This is an automated email from the ASF dual-hosted git repository. ashakirin pushed a commit to branch feature/CXF-8099_mask_sensitive_logging_elements in repository https://gitbox.apache.org/repos/asf/cxf.git
The following commit(s) were added to refs/heads/feature/CXF-8099_mask_sensitive_logging_elements by this push: new c4e2f95 CXF-8099: refactored header replacing c4e2f95 is described below commit c4e2f95250b7c456ecd97c75e158311bdf4e2709 Author: ashakirin <49843238+ashakirin-tal...@users.noreply.github.com> AuthorDate: Wed Jul 22 01:36:06 2020 +0200 CXF-8099: refactored header replacing --- .../org/apache/cxf/ext/logging/MaskSensitiveHelper.java | 11 +++++++++++ .../cxf/ext/logging/event/DefaultLogEventMapper.java | 14 ++++---------- 2 files changed, 15 insertions(+), 10 deletions(-) diff --git a/rt/features/logging/src/main/java/org/apache/cxf/ext/logging/MaskSensitiveHelper.java b/rt/features/logging/src/main/java/org/apache/cxf/ext/logging/MaskSensitiveHelper.java index 0db8dc0..f8c5b25 100644 --- a/rt/features/logging/src/main/java/org/apache/cxf/ext/logging/MaskSensitiveHelper.java +++ b/rt/features/logging/src/main/java/org/apache/cxf/ext/logging/MaskSensitiveHelper.java @@ -19,6 +19,7 @@ package org.apache.cxf.ext.logging; import java.util.HashSet; +import java.util.Map; import java.util.Set; import java.util.regex.Pattern; @@ -30,6 +31,7 @@ public class MaskSensitiveHelper { private static final String MATCH_PATTERN_JSON_TEMPLATE = "\"-ELEMENT_NAME-\"[ \\t]*:[ \\t]*\"(.*?)\""; private static final String REPLACEMENT_XML_TEMPLATE = "<-ELEMENT_NAME->XXX</-ELEMENT_NAME->"; private static final String REPLACEMENT_JSON_TEMPLATE = "\"-ELEMENT_NAME-\": \"XXX\""; + private static final String MASKED_HEADER_VALUE = "XXX"; private static final String XML_CONTENT = "xml"; private static final String HTML_CONTENT = "html"; @@ -82,6 +84,15 @@ public class MaskSensitiveHelper { return originalLogString; } + public void maskHeaders( + final Map<String, String> headerMap, + final Set<String> sensitiveHeaderNames) { + sensitiveHeaderNames.stream() + .forEach(h -> { + headerMap.computeIfPresent(h, (key, value) -> MASKED_HEADER_VALUE); + }); + } + private String applyMasks(String originalLogString, Set<ReplacementPair> replacementPairs) { String resultString = originalLogString; for (final ReplacementPair replacementPair : replacementPairs) { diff --git a/rt/features/logging/src/main/java/org/apache/cxf/ext/logging/event/DefaultLogEventMapper.java b/rt/features/logging/src/main/java/org/apache/cxf/ext/logging/event/DefaultLogEventMapper.java index 78f4782..14b7d3c 100644 --- a/rt/features/logging/src/main/java/org/apache/cxf/ext/logging/event/DefaultLogEventMapper.java +++ b/rt/features/logging/src/main/java/org/apache/cxf/ext/logging/event/DefaultLogEventMapper.java @@ -34,6 +34,7 @@ import javax.security.auth.Subject; import org.apache.cxf.binding.Binding; import org.apache.cxf.configuration.security.AuthorizationPolicy; import org.apache.cxf.endpoint.Endpoint; +import org.apache.cxf.ext.logging.MaskSensitiveHelper; import org.apache.cxf.helpers.CastUtils; import org.apache.cxf.message.Message; import org.apache.cxf.message.MessageUtils; @@ -62,6 +63,8 @@ public class DefaultLogEventMapper { private final Set<String> binaryContentMediaTypes = new HashSet<>(DEFAULT_BINARY_CONTENT_MEDIA_TYPES); + private MaskSensitiveHelper maskSensitiveHelper = new MaskSensitiveHelper(); + public void addBinaryContentMediaTypes(String mediaTypes) { if (mediaTypes != null) { Collections.addAll(binaryContentMediaTypes, mediaTypes.split(";")); @@ -86,7 +89,7 @@ public class DefaultLogEventMapper { event.setContentType(safeGet(message, Message.CONTENT_TYPE)); Map<String, String> headerMap = getHeaders(message); - maskHeaders(headerMap, sensitiveProtocolHeaders); + maskSensitiveHelper.maskHeaders(headerMap, sensitiveProtocolHeaders); event.setHeaders(headerMap); event.setAddress(getAddress(message, event)); @@ -98,15 +101,6 @@ public class DefaultLogEventMapper { return event; } - private void maskHeaders( - final Map<String, String> headerMap, - final Set<String> sensitiveHeaderNames) { - sensitiveHeaderNames.stream() - .forEach(h -> { - headerMap.computeIfPresent(h, (key, value) -> MASKED_HEADER_VALUE); - }); - } - private String getPrincipal(Message message) { String principal = getJAASPrincipal(); if (principal != null) {