diff --git a/community/kernel/src/main/java/org/neo4j/kernel/api/security/AuthToken.java b/community/kernel/src/main/java/org/neo4j/kernel/api/security/AuthToken.java index e434a0f5eb5c2..3cdede76f9a12 100644 --- a/community/kernel/src/main/java/org/neo4j/kernel/api/security/AuthToken.java +++ b/community/kernel/src/main/java/org/neo4j/kernel/api/security/AuthToken.java @@ -72,6 +72,7 @@ else if ( !(value instanceof byte[]) ) return (byte[]) value; } + @SuppressWarnings( "unchecked" ) static Map safeCastMap( String key, Map authToken ) throws InvalidAuthTokenException { @@ -95,13 +96,13 @@ else if ( value instanceof Map ) static void clearCredentials( Map authToken ) { Object credentials = authToken.get( CREDENTIALS ); - if ( credentials != null && credentials instanceof byte[] ) + if ( credentials instanceof byte[] ) { Arrays.fill( (byte[]) credentials, (byte) 0 ); } Object newCredentials = authToken.get( NEW_CREDENTIALS ); - if ( newCredentials != null && newCredentials instanceof byte[] ) + if ( newCredentials instanceof byte[] ) { Arrays.fill( (byte[]) newCredentials, (byte) 0 ); } diff --git a/enterprise/security/src/main/java/org/neo4j/server/security/enterprise/auth/plugin/PluginApiAuthToken.java b/enterprise/security/src/main/java/org/neo4j/server/security/enterprise/auth/plugin/PluginApiAuthToken.java index c400649aa07c1..cc54ac5e31ae3 100644 --- a/enterprise/security/src/main/java/org/neo4j/server/security/enterprise/auth/plugin/PluginApiAuthToken.java +++ b/enterprise/security/src/main/java/org/neo4j/server/security/enterprise/auth/plugin/PluginApiAuthToken.java @@ -24,6 +24,7 @@ import java.nio.ByteBuffer; import java.nio.charset.StandardCharsets; +import java.util.Arrays; import java.util.Map; import org.neo4j.kernel.api.security.exception.InvalidAuthTokenException; @@ -64,12 +65,20 @@ public Map parameters() return parameters; } - public static AuthToken of( String principal, char[] credentials, Map parameters ) + void clearCredentials() + { + if ( credentials != null ) + { + Arrays.fill( credentials, (char) 0 ); + } + } + + public static PluginApiAuthToken of( String principal, char[] credentials, Map parameters ) { return new PluginApiAuthToken( principal, credentials, parameters ); } - public static AuthToken createFromMap( Map authTokenMap ) throws InvalidAuthTokenException + public static PluginApiAuthToken createFromMap( Map authTokenMap ) throws InvalidAuthTokenException { String scheme = org.neo4j.kernel.api.security.AuthToken .safeCast( org.neo4j.kernel.api.security.AuthToken.SCHEME_KEY, authTokenMap ); diff --git a/enterprise/security/src/main/java/org/neo4j/server/security/enterprise/auth/plugin/PluginRealm.java b/enterprise/security/src/main/java/org/neo4j/server/security/enterprise/auth/plugin/PluginRealm.java index c3d7fcf4f72fc..33332c28e9530 100644 --- a/enterprise/security/src/main/java/org/neo4j/server/security/enterprise/auth/plugin/PluginRealm.java +++ b/enterprise/security/src/main/java/org/neo4j/server/security/enterprise/auth/plugin/PluginRealm.java @@ -186,7 +186,7 @@ protected AuthenticationInfo doGetAuthenticationInfo( AuthenticationToken token { try { - AuthToken pluginAuthToken = + PluginApiAuthToken pluginAuthToken = PluginApiAuthToken.createFromMap( ((ShiroAuthToken) token).getAuthTokenMap() ); try { @@ -216,7 +216,7 @@ else if ( authenticationPlugin != null ) finally { // Clear credentials - Arrays.fill( pluginAuthToken.credentials(), (char) 0 ); + pluginAuthToken.clearCredentials(); } } catch ( org.neo4j.server.security.enterprise.auth.plugin.api.AuthenticationException |