1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19 package org.apache.syncope.core.spring.security;
20
21 import org.slf4j.Logger;
22 import org.slf4j.LoggerFactory;
23
24
25
26
27 public class DefaultCredentialChecker {
28
29 private static final Logger LOG = LoggerFactory.getLogger(DefaultCredentialChecker.class);
30
31 private static final String DEFAULT_JWS_KEY = "ZW7pRixehFuNUtnY5Se47IemgMryTzazPPJ9CGX5LTCmsOJpOgHAQEuPQeV9A28f";
32
33 private static final String DEFAULT_ADMIN_PASSWORD =
34 "DE088591C00CC98B36F5ADAAF7DA2B004CF7F2FE7BBB45B766B6409876E2F3DB13C7905C6AA59464";
35
36 private static final String DEFAULT_ANON_KEY = "anonymousKey";
37
38 private final boolean defaultAdminPasswordInUse;
39
40 private final boolean defaultJwsKeyInUse;
41
42 private final boolean defaultAnonymousKeyInUse;
43
44 public DefaultCredentialChecker(final String jwsKey, final String adminPassword, final String anonymousKey) {
45 defaultJwsKeyInUse = DEFAULT_JWS_KEY.equals(jwsKey);
46 defaultAdminPasswordInUse = DEFAULT_ADMIN_PASSWORD.equals(adminPassword);
47 defaultAnonymousKeyInUse = DEFAULT_ANON_KEY.equals(anonymousKey);
48 }
49
50 public void checkIsDefaultJWSKeyInUse() {
51 if (defaultJwsKeyInUse) {
52 LOG.warn("The default jwsKey property is being used. "
53 + "This must be changed to avoid a security breach!");
54 }
55 }
56
57 public void checkIsDefaultAdminPasswordInUse() {
58 if (defaultAdminPasswordInUse) {
59 LOG.warn("The default adminPassword property is being used. "
60 + "This must be changed to avoid a security breach!");
61 }
62 }
63
64 public void checkIsDefaultAnonymousKeyInUse() {
65 if (defaultAnonymousKeyInUse) {
66 LOG.warn("The default anonymousKey property is being used. "
67 + "This must be changed to avoid a security breach!");
68 }
69 }
70 }