Hibernate
/
hibernate-orm
mirror of https://github.com/hibernate/hibernate-orm
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

HHH-12258: mask JPA JDBC properties and Hibernate properties related to credentials

This commit is contained in:
Bruno P. Kinoshita 2018-01-26 22:09:20 +13:00 committed by Vlad Mihalcea
parent 85cdbc76e5
commit c488e8e081
2 changed files with 54 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
hibernate-core/src/main/java/org/hibernate/internal/SessionFactoryImpl.java
View File

@ -1594,6 +1594,8 @@ public final class SessionFactoryImpl implements SessionFactoryImplementor {
private void maskOutSensitiveInformation(Map<String, Object> props) {
maskOutIfSet( props, AvailableSettings.JPA_JDBC_USER );
maskOutIfSet( props, AvailableSettings.JPA_JDBC_PASSWORD );
maskOutIfSet( props, AvailableSettings.USER );
maskOutIfSet( props, AvailableSettings.PASS );
}

52
hibernate-core/src/test/java/org/hibernate/internal/MaskSensitiveInformationTest.java Normal file
View File

@ -0,0 +1,52 @@
/*
* Hibernate, Relational Persistence for Idiomatic Java
*
* License: GNU Lesser General Public License (LGPL), version 2.1 or later.
* See the lgpl.txt file in the root directory or <http://www.gnu.org/licenses/lgpl-2.1.html>.
*/
package org.hibernate.internal;
import java.util.Map;
import javax.persistence.EntityManagerFactory;
import org.hibernate.cfg.AvailableSettings;
import org.hibernate.jpa.test.BaseEntityManagerFunctionalTestCase;
import org.junit.Before;
import org.junit.Test;
import static org.junit.Assert.assertEquals;
/**
* Test that sensitive information is correctly masked.
*
* @author Bruno P. Kinoshita
*/
public class MaskSensitiveInformationTest extends BaseEntityManagerFunctionalTestCase {
private EntityManagerFactory entityManagerFactory;
private static final String EXPECTED_MASKED_VALUE = "****";
@Before
public void setUp() {
entityManagerFactory = entityManagerFactory();
}
@Override
@SuppressWarnings("unchecked")
protected void addConfigOptions(Map options) {
options.put( AvailableSettings.JPA_JDBC_USER, options.get( AvailableSettings.USER ) );
options.put( AvailableSettings.JPA_JDBC_PASSWORD, options.get( AvailableSettings.PASS ) );
}
@Test
public void testMaskOutSensitiveInformation() {
SessionFactoryImpl sessionFactory = entityManagerFactory.unwrap( SessionFactoryImpl.class );
Map<String, Object> properties = sessionFactory.getProperties();
assertEquals( EXPECTED_MASKED_VALUE, properties.get( AvailableSettings.USER ) );
assertEquals( EXPECTED_MASKED_VALUE, properties.get( AvailableSettings.PASS ) );
assertEquals( EXPECTED_MASKED_VALUE, properties.get( AvailableSettings.JPA_JDBC_USER ) );
assertEquals( EXPECTED_MASKED_VALUE, properties.get( AvailableSettings.JPA_JDBC_PASSWORD ) );
}
}