[
https://issues.apache.org/jira/browse/CXF-3895?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Daniel Kulp resolved CXF-3895.
------------------------------
Resolution: Fixed
Fix Version/s: 2.5.1
Assignee: Daniel Kulp
> add support for Jetty's password obfuscation methods
> ----------------------------------------------------
>
> Key: CXF-3895
> URL: https://issues.apache.org/jira/browse/CXF-3895
> Project: CXF
> Issue Type: Improvement
> Components: Configuration
> Affects Versions: 2.4.2
> Environment: Java 6
> Windows XP SP3
> CXF 2.4.2
> Reporter: Michael Heß
> Assignee: Daniel Kulp
> Priority: Minor
> Labels: configuration, cxf, jetty, keys, password, security
> Fix For: 2.5.1
>
>
> For SSL connectors, the Jetty configuration allows definition of keystore and
> truststore passwords in a obfuscated fashion. See
> http://wiki.eclipse.org/Jetty/Howto/Secure_Passwords for details. Currently
> this does not work when using the Spring based configuration for jetty, i.e.
> using for example this
> <sec:keyStore type="JKS" password="OBF:1sot1v961saj1v9i1v941sar1v9g1sox"
> file="conf/keystore" />
> will lead to an exception on startup, which is identical to those that come
> up when an invalid keystore password is provided.
> My guess is, that the "OBF:" prefix is not detected by the configuration
> hook, and therefore the provided password string is used as-is. (But I am
> just guessing here...)
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
