Affects: 5.1.4-RELEASE
In HttpWebHandlerAdapter, if there is an exception that is not handled, it will log the entire request url. https://github.com/spring-projects/spring-framework/blob/master/spring-web/src/main/java/org/springframework/web/server/adapter/HttpWebHandlerAdapter.java#L246
This is a problem for us because we have the user query as part of the URL and cannot log it due to security concerns. We want to be 100% sure that we will never log the user query, no matter what.
In order to do this, we had to copy these into our project :
- /src/main/java/org/springframework/web/server/adapter/WebHttpHandlerBuilder.java
- /src/main/java/org/springframework/web/server/adapter/HttpWebHandlerAdapter.java
- /src/main/java/org/springframework/web/server/adapter/DefaultServerWebExchange.java
And override HttpHandler bean to use the local version of the class
Suggestion here is to either : 1. Provide a way to override the formatRequest method. 2. Be able to pass a URL transformer object that we can use to control what gets logged.
Any other suggestions are also welcome.
Comment From: rstoyanchev
if there is an exception that is not handled, it will log the entire request url
This probably doesn't matter either way but the request is logged before handling. I'm not sure what this has to do with exceptions. Just double checking I'm not missing something..
That said, we can make formatRequest protected.