提交 177b071b authored 作者: Thomas Mueller's avatar Thomas Mueller

JdbcDataSource now keeps the password in a char array where possible.

上级 deb7a855
...@@ -28,6 +28,7 @@ import org.h2.message.TraceObject; ...@@ -28,6 +28,7 @@ import org.h2.message.TraceObject;
//## Java 1.6 begin ## //## Java 1.6 begin ##
import org.h2.message.Message; import org.h2.message.Message;
//## Java 1.6 end ## //## Java 1.6 end ##
import org.h2.util.StringUtils;
/** /**
* A data source for H2 database connections. It is a factory for XAConnection * A data source for H2 database connections. It is a factory for XAConnection
...@@ -74,7 +75,7 @@ implements XADataSource, DataSource, ConnectionPoolDataSource, Serializable, Ref ...@@ -74,7 +75,7 @@ implements XADataSource, DataSource, ConnectionPoolDataSource, Serializable, Ref
private transient PrintWriter logWriter; private transient PrintWriter logWriter;
private int loginTimeout; private int loginTimeout;
private String user = ""; private String user = "";
private String password = ""; private char[] password = new char[0];
private String url = ""; private String url = "";
static { static {
...@@ -149,7 +150,7 @@ implements XADataSource, DataSource, ConnectionPoolDataSource, Serializable, Ref ...@@ -149,7 +150,7 @@ implements XADataSource, DataSource, ConnectionPoolDataSource, Serializable, Ref
*/ */
public Connection getConnection() throws SQLException { public Connection getConnection() throws SQLException {
debugCodeCall("getConnection"); debugCodeCall("getConnection");
return getJdbcConnection(user, password); return getJdbcConnection(user, StringUtils.cloneCharArray(password));
} }
/** /**
...@@ -162,18 +163,18 @@ implements XADataSource, DataSource, ConnectionPoolDataSource, Serializable, Ref ...@@ -162,18 +163,18 @@ implements XADataSource, DataSource, ConnectionPoolDataSource, Serializable, Ref
*/ */
public Connection getConnection(String user, String password) throws SQLException { public Connection getConnection(String user, String password) throws SQLException {
if (isDebugEnabled()) { if (isDebugEnabled()) {
debugCode("getConnection("+quote(user)+", "+quote(password)+");"); debugCode("getConnection("+quote(user)+", \"\");");
} }
return getJdbcConnection(user, password); return getJdbcConnection(user, convertToCharArray(password));
} }
private JdbcConnection getJdbcConnection(String user, String password) throws SQLException { private JdbcConnection getJdbcConnection(String user, char[] password) throws SQLException {
if (isDebugEnabled()) { if (isDebugEnabled()) {
debugCode("getJdbcConnection("+quote(user)+", "+quote(password)+");"); debugCode("getJdbcConnection("+quote(user)+", new char[0]);");
} }
Properties info = new Properties(); Properties info = new Properties();
info.setProperty("user", user); info.setProperty("user", user);
info.setProperty("password", password); info.put("password", password);
return new JdbcConnection(url, info); return new JdbcConnection(url, info);
} }
...@@ -198,15 +199,35 @@ implements XADataSource, DataSource, ConnectionPoolDataSource, Serializable, Ref ...@@ -198,15 +199,35 @@ implements XADataSource, DataSource, ConnectionPoolDataSource, Serializable, Ref
} }
/** /**
* Set the current password * Set the current password.
* *
* @param password the new password. * @param password the new password.
*/ */
public void setPassword(String password) { public void setPassword(String password) {
debugCodeCall("setPassword", password); debugCodeCall("setPassword", "");
this.password = convertToCharArray(password);
}
/**
* Set the current password in the form of a char array.
*
* @param password the new password in the form of a char array.
*/
public void setPasswordChars(char[] password) {
if (isDebugEnabled()) {
debugCode("setPasswordChars(new char[0]);");
}
this.password = password; this.password = password;
} }
private char[] convertToCharArray(String s) {
return s == null ? null : s.toCharArray();
}
private String convertToString(char[] a) {
return a == null ? null : new String(a);
}
/** /**
* Get the current password. * Get the current password.
* *
...@@ -214,7 +235,7 @@ implements XADataSource, DataSource, ConnectionPoolDataSource, Serializable, Ref ...@@ -214,7 +235,7 @@ implements XADataSource, DataSource, ConnectionPoolDataSource, Serializable, Ref
*/ */
public String getPassword() { public String getPassword() {
debugCodeCall("getPassword"); debugCodeCall("getPassword");
return password; return convertToString(password);
} }
/** /**
...@@ -249,7 +270,7 @@ implements XADataSource, DataSource, ConnectionPoolDataSource, Serializable, Ref ...@@ -249,7 +270,7 @@ implements XADataSource, DataSource, ConnectionPoolDataSource, Serializable, Ref
Reference ref = new Reference(getClass().getName(), factoryClassName, null); Reference ref = new Reference(getClass().getName(), factoryClassName, null);
ref.add(new StringRefAddr("url", url)); ref.add(new StringRefAddr("url", url));
ref.add(new StringRefAddr("user", user)); ref.add(new StringRefAddr("user", user));
ref.add(new StringRefAddr("password", password)); ref.add(new StringRefAddr("password", convertToString(password)));
ref.add(new StringRefAddr("loginTimeout", String.valueOf(loginTimeout))); ref.add(new StringRefAddr("loginTimeout", String.valueOf(loginTimeout)));
return ref; return ref;
} }
...@@ -279,10 +300,10 @@ implements XADataSource, DataSource, ConnectionPoolDataSource, Serializable, Ref ...@@ -279,10 +300,10 @@ implements XADataSource, DataSource, ConnectionPoolDataSource, Serializable, Ref
//## Java 1.4 begin ## //## Java 1.4 begin ##
public XAConnection getXAConnection(String user, String password) throws SQLException { public XAConnection getXAConnection(String user, String password) throws SQLException {
if (isDebugEnabled()) { if (isDebugEnabled()) {
debugCode("getXAConnection("+quote(user)+", "+quote(password)+");"); debugCode("getXAConnection("+quote(user)+", \"\");");
} }
int id = getNextId(XA_DATA_SOURCE); int id = getNextId(XA_DATA_SOURCE);
return new JdbcXAConnection(factory, id, url, user, password); return new JdbcXAConnection(factory, id, url, user, convertToCharArray(password));
} }
//## Java 1.4 end ## //## Java 1.4 end ##
...@@ -309,7 +330,7 @@ implements XADataSource, DataSource, ConnectionPoolDataSource, Serializable, Ref ...@@ -309,7 +330,7 @@ implements XADataSource, DataSource, ConnectionPoolDataSource, Serializable, Ref
//## Java 1.4 begin ## //## Java 1.4 begin ##
public PooledConnection getPooledConnection(String user, String password) throws SQLException { public PooledConnection getPooledConnection(String user, String password) throws SQLException {
if (isDebugEnabled()) { if (isDebugEnabled()) {
debugCode("getPooledConnection("+quote(user)+", "+quote(password)+");"); debugCode("getPooledConnection("+quote(user)+", \"\");");
} }
return getXAConnection(user, password); return getXAConnection(user, password);
} }
......
...@@ -23,6 +23,7 @@ import org.h2.jdbc.JdbcConnection; ...@@ -23,6 +23,7 @@ import org.h2.jdbc.JdbcConnection;
import org.h2.util.ByteUtils; import org.h2.util.ByteUtils;
import org.h2.util.JdbcConnectionListener; import org.h2.util.JdbcConnectionListener;
import org.h2.util.JdbcUtils; import org.h2.util.JdbcUtils;
import org.h2.util.StringUtils;
//## Java 1.4 end ## //## Java 1.4 end ##
import org.h2.message.TraceObject; import org.h2.message.TraceObject;
...@@ -46,7 +47,8 @@ implements XAConnection, XAResource, JdbcConnectionListener ...@@ -46,7 +47,8 @@ implements XAConnection, XAResource, JdbcConnectionListener
private static int nextTransactionId; private static int nextTransactionId;
private JdbcDataSourceFactory factory; private JdbcDataSourceFactory factory;
private String url, user, password; private String url, user;
private char[] password;
private JdbcConnection connSentinel; private JdbcConnection connSentinel;
private JdbcConnection conn; private JdbcConnection conn;
private ArrayList listeners = new ArrayList(); private ArrayList listeners = new ArrayList();
...@@ -57,7 +59,7 @@ implements XAConnection, XAResource, JdbcConnectionListener ...@@ -57,7 +59,7 @@ implements XAConnection, XAResource, JdbcConnectionListener
org.h2.Driver.load(); org.h2.Driver.load();
} }
JdbcXAConnection(JdbcDataSourceFactory factory, int id, String url, String user, String password) throws SQLException { JdbcXAConnection(JdbcDataSourceFactory factory, int id, String url, String user, char[] password) throws SQLException {
this.factory = factory; this.factory = factory;
setTrace(factory.getTrace(), TraceObject.XA_DATA_SOURCE, id); setTrace(factory.getTrace(), TraceObject.XA_DATA_SOURCE, id);
this.url = url; this.url = url;
...@@ -429,7 +431,7 @@ implements XAConnection, XAResource, JdbcConnectionListener ...@@ -429,7 +431,7 @@ implements XAConnection, XAResource, JdbcConnectionListener
private JdbcConnection openConnection() throws SQLException { private JdbcConnection openConnection() throws SQLException {
Properties info = new Properties(); Properties info = new Properties();
info.setProperty("user", user); info.setProperty("user", user);
info.setProperty("password", password); info.put("password", StringUtils.cloneCharArray(password));
JdbcConnection conn = new JdbcConnection(url, info); JdbcConnection conn = new JdbcConnection(url, info);
conn.setJdbcConnectionListener(this); conn.setJdbcConnectionListener(this);
if (currentTransaction != null) { if (currentTransaction != null) {
......
...@@ -842,4 +842,24 @@ public class StringUtils { ...@@ -842,4 +842,24 @@ public class StringUtils {
return buff.toString(); return buff.toString();
} }
/**
* Create a new char array and copy all the data. If the size of the byte
* array is zero, the same array is returned.
*
* @param chars the char array (may be null)
* @return a new char array
*/
public static char[] cloneCharArray(char[] chars) {
if (chars == null) {
return null;
}
int len = chars.length;
if (len == 0) {
return chars;
}
char[] copy = new char[len];
System.arraycopy(chars, 0, copy, 0, len);
return copy;
}
} }
Markdown 格式
0%
您添加了 0 到此讨论。请谨慎行事。
请先完成此评论的编辑!
注册 或者 后发表评论