a/artemis-server/src/main/java/org/apache/activemq/artemis/core/protocol/core/impl/CoreProtocolManagerFactory.java b/artemis-server/src/main/java/org/apache/activemq/artemis/core/protocol/core/impl/CoreProtocolManagerFactory.java index 75909246e0..0fe6ec0de9 100644 --- a/artemis-server/src/main/java/org/apache/activemq/artemis/core/protocol/core/impl/CoreProtocolManagerFactory.java +++ b/artemis-server/src/main/java/org/apache/activemq/artemis/core/protocol/core/impl/CoreProtocolManagerFactory.java @@ -54,7 +54,7 @@ public class CoreProtocolManagerFactory extends AbstractProtocolManagerFactory parameters, final List incomingInterceptors, List outgoingInterceptors) throws Exception { - stripPasswordParameters(parameters); + BeanSupport.stripPasswords(parameters); return BeanSupport.setData(new CoreProtocolManager(this, server, filterInterceptors(incomingInterceptors), filterInterceptors(outgoingInterceptors)), parameters); } diff --git a/artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/protocol/AbstractProtocolManagerFactory.java b/artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/protocol/AbstractProtocolManagerFactory.java index b50c7cc1ac..3802b86f09 100644 --- a/artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/protocol/AbstractProtocolManagerFactory.java +++ b/artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/protocol/AbstractProtocolManagerFactory.java @@ -19,7 +19,6 @@ package org.apache.activemq.artemis.spi.core.protocol; import java.util.Collections; import java.util.List; -import java.util.Map; import java.util.concurrent.CopyOnWriteArrayList; import org.apache.activemq.artemis.api.core.BaseInterceptor; @@ -51,18 +50,6 @@ public abstract class AbstractProtocolManagerFactory

} } - /** - * org.apache.commons.beanutils.BeanUtils will log all the parameters so we strip out any password parameters - * (e.g. passwords for SSL keystore and truststore) - * - * @param parameters - */ - protected void stripPasswordParameters(Map parameters) { - if (parameters != null) { - parameters.entrySet().removeIf(entries -> entries.getKey().toLowerCase().contains("password")); - } - } - @Override public void loadProtocolServices(ActiveMQServer server, List services) { }