Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Simplify command line use of org.eclipse.jetty.util.Password #7063

Closed
joakime opened this issue Oct 29, 2021 · 3 comments · Fixed by #7227
Closed

Simplify command line use of org.eclipse.jetty.util.Password #7063

joakime opened this issue Oct 29, 2021 · 3 comments · Fixed by #7227
Labels
Bug For general bugs on Jetty side

Comments

@joakime
Copy link
Contributor

joakime commented Oct 29, 2021

Jetty version(s)
10+

Java version/vendor (use: java -version)
All

OS type/version
All

Description
The documentation gives example on using org.eclipse.jetty.util.Password like ...

 java -cp lib/jetty-util-{VERSION}.jar org.eclipse.jetty.util.security.Password

Usage - java org.eclipse.jetty.util.security.Password [<user>] <password>
If the password is ?, the user will be prompted for the password

and

$ java -cp ../lib/jetty-util-{VERSION}.jar org.eclipse.jetty.util.security.Password username password
2017-12-13 11:19:27.928:INFO::main: Logging initialized @95ms to org.eclipse.jetty.util.log.StdErrLog
password
OBF:1v2j1uum1xtv1zej1zer1xtn1uvk1v1v
MD5:5f4dcc3b5aa765d61d8327deb882cf99
CRYPT:usjRS48E8ZADM

But the org.eclipse.jetty.util.security.Password class has logging, so this makes the command line a bit more complex ...

Example:

[jetty-home-10.0.7]$ java -cp lib/jetty-util-10.0.7.jar org.eclipse.jetty.util.security.Password HelloWorld
Exception in thread "main" java.lang.NoClassDefFoundError: org/slf4j/LoggerFactory
	at org.eclipse.jetty.util.security.Credential.<clinit>(Credential.java:43)
Caused by: java.lang.ClassNotFoundException: org.slf4j.LoggerFactory
	at java.base/jdk.internal.loader.BuiltinClassLoader.loadClass(BuiltinClassLoader.java:581)
	at java.base/jdk.internal.loader.ClassLoaders$AppClassLoader.loadClass(ClassLoaders.java:178)
	at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:522)
	... 1 more

I see a few options here.

  1. The simplest approach would be to just remove the logging from Password and Credential, but that hurts normal usage of those classes.

  2. Document how to add slf4j-api and jetty-slf4j-impl to the command line.

  3. Introduce a new PasswordCli class that doesn't use Credential or logging at all.

  4. Introduce a start.jar option that just runs org.eclipse.jetty.util.security.Password with the appropriate classloader setup. (--password ?)
@joakime joakime added the Bug For general bugs on Jetty side label Oct 29, 2021
@joakime
Copy link
Contributor Author

joakime commented Oct 29, 2021

For the record, the minimal command line is now ...

$ java -cp lib/jetty-util-10.0.7.jar:lib/logging/slf4j-api-2.0.0-alpha5.jar:lib/logging/jetty-slf4j-impl-10.0.7.jar org.eclipse.jetty.util.security.Password HelloWorld
HelloWorld
OBF:1n4z1ugo1x151wfw1sbb1s9z1wg21x1h1uh21n6j
MD5:68e109f0f40ca72a15e05cc22786f8e6

@janbartel
Copy link
Contributor

Possibly the Password and Credential classes could be changed to throw ISE insead of doing logging. Some of the logging they're doing is pretty questionable anyway (see https://github.com/eclipse/jetty.project/blob/0ad49fd1fd9565eeec3878d9e5c0e986ec272dbd/jetty-util/src/main/java/org/eclipse/jetty/util/security/Credential.java#L158 - prints out a warning it can't check CRYPT and then goes on to check it anyway??).

Having a new start.jar option would be nice, but then again the downside is that it means you have to have a full distro in order to use it.

Maybe another option - could we make another jar artifact during the build of jetty-util that just contains everything necessary to run Password on the command line?

@olamy
Copy link
Member

olamy commented Nov 10, 2021

Maybe another option - could we make another jar artifact during the build of jetty-util that just contains everything necessary to run Password on the command line?

maybe a very simple jetty-util shaded jar with necessary logging impl (i.e simple slf4j)?

@joakime joakime mentioned this issue Dec 6, 2021
Closed
joakime added a commit that referenced this issue Dec 7, 2021
@joakime
Issue #7063 - Remove logging requirement from Password / Credential
ace18fa 
Signed-off-by: Joakim Erdfelt <[email protected]>
joakime added a commit that referenced this issue Dec 7, 2021
@joakime
Issue #7063 - Remove logging requirement from Password / Credential
e7cbf91 
Signed-off-by: Joakim Erdfelt <[email protected]>
@joakime joakime linked a pull request Dec 7, 2021 that will close this issue
Issue #7063 - Remove logging requirement from Password / Credential #7227
Merged
joakime added a commit that referenced this issue Dec 7, 2021
@joakime
Issue #7063 - Remove logging requirement from Password / Credential
f474571 
Updates from review

Signed-off-by: Joakim Erdfelt <[email protected]>
joakime added a commit that referenced this issue Dec 8, 2021
@joakime
Issue #7063 - Adding testcase for Password command line
fedd66e 
Signed-off-by: Joakim Erdfelt <[email protected]>
joakime added a commit that referenced this issue Dec 8, 2021
@joakime
Issue #7063 - Replicate TypeUtil.toString(buf, 16) use of lowercase HEX
884adc4 
Signed-off-by: Joakim Erdfelt <[email protected]>
joakime added a commit that referenced this issue Dec 8, 2021
@joakime
Issue #7063 - Fix testcase
4b49d00 
Signed-off-by: Joakim Erdfelt <[email protected]>
joakime added a commit that referenced this issue Dec 8, 2021
@joakime
Issue #7063 - Remove more remnants of TypeUtil
bfdb3ce 
Signed-off-by: Joakim Erdfelt <[email protected]>
joakime added a commit that referenced this issue Dec 10, 2021
@joakime
Issue #7063 - Reworked Credential local hex routines per review
6480758 
Signed-off-by: Joakim Erdfelt <[email protected]>
joakime added a commit that referenced this issue Dec 10, 2021
@joakime
Issue #7063 - Moved hex/string methods from TypeUtil to StringUtil
2fde03d 
+ Done so that they can be reused in non-logging applications.

Signed-off-by: Joakim Erdfelt <[email protected]>
joakime added a commit that referenced this issue Dec 10, 2021
@joakime
Issue #7063 - Correcting and improving testing of hex/string methods
7f1d57b 
Signed-off-by: Joakim Erdfelt <[email protected]>
joakime added a commit that referenced this issue Dec 16, 2021
@joakime
Issue #7063 - Remove logging requirement from Password / Credential (#…
c7cec39 
…7227)

* Issue #7063 - Remove logging requirement from Password / Credential

+ Adding testcase for Password command line
+ Moved hex/string methods from TypeUtil to StringUtil
   so that they can be reused in non-logging applications.

Signed-off-by: Joakim Erdfelt <[email protected]>
lorban pushed a commit that referenced this issue Jan 10, 2022
@joakime @lorban
Issue #7063 - Remove logging requirement from Password / Credential (#…
8581bca 
…7227)

* Issue #7063 - Remove logging requirement from Password / Credential

+ Adding testcase for Password command line
+ Moved hex/string methods from TypeUtil to StringUtil
   so that they can be reused in non-logging applications.

Signed-off-by: Joakim Erdfelt <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bug For general bugs on Jetty side
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Issue #7063 - Remove logging requirement from Password / Credential jetty/jetty.project
3 participants
@olamy @joakime @janbartel