public final class ProtectedString extends java.lang.Object implements Traceable, FFDCSelfIntrospectable
toString()
.
Instances of this class are immutable.
This class does not provide a constructor that takes a String, and it does
not have a method to convert the contents to a String. This is deliberate to
encourage the caller to never store passwords in a String, which might be
accidentally logged in trace or FFDC. In particular, callers must avoid
storing a String even indirectly, such as in a Map. Additionally, callers
must be careful to avoid accidentally logging in trace or FFDC
the char[]
used to construct the instance or that is returned
from getChars()
.
This implementation does not protect against the string being visible in clear text in JVM memory dumps. This class does not provide additional protection against the string being accessible via reflection, so callers should be careful to use private accessibility.
Modifier and Type | Field and Description |
---|---|
static ProtectedString |
EMPTY_PROTECTED_STRING
A password object that holds the equivalent of the empty string
|
static ProtectedString |
NULL_PROTECTED_STRING
A password object that holds null
|
Constructor and Description |
---|
ProtectedString(char[] password)
Construct a ProtectedString (typically a password) from an array of
characters.
|
Modifier and Type | Method and Description |
---|---|
boolean |
equals(java.lang.Object o)
Determine if this password is the same as another object
NOTE: As with all equals() methods, this implementation obeys the requirements
of java.lang.Object.equals().
|
char[] |
getChars()
Return the protected password (Note: it is then the job of the caller to
prevent its copies reaching trace, ffdc or converting it to a string
|
int |
hashCode()
return a hash code for this Password
|
java.lang.String[] |
introspectSelf()
Provide details on the state of this object to ffdc, hiding the actual
contents of the password
|
boolean |
isEmpty()
Return true if password is either null or has no characters
(use in situations where some kind of password is required)
|
java.lang.String |
toString()
Convert the password to a string, revealing only if it is null or
non-null.
|
java.lang.String |
toTraceString()
Convert the password to a string for tracing purposes.
|
public static final ProtectedString NULL_PROTECTED_STRING
public static final ProtectedString EMPTY_PROTECTED_STRING
public ProtectedString(char[] password)
chars
- The password to be protectedpublic char[] getChars()
public java.lang.String toString()
toString
in class java.lang.Object
public java.lang.String toTraceString()
toTraceString
in interface Traceable
public java.lang.String[] introspectSelf()
introspectSelf
in interface FFDCSelfIntrospectable
public boolean equals(java.lang.Object o)
equals
in class java.lang.Object
o
- The other objectpublic int hashCode()
hashCode
in class java.lang.Object
public boolean isEmpty()