[
https://issues.apache.org/jira/browse/CXF-7254?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17110710#comment-17110710
]
fml2 commented on CXF-7254:
---------------------------
Is it on purpose that the Sl4jEventSender logs the Authorization header (which
always contains data that should not be displayed – be it basic auth or the
token data)? Should the application take care that the data is not logged by
providing its own Sender? We did exactly that in our recent project because we
could not found a better solution.
> New LoggingFeature Sl4jEventSender does not log the request headers
> -------------------------------------------------------------------
>
> Key: CXF-7254
> URL: https://issues.apache.org/jira/browse/CXF-7254
> Project: CXF
> Issue Type: Bug
> Components: logging
> Reporter: Sergey Beryozkin
> Assignee: Christian Schneider
> Priority: Major
> Fix For: 3.1.11, 3.2.0
>
>
> No request/response properties are reported which, in case of the requests
> with the empty payloads, leads to no info reported at all, while for the
> requests with the payloads only the payload INFO is displayed
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
