View Javadoc
1   /*
2    * Licensed to the Apache Software Foundation (ASF) under one
3    * or more contributor license agreements.  See the NOTICE file
4    * distributed with this work for additional information
5    * regarding copyright ownership.  The ASF licenses this file
6    * to you under the Apache License, Version 2.0 (the
7    * "License"); you may not use this file except in compliance
8    * with the License.  You may obtain a copy of the License at
9    *
10   *   http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing,
13   * software distributed under the License is distributed on an
14   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   * KIND, either express or implied.  See the License for the
16   * specific language governing permissions and limitations
17   * under the License.
18   */
19  package org.apache.syncope.core.spring.security;
20  
21  import org.slf4j.Logger;
22  import org.slf4j.LoggerFactory;
23  
24  /**
25   * Provides some methods to check whether default credentials are being used, and logs a warning if they are.
26   */
27  public class DefaultCredentialChecker {
28  
29      private static final Logger LOG = LoggerFactory.getLogger(DefaultCredentialChecker.class);
30  
31      private static final String DEFAULT_JWS_KEY = "ZW7pRixehFuNUtnY5Se47IemgMryTzazPPJ9CGX5LTCmsOJpOgHAQEuPQeV9A28f";
32  
33      private static final String DEFAULT_ADMIN_PASSWORD =
34          "DE088591C00CC98B36F5ADAAF7DA2B004CF7F2FE7BBB45B766B6409876E2F3DB13C7905C6AA59464";
35  
36      private static final String DEFAULT_ANON_KEY = "anonymousKey";
37  
38      private final boolean defaultAdminPasswordInUse;
39  
40      private final boolean defaultJwsKeyInUse;
41  
42      private final boolean defaultAnonymousKeyInUse;
43  
44      public DefaultCredentialChecker(final String jwsKey, final String adminPassword, final String anonymousKey) {
45          defaultJwsKeyInUse = DEFAULT_JWS_KEY.equals(jwsKey);
46          defaultAdminPasswordInUse = DEFAULT_ADMIN_PASSWORD.equals(adminPassword);
47          defaultAnonymousKeyInUse = DEFAULT_ANON_KEY.equals(anonymousKey);
48      }
49  
50      public void checkIsDefaultJWSKeyInUse() {
51          if (defaultJwsKeyInUse) {
52              LOG.warn("The default jwsKey property is being used. "
53                      + "This must be changed to avoid a security breach!");
54          }
55      }
56  
57      public void checkIsDefaultAdminPasswordInUse() {
58          if (defaultAdminPasswordInUse) {
59              LOG.warn("The default adminPassword property is being used. "
60                      + "This must be changed to avoid a security breach!");
61          }
62      }
63  
64      public void checkIsDefaultAnonymousKeyInUse() {
65          if (defaultAnonymousKeyInUse) {
66              LOG.warn("The default anonymousKey property is being used. "
67                      + "This must be changed to avoid a security breach!");
68          }
69      }
70  }