FilePasswordProvider

Skip navigation links

All Classes

Summary:
Nested |
Field |
Constr |
Method

Detail:
Field |
Constr |
Method

java.lang.Object
- org.apache.logging.log4j.core.net.ssl.FilePasswordProvider

All Implemented Interfaces:

PasswordProvider
```
class FilePasswordProvider
extends java.lang.Object
implements PasswordProvider
```
PasswordProvider that reads password from a file.
This is a relatively secure way to handle passwords:
- Managing file access privileges can be delegated to the operating system.
- The password file can be in a separate location from the logging configuration. This gives flexibility to have different passwords in different environments while using the same logging configuration. It also allows for separation of responsibilities: developers don't need to know the password that is used in the production environment.
- There is only a small window of opportunity for attackers to obtain the password from a memory dump: the password data is only resident in memory from the moment the caller calls the getPassword() method and the password file is read until the moment that the caller completes authentication and overwrites the password char[] array.
Less secure implementations are MemoryPasswordProvider and EnvironmentPasswordProvider.

- Field Summary
  
  Fields
  Modifier and Type Field and Description
  
  private java.nio.file.Path passwordPath
- Constructor Summary
  
  Constructors
  Constructor and Description
  
  FilePasswordProvider(java.lang.String passwordFile)
  Constructs a new FilePasswordProvider with the specified path.
- Method Summary
  
  All Methods Instance Methods Concrete Methods
  Modifier and Type Method and Description
  
  char[] getPassword()
  Returns a new char[] array with the password characters.
  - Methods inherited from class java.lang.Object
    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Field Detail
  - passwordPath
```
private final java.nio.file.Path passwordPath
```
- Constructor Detail
  - FilePasswordProvider
```
public FilePasswordProvider(java.lang.String passwordFile)
                     throws java.nio.file.NoSuchFileException
```
    Constructs a new FilePasswordProvider with the specified path.
    
    Parameters:
    
    passwordFile - the path to the password file
    
    Throws:
    
    java.nio.file.NoSuchFileException - if the password file does not exist when this FilePasswordProvider is constructed
- Method Detail
  - getPassword
```
public char[] getPassword()
```
    Description copied from interface: PasswordProvider
    
    Returns a new char[] array with the password characters.
    It is the responsibility of the caller to erase this data by calling Arrays.fill(char[], char) immediately when authentication is complete and the password data is no longer needed.
    
    Specified by:
    
    getPassword in interface PasswordProvider
    
    Returns:
    
    a copy of the password

Skip navigation links

All Classes

Summary:
Nested |
Field |
Constr |
Method

Detail:
Field |
Constr |
Method