Menu
I am using a JPasswordField in my program. When I ask getPassword(), I get a char[] array. But when I add an ActionListener to the JPasswordField and ask getActionCommand(), I get the password as a String. Is this password save in the event object as String? Isn't this a security issue?
777
Use jPasswordField1. setEchoChar('*') to mask the password characters with * . If you wish to see the value you are inserting use jPasswordField1. setEchoChar((char)0); Setting a value of 0 indicates that you wish to see the text as it is typed, similar to the behavior of a standard JTextField .
By default, the echo character is the asterisk(*). The important methods of JPasswordField are get password(), getText(), getAccessibleContext() and etc. By default, JPasswordField can show the echo characters. We can hide the echo characters and show the original text to the use by click on JCheckBox.
char getEchoChar() : returns the character used for echoing in JPasswordField. setEchoChar(char c) : set the echo character for JPasswordField. String getPassword() : returns the text contained in JPasswordField.
JPasswordField is a lightweight component that allows the editing of a single line of text where the view indicates something was typed, but does not show the original characters. You can find further information and examples in How to Use Text Fields, a section in The Java Tutorial.
When you set no action command for a component, the text in it will be the action command. This is why you are getting the password.
Even for JTextField also
JTextField jt=new JTextField("text");
jt.addActionListener(new ActionListener(){
public void actionPerformed(ActionEvent ae)
{
System.out.println(ae.getActionCommand());
}
});
This is a security issue because you are getting password as String which is immutable rather than a char[]
Whenever an explicit action command is not set, the text in the component will be sent to the ActionEvent constructor though you didn't specifically set it as action command. The command parameter can be null though, but it is not recommended to be null, therefore the text in the component is the action command by default. If there is no password in the JPasswordField an empty string will be the action command.
Don't try setting action command to null, if it is null, then the text in the JPasswordField will be the action command. The problem comes again.
So i would recommend you to set some action command for the JPasswordField without leaving it like that for now until this is rectified by Oracle.
JPasswordField jt=new JPasswordField("text");
jt.setActionCommand("");
jt.addActionListener(new ActionListener(){
public void actionPerformed(ActionEvent ae)
{
System.out.println(ae.getActionCommand());
}
});
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
