[jira] [Resolved] (CXF-8359) Masking sensitive elements does not work if the element has a property

Andrei Shakirin (Jira) Mon, 02 Nov 2020 16:23:49 -0800


     [ 
https://issues.apache.org/jira/browse/CXF-8359?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Andrei Shakirin resolved CXF-8359.
----------------------------------
    Resolution: Fixed

> Masking sensitive elements does not work if the element has a property
> ----------------------------------------------------------------------
>
>                 Key: CXF-8359
>                 URL: https://issues.apache.org/jira/browse/CXF-8359
>             Project: CXF
>          Issue Type: Improvement
>          Components: logging
>    Affects Versions: 3.4.0
>            Reporter: Finn Herpich
>            Assignee: Andrei Shakirin
>            Priority: Major
>             Fix For: 3.4.1
>
>
> Given the template which is used in the MaskSensitiveHelper class: 
> [https://github.com/apache/cxf/blob/dc2f6af9ad09888cafb350f95935e9ec6abf8aee/rt/features/logging/src/main/java/org/apache/cxf/ext/logging/MaskSensitiveHelper.java#L30]
> If, for example, we want to mask the wsse:Password element
> {code:java}
> logFeature.addSensitiveElementNames(new 
> HashSet<>(Collections.singletonList("wsse:Password")));{code}
> but it contains a property
> {code:java}
> <wsse:Password 
> Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText";>some
>  cleantext password</wsse:Password>{code}
> the regex would not pickup the element and thus not replace it and the 
> password would still appear in the logs.
>  



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Resolved] (CXF-8359) Masking sensitive elements does not work if the element has a property

Reply via email to