Bug 46781 - <input><handler type="secure"/></input> with impl defined by embedder
Summary: <input><handler type="secure"/></input> with impl defined by embedder
Status: NEW
Alias: None
Product: Ant
Classification: Unclassified
Component: Core tasks (show other bugs)
Version: 1.7.1
Hardware: All All
: P2 enhancement with 1 vote (vote)
Target Milestone: ---
Assignee: Ant Notifications List
URL: http://www.netbeans.org/nonav/issues/...
Keywords:
Depends on:
Blocks:
 
Reported: 2009-02-27 13:58 UTC by Jesse Glick
Modified: 2009-02-27 21:52 UTC (History)
0 users



Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Jesse Glick 2009-02-27 13:58:24 UTC
When Ant is run embedded, the container can set a default input handler - there is a method on Project for this. But it is pretty common for a script to request SecureInputHandler to read a password. If it does this, the container no longer has any way to substitute a preferred handler, so java.io.Console is used whether this makes sense or not.

In the case of the NetBeans IDE (see URL), it would like to pop up a dialog with a JPasswordField, and you can imagine other GUI embedders (or even CI servers) wanting to provide their own impls.

Would like to introduce Project.setSecureInputHandler(InputHandler). Since <input classname="..."> always loads exactly that, should introduce "secure" as a value for HandlerType. Scripts using this mode would get the handler defined by the project, SecureInputHandler if not set otherwise.

Old scripts using classname="...SecureInputHandler" would be unaffected; would be nice to provide the new behavior for these automatically, but that would mean you could not explicitly request SIH and nothing else. Possible trick: introduce

public class ConsoleSecureInputHandler extends SecureInputHandler {}

(a no-op override), and treat <handler classname="...SecureInputHandler"/> like <handler type="secure"/>, with <handler classname="...ConsoleSecureInputHandler"/> available for scripts which really do not want this to be overridden by a container.

Should probably have CLI

  -secureinputhandler <class>  the class which will handle secure input requests

as well, useful for containers which fork Ant rather than embedding in-VM.