提交 177b071b authored 作者: Thomas Mueller's avatar Thomas Mueller

JdbcDataSource now keeps the password in a char array where possible.

上级 deb7a855
......@@ -28,6 +28,7 @@ import org.h2.message.TraceObject;
//## Java 1.6 begin ##
import org.h2.message.Message;
//## Java 1.6 end ##
import org.h2.util.StringUtils;
/**
* A data source for H2 database connections. It is a factory for XAConnection
......@@ -74,7 +75,7 @@ implements XADataSource, DataSource, ConnectionPoolDataSource, Serializable, Ref
private transient PrintWriter logWriter;
private int loginTimeout;
private String user = "";
private String password = "";
private char[] password = new char[0];
private String url = "";
static {
......@@ -149,7 +150,7 @@ implements XADataSource, DataSource, ConnectionPoolDataSource, Serializable, Ref
*/
public Connection getConnection() throws SQLException {
debugCodeCall("getConnection");
return getJdbcConnection(user, password);
return getJdbcConnection(user, StringUtils.cloneCharArray(password));
}
/**
......@@ -162,18 +163,18 @@ implements XADataSource, DataSource, ConnectionPoolDataSource, Serializable, Ref
*/
public Connection getConnection(String user, String password) throws SQLException {
if (isDebugEnabled()) {
debugCode("getConnection("+quote(user)+", "+quote(password)+");");
debugCode("getConnection("+quote(user)+", \"\");");
}
return getJdbcConnection(user, password);
return getJdbcConnection(user, convertToCharArray(password));
}
private JdbcConnection getJdbcConnection(String user, String password) throws SQLException {
private JdbcConnection getJdbcConnection(String user, char[] password) throws SQLException {
if (isDebugEnabled()) {
debugCode("getJdbcConnection("+quote(user)+", "+quote(password)+");");
debugCode("getJdbcConnection("+quote(user)+", new char[0]);");
}
Properties info = new Properties();
info.setProperty("user", user);
info.setProperty("password", password);
info.put("password", password);
return new JdbcConnection(url, info);
}
......@@ -198,15 +199,35 @@ implements XADataSource, DataSource, ConnectionPoolDataSource, Serializable, Ref
}
/**
* Set the current password
* Set the current password.
*
* @param password the new password.
*/
public void setPassword(String password) {
debugCodeCall("setPassword", password);
debugCodeCall("setPassword", "");
this.password = convertToCharArray(password);
}
/**
* Set the current password in the form of a char array.
*
* @param password the new password in the form of a char array.
*/
public void setPasswordChars(char[] password) {
if (isDebugEnabled()) {
debugCode("setPasswordChars(new char[0]);");
}
this.password = password;
}
private char[] convertToCharArray(String s) {
return s == null ? null : s.toCharArray();
}
private String convertToString(char[] a) {
return a == null ? null : new String(a);
}
/**
* Get the current password.
*
......@@ -214,7 +235,7 @@ implements XADataSource, DataSource, ConnectionPoolDataSource, Serializable, Ref
*/
public String getPassword() {
debugCodeCall("getPassword");
return password;
return convertToString(password);
}
/**
......@@ -249,7 +270,7 @@ implements XADataSource, DataSource, ConnectionPoolDataSource, Serializable, Ref
Reference ref = new Reference(getClass().getName(), factoryClassName, null);
ref.add(new StringRefAddr("url", url));
ref.add(new StringRefAddr("user", user));
ref.add(new StringRefAddr("password", password));
ref.add(new StringRefAddr("password", convertToString(password)));
ref.add(new StringRefAddr("loginTimeout", String.valueOf(loginTimeout)));
return ref;
}
......@@ -279,10 +300,10 @@ implements XADataSource, DataSource, ConnectionPoolDataSource, Serializable, Ref
//## Java 1.4 begin ##
public XAConnection getXAConnection(String user, String password) throws SQLException {
if (isDebugEnabled()) {
debugCode("getXAConnection("+quote(user)+", "+quote(password)+");");
debugCode("getXAConnection("+quote(user)+", \"\");");
}
int id = getNextId(XA_DATA_SOURCE);
return new JdbcXAConnection(factory, id, url, user, password);
return new JdbcXAConnection(factory, id, url, user, convertToCharArray(password));
}
//## Java 1.4 end ##
......@@ -309,7 +330,7 @@ implements XADataSource, DataSource, ConnectionPoolDataSource, Serializable, Ref
//## Java 1.4 begin ##
public PooledConnection getPooledConnection(String user, String password) throws SQLException {
if (isDebugEnabled()) {
debugCode("getPooledConnection("+quote(user)+", "+quote(password)+");");
debugCode("getPooledConnection("+quote(user)+", \"\");");
}
return getXAConnection(user, password);
}
......
......@@ -23,6 +23,7 @@ import org.h2.jdbc.JdbcConnection;
import org.h2.util.ByteUtils;
import org.h2.util.JdbcConnectionListener;
import org.h2.util.JdbcUtils;
import org.h2.util.StringUtils;
//## Java 1.4 end ##
import org.h2.message.TraceObject;
......@@ -46,7 +47,8 @@ implements XAConnection, XAResource, JdbcConnectionListener
private static int nextTransactionId;
private JdbcDataSourceFactory factory;
private String url, user, password;
private String url, user;
private char[] password;
private JdbcConnection connSentinel;
private JdbcConnection conn;
private ArrayList listeners = new ArrayList();
......@@ -57,7 +59,7 @@ implements XAConnection, XAResource, JdbcConnectionListener
org.h2.Driver.load();
}
JdbcXAConnection(JdbcDataSourceFactory factory, int id, String url, String user, String password) throws SQLException {
JdbcXAConnection(JdbcDataSourceFactory factory, int id, String url, String user, char[] password) throws SQLException {
this.factory = factory;
setTrace(factory.getTrace(), TraceObject.XA_DATA_SOURCE, id);
this.url = url;
......@@ -429,7 +431,7 @@ implements XAConnection, XAResource, JdbcConnectionListener
private JdbcConnection openConnection() throws SQLException {
Properties info = new Properties();
info.setProperty("user", user);
info.setProperty("password", password);
info.put("password", StringUtils.cloneCharArray(password));
JdbcConnection conn = new JdbcConnection(url, info);
conn.setJdbcConnectionListener(this);
if (currentTransaction != null) {
......
......@@ -842,4 +842,24 @@ public class StringUtils {
return buff.toString();
}
/**
* Create a new char array and copy all the data. If the size of the byte
* array is zero, the same array is returned.
*
* @param chars the char array (may be null)
* @return a new char array
*/
public static char[] cloneCharArray(char[] chars) {
if (chars == null) {
return null;
}
int len = chars.length;
if (len == 0) {
return chars;
}
char[] copy = new char[len];
System.arraycopy(chars, 0, copy, 0, len);
return copy;
}
}
Markdown 格式
0%
您添加了 0 到此讨论。请谨慎行事。
请先完成此评论的编辑!
注册 或者 后发表评论