2

I'm using Logging feature to log in/out message to my cxf rest server on Spring boot. Similarly using the same to log outward Rest API connections initiated by cxf WebClient.

I came across few parameters which I do not want to be logged in to the log file. either completely removing them or masking them is sufficient for my case.

I found on the internet that previous (now depreciated) LoginIntercepter had transform operation to modify the log entry. I was not able to find a solution to mask/truncate the log entries wirg LoggingFeature.

any help would be appreciated

Current configuration of the server's logging feature is like below.

factory.setProviders(providers);
LoggingFeature loggingFeature = new LoggingFeature();
loggingFeature.setPrettyLogging(true);
loggingFeature.setLogBinary(false);
loggingFeature.setLogMultipart(false);
factory.getFeatures().add(loggingFeature);
Server server = factory.create();

web client configuration is as below

 LoggingFeature loggingFeature = new LoggingFeature();
loggingFeature.setPrettyLogging(true);
WebClient client = WebClient.create(url, Collections.singletonList(new JacksonJsonProvider()),
    Arrays.asList(loggingFeature), null);
Amila Banuka Amarasinghe
  • 426
  • 5
  • 20
  • Here is an example I had written long back, though it for xml, you can take a cue out of it https://stackoverflow.com/questions/23212313/cxf-logging-request-response-with-content-filtering-or-masking-soap-fields/23214151#23214151 – Karthik Prasad Dec 14 '18 at 10:43
  • See here for the solution to a similar question: https://stackoverflow.com/a/57378998/4151472 – RichArt Aug 06 '19 at 16:22

1 Answers1

2

To change the log message, you can ...

Write a custom LogSender and set it on the LoggingFeature to do custom logging. All meta data can be access[ed] from the class LogEvent.

(Source: http://cxf.apache.org/docs/message-logging.html)

With a sender like:

// ...
import org.apache.cxf.ext.logging.event.LogEvent;

class MyLogEventSender implements org.apache.cxf.ext.logging.event.LogEventSender {

    @Override
    public void send(LogEvent event) {
       event.setPayload(maskSensibleParameters(event.getPayload()));
    }

    private String maskSensibleParameters(String pIn) {
       // here goes the tricky part 
       // ... but no details on this in your question 
       // ... here you can stick to "old" LogInterceptor examples
       // ... and also to PrettyLoggingFilter.
    }
}

A code example is given by (the default) PrettyLoggingFilter.

To mask (hide) it (completely) is easier and guaranteed more performant, it depends on the used "logging framework" (java.util, log4j or slf4j) and accomplished with an according "logger configuration". (see here)

xerx593
  • 12,237
  • 5
  • 33
  • 64