Issue #7063 - Remove logging requirement from Password / Credential

Signed-off-by: Joakim Erdfelt <[email protected]>
jetty · Dec 7, 2021 · ace18fa · ace18fa
1 parent 04ae667
commit ace18fa
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 15 deletions.
diff --git a/jetty-util/src/main/java/org/eclipse/jetty/util/security/Credential.java b/jetty-util/src/main/java/org/eclipse/jetty/util/security/Credential.java
@@ -23,8 +23,6 @@
 
 import org.eclipse.jetty.util.TypeUtil;
 import org.eclipse.jetty.util.thread.AutoLock;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
 
 /**
  * Credentials. The Credential class represents an abstract mechanism for checking authentication credentials. A credential instance either represents a secret,
@@ -39,8 +37,8 @@
  */
 public abstract class Credential implements Serializable
 {
+    // NOTE: DO NOT INTRODUCE LOGGING TO THIS CLASS
     private static final long serialVersionUID = -7760551052768181572L;
-    private static final Logger LOG = LoggerFactory.getLogger(Credential.class);
     private static final List<CredentialProvider> CREDENTIAL_PROVIDERS = TypeUtil.serviceProviderStream(ServiceLoader.load(CredentialProvider.class))
         .flatMap(p -> Stream.of(p.get()))
         .collect(Collectors.toList());
@@ -154,8 +152,7 @@ public boolean check(Object credentials)
         {
             if (credentials instanceof char[])
                 credentials = new String((char[])credentials);
-            if (!(credentials instanceof String) && !(credentials instanceof Password))
-                LOG.warn("Can't check {} against CRYPT", credentials.getClass());
+
             return stringEquals(_cooked, UnixCrypt.crypt(credentials.toString(), _cooked));
         }
 
@@ -229,13 +226,12 @@ else if (credentials instanceof Credential)
                 }
                 else
                 {
-                    LOG.warn("Can't check {} against MD5", credentials.getClass());
+                    // Not a MD5 or Credential class
                     return false;
                 }
             }
             catch (Exception e)
             {
-                LOG.warn("Failed message digest", e);
                 return false;
             }
         }
@@ -248,6 +244,9 @@ public boolean equals(Object obj)
             return false;
         }
 
+        /**
+         * Used only by Command Line Password utility
+         */
         public static String digest(String password)
         {
             try
@@ -263,7 +262,8 @@ public static String digest(String password)
                         }
                         catch (Exception e)
                         {
-                            LOG.warn("Unable to access MD5 message digest", e);
+                            System.err.println("Unable to access MD5 message digest");
+                            e.printStackTrace(System.err);
                             return null;
                         }
                     }
@@ -277,7 +277,8 @@ public static String digest(String password)
             }
             catch (Exception e)
             {
-                LOG.warn("Message Digest failure", e);
+                System.err.println("Message Digest Failure");
+                e.printStackTrace(System.err);
                 return null;
             }
         }

diff --git a/jetty-util/src/main/java/org/eclipse/jetty/util/security/Password.java b/jetty-util/src/main/java/org/eclipse/jetty/util/security/Password.java
@@ -17,9 +17,6 @@
 import java.nio.charset.StandardCharsets;
 import java.util.Locale;
 
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
 /**
  * Password utility class.
  *
@@ -47,8 +44,7 @@
  */
 public class Password extends Credential
 {
-    private static final Logger LOG = LoggerFactory.getLogger(Password.class);
-
+    // NOTE: DO NOT INTRODUCE LOGGING TO THIS CLASS
     private static final long serialVersionUID = 5062906681431569445L;
 
     public static final String __OBFUSCATE = "OBF:";
@@ -224,7 +220,9 @@ public static Password getPassword(String realm, String dft, String promptDft)
             }
             catch (IOException e)
             {
-                LOG.warn("EXCEPTION", e);
+                // only seen with command line input style
+                System.err.println("ERROR: Bad/Invalid password.");
+                e.printStackTrace(System.err);
             }
             if (passwd == null || passwd.length() == 0)
                 passwd = promptDft;