Hi Rao, Can you share the sample request? It would be helpful for me.
Thanks, Gandhi Reddy P. On Thu, Oct 17, 2019 at 9:57 PM Mr Rao <chava...@gmail.com> wrote: > Hi Gandhi, > > Thank you for your quick response. Actually its working when you pass in > the body instead of params. I tried using Postman to test it. > > Rao > > On Wednesday, October 16, 2019 at 9:50:42 PM UTC-7, Gandhi wrote: >> >> Hi Rao, >> >> Yes, I faced the same issue as the sensitive information is passed over >> request params. You can configure Tomcat to not log the request params as >> below: >> >> >> In tomcat server.xml, at the end of the file, find the below entry >> >> <valve className="org.apache.catalina.valves.AccessLogValve" >> directory="logs" >> >> prefix="localhost_access_log." suffix=".txt" >> >> pattern="%h %l %u %t "%r" %s %b" /> >> >> and update it to >> >> <valve className="org.apache.catalina.valves.AccessLogValve" >> directory="logs" >> >> prefix="localhost_access_log." suffix=".txt" >> pattern="%h %l %u %t "%m %U %H" %s %b" /> >> >> >> Hope this helps. >> >> Thanks, >> Gandhi Reddy P. >> >> On Thu, Oct 17, 2019 at 5:34 AM Mr Rao <chav...@gmail.com> wrote: >> >>> Hi, >>> >>> >>> >>> Currently we use CAS for SSO between web applications, now I'm trying to >>> use for restful webservices token based authentication using OAuth2/JWT >>> tokens. >>> >>> >>> >>> >>> When I was playing with it I noticed that for accessing token we need >>> to pass client_id, client_secret for Grant type client credential and >>> username/password for Grant type password as parameters. I think its very >>> unsecured because these show up in tomcat access logs. >>> >>> >>> >>> Is there any way to pass as part of body or http headers instead of >>> params without me override lot of cas code ? >>> >>> >>> >>> Thanks >>> >>> >>> >>> Rao >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> -- >>> - Website: https://apereo.github.io/cas >>> - Gitter Chatroom: https://gitter.im/apereo/cas >>> - List Guidelines: https://goo.gl/1VRrw7 >>> - Contributions: https://goo.gl/mh7qDG >>> --- >>> You received this message because you are subscribed to the Google >>> Groups "CAS Community" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to cas-...@apereo.org. >>> To view this discussion on the web visit >>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/48a85b67-1292-40c0-ac6c-c514af786687%40apereo.org >>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/48a85b67-1292-40c0-ac6c-c514af786687%40apereo.org?utm_medium=email&utm_source=footer> >>> . >>> >> >> *This mail contains confidential information intended only for the >> individual(s) named. If you’re not the named addressee, don’t disseminate, >> distribute or copy this e-mail. Please notify the sender immediately and >> delete it from your system.If you wish not to receive such e-mails you may >> reply with text “Unsubscribe”.* > > -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to cas-user+unsubscr...@apereo.org. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/479f0191-b3cf-4869-8275-41b2965e89cb%40apereo.org > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/479f0191-b3cf-4869-8275-41b2965e89cb%40apereo.org?utm_medium=email&utm_source=footer> > . > -- _This mail contains confidential information intended only for the individual(s) named. If you’re not the named addressee, don’t disseminate, distribute or copy this e-mail. Please notify the sender immediately and delete it from your system.If you wish not to receive such e-mails you may reply with text “Unsubscribe”._ -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAAXuvfOd4TgnR_ci%2BJqzXt1qFntTDtdVsNCt5SUxwCso9N4P%2BA%40mail.gmail.com.
