[
https://issues.apache.org/jira/browse/WW-3760?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13213566#comment-13213566
]
Jose L Martinez-Avial commented on WW-3760:
-------------------------------------------
Well, the issue is that we have a test environment where the users can connect
to authenticating against the production directory. So their real password is
being shown on the logs, and our security department is not happy about that.
We changed the ParametersInterceptor on our own, but we would prefer to change
it in the core itself, instead of customizing it ourselves.
> Change of access level to enable overriding
> -------------------------------------------
>
> Key: WW-3760
> URL: https://issues.apache.org/jira/browse/WW-3760
> Project: Struts 2
> Issue Type: Improvement
> Components: Core Interceptors
> Affects Versions: 2.3.1.2
> Reporter: Jose L Martinez-Avial
> Priority: Minor
> Labels: ParametersInterceptor, overridable
> Fix For: 2.3.2
>
> Original Estimate: 0.5h
> Remaining Estimate: 0.5h
>
> The method getParameterLogMap on
> com.opensymphony.xwork2.interceptor.ParametersInterceptor is declared as
> private. As a consequence it is not possible to override it.
> The idea of overriding it is to be able to use log level DEBUG for that
> interceptor(and see the parameters on the log) while allowing some massaging
> of the log that will be shown. For example, I would like to show the value of
> any parameter, except for the one called password. As it is today, that is
> not possible.
> The proposed solution is trivial: just change the method to be protected, so
> any user can override that method.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
