在 CXF 记录 SOAP 请求中屏蔽敏感数据
[英]Masking Sensitive Data in CXF Logging SOAP Requests
问题描述
After using CXF to call a SOAP webservice, CXF client logs the SOAP request message with password visible!
使用 CXF 调用 SOAP 网络服务后,CXF 客户端记录 SOAP 请求消息,密码可见! I want to hide sensitive data like passwords from the CXF client logging.我想从 CXF 客户端日志中隐藏密码等敏感数据。
Here's what I got in log:这是我在日志中得到的:
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Body>
<runReport xmlns="http://xmlns.oracle.com/oxp/service/MYSERVICE">
<userID>username</userID>
<password>mypassword</password>
</runReport>
</soap:Body>
</soap:Envelope>
All I want is to replace mypassword to **********我想要的只是将mypassword替换为**********
I tried this solution but it won't work with my CXF version because it uses an older version of CXF.我尝试了这个解决方案,但它不适用于我的 CXF 版本,因为它使用的是旧版本的 CXF。
I really saw many examples, ones that extends LoggingOutInterceptor, other extends AbstractSoapInterceptor, other extends PhaseInterceptorChain and others... and I really don't know where to start, I couldn't find any documentation on this matter.我真的看到了很多例子,有的扩展了 LoggingOutInterceptor,有的扩展了 AbstractSoapInterceptor,有的扩展了 PhaseInterceptorChain 等等……我真的不知道从哪里开始,我找不到关于这件事的任何文档。
Any help, link to doc will be appreciated!任何帮助,文档链接将不胜感激!
1 个解决方案
解决方案1
0 2021-01-02 13:42:34
I solved this extending LoggingInInterceptor and adding the words that i want to hide in the method addSensitiveElementNames, for header they have sensitiveProtocolHeaderNames method to do the same.我解决了这个扩展 LoggingInInterceptor 的问题,并在方法 addSensitiveElementNames 中添加了我想隐藏的单词,对于标头,他们有sensitiveProtocolHeaderNames 方法来执行相同的操作。
public class MyLogIn extends LoggingInInterceptor {
public void handleMessage(Message message) throws Fault {
addSensitiveElementNames(Set.of("description"));
super.handleMessage(message);
}
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.