Skip to content
Permalink
Browse files
Fixing a case in which a password (in hashed form) was being logged.
  • Loading branch information
mifosio-04-04-2018 committed Jun 6, 2017
1 parent 77fd22e commit 0eb8273505c1ebbe6836ac74ec1676413a42719a
Showing 1 changed file with 2 additions and 1 deletion.
@@ -64,8 +64,9 @@ public UrlPermissionChecker(final Logger logger, final ApplicationName applicati
.filter(x -> x.matches(filterInvocation, applicationName, authentication.getPrincipal()))
.findAny();

//Do not put full .getRequestUrl() into log info, because in the case of identity, it includes the password.
matchedPermission.ifPresent(x -> logger.debug("Authorizing access to {} based on permission: {}"
, filterInvocation.getRequestUrl(), x));
, filterInvocation.getRequest().getServletPath(), x));

return matchedPermission.map(x -> ACCESS_GRANTED).orElse(ACCESS_DENIED);
}

0 comments on commit 0eb8273

Please sign in to comment.