Exclude authorization header from trace by default
Closes gh-7974
This commit is contained in:
Madhura Bhave
parent
a5a382b8b1
commit
e73c6bb2e2
|
|
@ -29,6 +29,7 @@ import org.springframework.boot.context.properties.ConfigurationProperties;
|
||||||
* @author Wallace Wadge
|
* @author Wallace Wadge
|
||||||
* @author Phillip Webb
|
* @author Phillip Webb
|
||||||
* @author Venil Noronha
|
* @author Venil Noronha
|
||||||
|
* @author Madhura Bhave
|
||||||
* @since 1.3.0
|
* @since 1.3.0
|
||||||
*/
|
*/
|
||||||
@ConfigurationProperties(prefix = "management.trace")
|
@ConfigurationProperties(prefix = "management.trace")
|
||||||
|
|
@ -79,6 +80,11 @@ public class TraceProperties {
|
||||||
*/
|
*/
|
||||||
COOKIES,
|
COOKIES,
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Include authorization header (if any).
|
||||||
|
*/
|
||||||
|
AUTHORIZATION_HEADER,
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Include errors (if any).
|
* Include errors (if any).
|
||||||
*/
|
*/
|
||||||
|
|
|
||||||
|
|
@ -20,9 +20,11 @@ import java.io.IOException;
|
||||||
import java.security.Principal;
|
import java.security.Principal;
|
||||||
import java.util.Collections;
|
import java.util.Collections;
|
||||||
import java.util.Enumeration;
|
import java.util.Enumeration;
|
||||||
|
import java.util.HashSet;
|
||||||
import java.util.LinkedHashMap;
|
import java.util.LinkedHashMap;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
import java.util.Map;
|
import java.util.Map;
|
||||||
|
import java.util.Set;
|
||||||
|
|
||||||
import javax.servlet.Filter;
|
import javax.servlet.Filter;
|
||||||
import javax.servlet.FilterChain;
|
import javax.servlet.FilterChain;
|
||||||
|
|
@ -49,6 +51,7 @@ import org.springframework.web.filter.OncePerRequestFilter;
|
||||||
* @author Wallace Wadge
|
* @author Wallace Wadge
|
||||||
* @author Andy Wilkinson
|
* @author Andy Wilkinson
|
||||||
* @author Venil Noronha
|
* @author Venil Noronha
|
||||||
|
* @author Madhura Bhave
|
||||||
*/
|
*/
|
||||||
public class WebRequestTraceFilter extends OncePerRequestFilter implements Ordered {
|
public class WebRequestTraceFilter extends OncePerRequestFilter implements Ordered {
|
||||||
|
|
||||||
|
|
@ -151,8 +154,18 @@ public class WebRequestTraceFilter extends OncePerRequestFilter implements Order
|
||||||
private Map<String, Object> getRequestHeaders(HttpServletRequest request) {
|
private Map<String, Object> getRequestHeaders(HttpServletRequest request) {
|
||||||
Map<String, Object> headers = new LinkedHashMap<String, Object>();
|
Map<String, Object> headers = new LinkedHashMap<String, Object>();
|
||||||
Enumeration<String> names = request.getHeaderNames();
|
Enumeration<String> names = request.getHeaderNames();
|
||||||
|
Set<String> excludedHeaders = new HashSet<String>();
|
||||||
|
if (!isIncluded(Include.COOKIES)) {
|
||||||
|
excludedHeaders.add("cookie");
|
||||||
|
}
|
||||||
|
if (!isIncluded(Include.AUTHORIZATION_HEADER)) {
|
||||||
|
excludedHeaders.add("authorization");
|
||||||
|
}
|
||||||
while (names.hasMoreElements()) {
|
while (names.hasMoreElements()) {
|
||||||
String name = names.nextElement();
|
String name = names.nextElement();
|
||||||
|
if (excludedHeaders.contains(name.toLowerCase())) {
|
||||||
|
continue;
|
||||||
|
}
|
||||||
List<String> values = Collections.list(request.getHeaders(name));
|
List<String> values = Collections.list(request.getHeaders(name));
|
||||||
Object value = values;
|
Object value = values;
|
||||||
if (values.size() == 1) {
|
if (values.size() == 1) {
|
||||||
|
|
@ -163,9 +176,6 @@ public class WebRequestTraceFilter extends OncePerRequestFilter implements Order
|
||||||
}
|
}
|
||||||
headers.put(name, value);
|
headers.put(name, value);
|
||||||
}
|
}
|
||||||
if (!isIncluded(Include.COOKIES)) {
|
|
||||||
headers.remove("Cookie");
|
|
||||||
}
|
|
||||||
postProcessRequestHeaders(headers);
|
postProcessRequestHeaders(headers);
|
||||||
return headers;
|
return headers;
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -51,6 +51,7 @@ import static org.mockito.Mockito.verify;
|
||||||
* @author Andy Wilkinson
|
* @author Andy Wilkinson
|
||||||
* @author Venil Noronha
|
* @author Venil Noronha
|
||||||
* @author Stephane Nicoll
|
* @author Stephane Nicoll
|
||||||
|
* @author Madhura Bhave
|
||||||
*/
|
*/
|
||||||
public class WebRequestTraceFilterTests {
|
public class WebRequestTraceFilterTests {
|
||||||
|
|
||||||
|
|
@ -168,6 +169,43 @@ public class WebRequestTraceFilterTests {
|
||||||
assertThat(map.get("request").toString()).isEqualTo("{Accept=application/json}");
|
assertThat(map.get("request").toString()).isEqualTo("{Accept=application/json}");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
@SuppressWarnings({ "unchecked" })
|
||||||
|
public void filterDoesNotAddAuthorizationHeaderWithoutAuthorizationHeaderInclude()
|
||||||
|
throws ServletException, IOException {
|
||||||
|
MockHttpServletRequest request = new MockHttpServletRequest("GET", "/foo");
|
||||||
|
request.addHeader("Authorization", "my-auth-header");
|
||||||
|
MockHttpServletResponse response = new MockHttpServletResponse();
|
||||||
|
this.filter.doFilterInternal(request, response, new FilterChain() {
|
||||||
|
@Override
|
||||||
|
public void doFilter(ServletRequest request, ServletResponse response)
|
||||||
|
throws IOException, ServletException {
|
||||||
|
}
|
||||||
|
});
|
||||||
|
Map<String, Object> info = this.repository.findAll().iterator().next().getInfo();
|
||||||
|
Map<String, Object> headers = (Map<String, Object>) info.get("headers");
|
||||||
|
assertThat(((Map) headers.get("request"))).hasSize(0);
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
@SuppressWarnings({ "unchecked" })
|
||||||
|
public void filterAddsAuthorizationHeaderWhenAuthorizationHeaderIncluded()
|
||||||
|
throws ServletException, IOException {
|
||||||
|
this.properties.setInclude(EnumSet.of(Include.REQUEST_HEADERS, Include.AUTHORIZATION_HEADER));
|
||||||
|
MockHttpServletRequest request = new MockHttpServletRequest("GET", "/foo");
|
||||||
|
request.addHeader("Authorization", "my-auth-header");
|
||||||
|
MockHttpServletResponse response = new MockHttpServletResponse();
|
||||||
|
this.filter.doFilterInternal(request, response, new FilterChain() {
|
||||||
|
@Override
|
||||||
|
public void doFilter(ServletRequest request, ServletResponse response)
|
||||||
|
throws IOException, ServletException {
|
||||||
|
}
|
||||||
|
});
|
||||||
|
Map<String, Object> info = this.repository.findAll().iterator().next().getInfo();
|
||||||
|
Map<String, Object> headers = (Map<String, Object>) info.get("headers");
|
||||||
|
assertThat(((Map) headers.get("request"))).containsKey("Authorization");
|
||||||
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
@SuppressWarnings({ "unchecked" })
|
@SuppressWarnings({ "unchecked" })
|
||||||
public void filterDoesNotAddResponseCookiesWithCookiesExclude()
|
public void filterDoesNotAddResponseCookiesWithCookiesExclude()
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue