stackoom
  简体   繁体   中英

grails kickstart plugin KickstartFilters how to prevent password information on logs

 原文  2014-12-04 12:19:07       grails/ grails-plugin/ grails-filters/ kickstrap

Question

I am using Grails version 2.2.4 and I have installed kickstart plugin as compile ":kickstart-with-bootstrap:0.9.6". 

BuildConfig.groovy
plugins {
        runtime ":hibernate:$grailsVersion"
        runtime ":jquery:1.8.3"
        runtime ":resources:1.1.6"

        compile ":kickstart-with-bootstrap:0.9.6"
        build ":tomcat:$grailsVersion"

        runtime ":database-migration:1.3.2"

        compile ':cache:1.0.1'
}

I found "KickstartFilters.groovy" filter with following directory structure 

plugin
  -> kickstart-with-bootstrap:0.9.6
     -> conf
         -> kickstart
             -> KickstartFilters.groovy

my "KickstartFilters.groovy" file contains following information 

package kickstart

class KickstartFilters {

    def filters = {
        all() {
            before = {
                // Small "logging" filter for controller & actions
                log.info(!params.controller ? '/: ' + params : params.controller +"."+(params.action ?: "index")+": "+params)
            }
            after = {
            }
            afterView = {
            }
        }
    }
}

while log.info are printed in logs at that time if password is passed as params then password information are visible on log so how can I prevent only password Information?

1 answers

solution1
 0  2014-12-04 15:12:09

I have a work around for this...

https://github.com/joergrech/KickstartWithBootstrap/issues/84

Basically create your filter under conf/kickstart/YourAppFilters.groovy

package kickstart 

class YourAppFilters  extends KickstartFilters { 
    def filters = {


        kickstartLogger() { 
            before = {
                // Small "logging" filter for controller & actions
                if (log.infoEnabled) {
                    if (!params.controller.equals('chat')) {
                        if (!params.password ) { 
                            log.info(!params.controller ? '/: ' + params : params.controller +"."+(params.action ?: "index")+": "+params)
                        }else{
                            log.info (params.controller+","+params.action+":"+params?.username)
                        }
                    }       
                }
            }
        }
    }
}

Now under conf/spring/resources.groovy under beans add: 

yourAppFilters(KickstartFilters)

This should now override kickstarts filter

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Grails project with both BIRT and Kickstart plugin Grails Acegi plugin lost password Grails Melody plugin no longer logs SQL calls as of grails 2.0 twitter bootstrap + grails kickstart breaks jquery Grails Spring Security Plugin Password issue Encoding a password with the Spring Security Grails plugin how to bootstrap a grails plugin Grails and ACEGI security plugin - How to prevent login from security event listener? How to provide dynamic credentials (username and password) to web service using Grails-cxf plugin how to get forgot password with grails application using spring security core plugin?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM