From a54134d68f3f58d61d26f3f985bee674ebf88a88 Mon Sep 17 00:00:00 2001
From: Mathieu Baudier <mbaudier@argeo.org>
Date: Fri, 21 Feb 2014 14:00:53 +0000
Subject: [PATCH] Clean provided password

git-svn-id: https://svn.argeo.org/commons/trunk@6839 4cfe0d0a-d680-48aa-b62c-e0a02a3f76cc
---
 .../java/org/argeo/security/core/ConsoleCallbackHandler.java    | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/core/ConsoleCallbackHandler.java b/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/core/ConsoleCallbackHandler.java
index 3bd4b57f0..faa81b004 100644
--- a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/core/ConsoleCallbackHandler.java
+++ b/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/core/ConsoleCallbackHandler.java
@@ -3,6 +3,7 @@ package org.argeo.security.core;
 import java.io.Console;
 import java.io.IOException;
 import java.io.PrintWriter;
+import java.util.Arrays;
 import java.util.Locale;
 
 import javax.security.auth.callback.Callback;
@@ -47,6 +48,7 @@ public class ConsoleCallbackHandler implements CallbackHandler {
 				writer.write(callback.getPrompt());
 				char[] answer = console.readPassword();
 				callback.setPassword(answer);
+				Arrays.fill(answer, ' ');
 			} else if (callbacks[i] instanceof LocaleCallback) {
 				LocaleCallback callback = (LocaleCallback) callbacks[i];
 				writer.write(callback.getPrompt());
-- 
2.30.2