Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

HttpExchangeTracer#postProcessRequestHeaders is never called #13924

Closed
Sarvesh-D opened this issue Jul 27, 2018 · 6 comments
Closed

HttpExchangeTracer#postProcessRequestHeaders is never called #13924

Sarvesh-D opened this issue Jul 27, 2018 · 6 comments
Assignees
@snicoll
Labels
type: bug A general bug
Milestone
2.0.5

Comments

@Sarvesh-D
Copy link

Hi, my use case is to remove/sanitize a specific custom header from the response of /httptrace endpoint. I did some digging in the code and tried to provide my own implementaion of HttpExchangeTracer which has postProcessRequestHeaders() method. I overrode this method to sanitize my custom header. But it didn't work. On doing some more digging, i noticed that postProcessRequestHeaders() method is not being called from anywhere. I am on Spring Boot 2.0.3.
I checked the code of Spring Boot 1.5.7, and found that there is class called WebRequestTraceFilter which has method postProcessRequestHeaders(). In boot 1.5.7 this method is being called from a private method org.springframework.boot.actuate.trace.WebRequestTraceFilter.getRequestHeaders(HttpServletRequest).
Is there a simple way of achieveing what i am trying to achieve.
Few things i tried in spring boot 2.0.3:

  • tried overriding org.springframework.boot.actuate.web.trace.servlet.TraceableHttpServletRequest.getHeaders() but the class itself is final and package-private.
  • triedd overriding org.springframework.boot.actuate.trace.http.HttpExchangeTracer.FilteredTraceableRequest.getHeaders() but again same issue.
@spring-projects-issues spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged label Jul 27, 2018
@snicoll
Copy link
Member

snicoll commented Jul 27, 2018

my use case is to remove/sanitize a specific custom header from the response of /httptrace endpoint.

As far as I can see only a defined set of headers are included (your custom header won't). This looks like something we did on purpose (can't trace back why at the moment) so that protected method is probably an oversight and should have been removed. Does that custom header shows at the moment? What is the name of the header?

@snicoll snicoll added the status: waiting-for-feedback We need additional information before we can continue label Jul 27, 2018
@Sarvesh-D
Copy link
Author

Thanks for quick response. The custom header is visible in the traces. The name is management-access-token, we are using this header to secure access to management/actuator endpoints.

@spring-projects-issues spring-projects-issues added status: feedback-provided Feedback has been provided and removed status: waiting-for-feedback We need additional information before we can continue labels Jul 27, 2018
@philwebb philwebb added type: bug A general bug and removed status: feedback-provided Feedback has been provided status: waiting-for-triage An issue we've not yet triaged labels Jul 30, 2018
@philwebb philwebb added this to the 2.0.x milestone Jul 30, 2018
@philwebb
Copy link
Member

I think it's a bug that we don't offer some way to do this, even if it's not via postProcessRequestHeaders.

@snicoll
Copy link
Member

snicoll commented Jul 30, 2018

Yes, I've some polish locally already and forgot to report here.

@snicoll snicoll self-assigned this Jul 30, 2018
@Sarvesh-D
Copy link
Author

@snicoll just a suggestion.. can you make this possible by adding a configuration property to HttpTraceProperties, say management.trace.http.request.headers.sanitize or management.trace.http.request.headers.exclude. IMHO this would be more intuitive to clients instead of overriding the postProcessRequestHeaders method.

@snicoll
Copy link
Member

snicoll commented Jul 30, 2018

Sorry but that's not the plan in this very issue. We're going to restore the 1.5.x behaviour but feel free to open a separate issue for that suggestion.

@snicoll snicoll closed this as completed in f731f6a Aug 6, 2018
@snicoll snicoll changed the title Removing specific header from actuator's /httptrace endpoint HttpExchangeTracer#postProcessRequestHeaders is never called Aug 6, 2018
@snicoll snicoll modified the milestones: 2.0.x, 2.0.5 Aug 6, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@snicoll snicoll

Labels
type: bug A general bug
Projects
None yet
Milestone
2.0.5
Development

No branches or pull requests
4 participants
@snicoll @philwebb @spring-projects-issues @Sarvesh-D