CODEWITHSUNDEEP
spring-bootlog4j
Shrikanth Hathwar
Shrikanth Hathwar

Reputation: 1160

Masking Password, Credit card information in log file

I need several field in the logfile to be masked. Like the creditcard info or password. Do we have any direct way to do it ? Or any code piece we have to write in for log fields to mask those Credit card info so that those will be appreaed mask in log file. Example: CreditcardNo:411111111111 should apprear in log file as *********1111 password Password123 should apprear in log as ***********

I am using log4j to write the information to the log.

Upvotes: 3

Views: 16823

Answers (2)

Marcin Stepien
Marcin Stepien

Reputation: 131

You can mask sensitive data logged by Spring Boot by switching from log4j to Logback and configuring logging pattern.

  1. Use Logback. It's a default logging option of Spring Boot

  2. Define logging.pattern.file in your application.properties with a use of a Conversion word to replace each password occurrence with a mask:

  • e.g.logging.pattern.file=%d %replace(%m){"password='.*'", "password='xxx'"}
  • for the default Spring Boot logback file pattern] it would be: logging.pattern.file=%d{yyyy-MM-dd HH:mm:ss.SSS} ${LOG_LEVEL_PATTERN:-%5p} ${PID:- } --- [%t] %-40.40logger{39} : %replace(%m){"password='.*'", "password='xxx'"}%n${LOG_EXCEPTION_CONVERSION_WORD:%wEx}

Upvotes: 5

Daniel Diehl
Daniel Diehl

Reputation: 752

For SOAP WebServices using spring-ws I used the lib: 

<groupId>com.github.spartatech</groupId>
<artifactId>spring-ws-utils</artifactId>

To use this you should configure an interceptor that will mask the fields. Thje masking is done using XSLT. The way it works is (This example is using spring XML coinfiguration, but you can configure using Java-Based configuration as well):

Configure a spring-ws interceptor:

<beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xmlns:sws="http://www.springframework.org/schema/web-services" 
       xsi:schemaLocation="
                http://www.springframework.org/schema/web-services  http://www.springframework.org/schema/web-services/web-services-2.0.xsd  
    >
...

<sws:interceptors>
    <bean class="org.sparta.springwsutils.PayloadTransformedLoggingInterceptor">
        <property name="xslt" value="classpath:xslt/maskInput.xslt"/>
    </bean>
</sws:interceptors>

Then create the file: src/main/resources/xslt/maskInput.xslt This file will contain all XML transformations to mask your fields:

Example:

<xsl:stylesheet
     xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
xmlns:typ="http://your/schema_name"
version="1.0">


<!-- copy all document -->
<xsl:template match="@*|node()">
    <xsl:copy>
        <xsl:apply-templates/>
    </xsl:copy>
</xsl:template>

<!-- mask cerditCard -->
<xsl:template match="typ:creditCard">
    <xsl:copy>
        <!-- Mask beginning of the Field -->
        <xsl:value-of select="substring('*****************************************', 1, string-length(.)-4)"/>
        <xsl:value-of select="substring(.,string-length(.)-3,string-length(.)+1)" />
    </xsl:copy>
</xsl:template>

Then in your log configuration file make sure you disable MessageTracing log and enable PayloadTransformedLoggingInterceptor logging. Example for logback:

    <logger name="org.springframework.ws.client.MessageTracing" level="ERROR"/>
    <logger name="org.sparta.springwsutils.PayloadTransformedLoggingInterceptor" level="INFO" />

Upvotes: 0

Related Questions