CODEWITHSUNDEEP
javasoapspring-bootlogback
Jericho
Jericho

Reputation: 10953

Disable printing credentials in SOAP services log traces

SOAP services are consumed from SpringBoot application and application is logging the details in *.log files.SOAP requests are having username and password of the request in xml, how to disable credentials to be disabled from getting printed in log files. Application is using logback-spring.xml for logging config.I want the SOAP request xml in log but don't want username and password.

SOAP Request with Username and Password in *.log

<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
   <soap:Header>
      <wsse:Security soap:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" 
      xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
         <wsse:UsernameToken wsu:Id="UsernameToken-sometokenvalue">
            <wsse:Username>Username</wsse:Username>
            <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">Password</wsse:Password>
         </wsse:UsernameToken>
      </wsse:Security>
   </soap:Header>
   <soap:Body>
      <ns2:GetRequest xmlns="http://serviceapi.userwebsite.com/common/v1/serviceHeader" xmlns:ns2="http://serviceapi.userwebsite.com/service/v1" >
         <RequestHeader>
            <ServiceVersion>0.0.0</ServiceVersion>
            <UserID>userID</UserID>
         </RequestHeader>
         <ns2:UserInfo StartAt="">
            <ns2:ID>P/O</ns2:ID>
         </ns2:UserInfo>
      </ns2:GetRequest>
   </soap:Body>
</soap:Envelope>

logback-spring.xml

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
    <include resource="org/springframework/boot/logging/logback/base.xml" />

    <springProperty name="logsPath" source="app.logs.path" />

    <springProfile name="test,dev">

        <appender name="dailyRollingFileAppender"
            class="ch.qos.logback.core.rolling.RollingFileAppender">
            <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
                <FileNamePattern>${logsPath}UserApp%d{MMddyyyy}.log
                </FileNamePattern>
                <maxHistory>30</maxHistory>
            </rollingPolicy>

            <encoder>
                <Pattern>%d{yyyy-MM-dd HH:mm:ss.SSS} [%thread] %-5level %logger{35}-%msg %n</Pattern>
            </encoder>
        </appender>
        <root level="INFO">
            <appender-ref ref="dailyRollingFileAppender" />
        </root>
    </springProfile>

Gradle dependencies:

apply plugin: "no.nils.wsdl2java"

wsdl2javaExt {
    cxfVersion = "3.1.7"
}
    dependencies {
        compile("org.springframework.boot:spring-boot-starter-web")
        compile("org.springframework.boot:spring-boot-starter-batch")
        compile("org.springframework.boot:spring-boot-starter-mail")
        compile group: 'org.apache.commons', name: 'commons-lang3', version: '3.5'
        compile group: 'org.apache.cxf', name: 'cxf-spring-boot-starter-jaxws', version: '3.1.10'
        compile group: 'org.apache.cxf', name: 'cxf-rt-ws-security', version: '3.1.10'
        testCompile('org.springframework.boot:spring-boot-starter-test')
    }

Upvotes: 1

Views: 1453

Answers (1)

Mike Adamenko
Mike Adamenko

Reputation: 3002

You can implement your custom SOAPHandler to get access to SoapMessage and transform your output log message as you want.

@Override
public boolean handleMessage(SOAPMessageContext arg0) {
    SOAPMessage message = arg0.getMessage();
    boolean isOutboundMessage = (Boolean) arg0.get(MessageContext.MESSAGE_OUTBOUND_PROPERTY);
    if (isOutboundMessage) {
        System.out.println("OUTBOUND MESSAGE");
    } else {
        System.out.println("INBOUND MESSAGE");
    }
    try {
        Source source = message.getSOAPPart().getContent();

        Transformer transformer = TransformerFactory.newInstance().newTransformer();

        transformer.setOutputProperty(OutputKeys.INDENT, "yes");
        transformer.setOutputProperty("{http://xml.apache.org/xslt}indent-amount", "2");

        transformer.transform(source, new StreamResult(System.out));
    } catch (Exception e) {
        e.printStackTrace();
    }
    return true;
}

See here

Upvotes: 2

Related Questions