Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Provide control over formatting of request in HttpWebHandlerAdapter #24352

Closed
pratikmd opened this issue Jan 14, 2020 · 1 comment
Closed

Provide control over formatting of request in HttpWebHandlerAdapter #24352

pratikmd opened this issue Jan 14, 2020 · 1 comment
Assignees
@rstoyanchev
Labels
in: web Issues in web modules (web, webmvc, webflux, websocket) type: enhancement A general enhancement
Milestone
5.2.4

Comments

@pratikmd
Copy link

Affects: 5.1.4-RELEASE

In HttpWebHandlerAdapter, if there is an exception that is not handled, it will log the entire request url.
https://github.com/spring-projects/spring-framework/blob/master/spring-web/src/main/java/org/springframework/web/server/adapter/HttpWebHandlerAdapter.java#L246

This is a problem for us because we have the user query as part of the URL and cannot log it due to security concerns. We want to be 100% sure that we will never log the user query, no matter what.

In order to do this, we had to copy these into our project :

  • /src/main/java/org/springframework/web/server/adapter/WebHttpHandlerBuilder.java
  • /src/main/java/org/springframework/web/server/adapter/HttpWebHandlerAdapter.java
  • /src/main/java/org/springframework/web/server/adapter/DefaultServerWebExchange.java

And override HttpHandler bean to use the local version of the class

Suggestion here is to either :

  1. Provide a way to override the formatRequest method.
  2. Be able to pass a URL transformer object that we can use to control what gets logged.

Any other suggestions are also welcome.
@spring-projects-issues spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged or decided on label Jan 14, 2020
@sbrannen sbrannen added in: web Issues in web modules (web, webmvc, webflux, websocket) type: enhancement A general enhancement for: team-attention labels Jan 14, 2020
@sbrannen sbrannen added this to the 5.2.4 milestone Jan 14, 2020
@sbrannen sbrannen added status: pending-design-work Needs design work before any code can be developed and removed status: waiting-for-triage An issue we've not yet triaged or decided on labels Jan 14, 2020
@rstoyanchev rstoyanchev self-assigned this Jan 15, 2020
@rstoyanchev
Copy link
Contributor

if there is an exception that is not handled, it will log the entire request url

This probably doesn't matter either way but the request is logged before handling. I'm not sure what this has to do with exceptions. Just double checking I'm not missing something..

That said, we can make formatRequest protected.

@rstoyanchev rstoyanchev changed the title Spring web client logs request URL, if exception is not handled Provide control over formatting of request in HttpWebHandlerAdapter Jan 15, 2020
@rstoyanchev rstoyanchev removed the status: pending-design-work Needs design work before any code can be developed label Jan 15, 2020
@dependabot dependabot bot mentioned this issue Mar 15, 2021
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@rstoyanchev rstoyanchev

Labels
in: web Issues in web modules (web, webmvc, webflux, websocket) type: enhancement A general enhancement
Projects
None yet
Milestone
5.2.4
Development

No branches or pull requests
4 participants
@sbrannen @rstoyanchev @pratikmd @spring-projects-issues