SpringBoot Unable to mask sensitive information in Spring boot tomcat embedded access.log

Problem Unable to mask sensitive information in Request query params in Spring boot tomcat embedded access.log

Details I created Spring boot application with default tomcat server. Reference: https://spring.io/blog/2014/03/07/deploying-spring-boot-applications Now, when I enable tomcat access logs using application.properties as follows:

server.tomcat.accesslog.enabled=true
server.tomcat.accesslog.pattern='%h %l %u %t "%r" %s %b %D %F'
server.tomcat.accesslog.prefix=access
server.tomcat.accesslog.directory=/test/logs
server.tomcat.accesslog.suffix=.log

I can see the whole request with all query params passed, like this:

0:0:0:0:0:0:0:1 - - [21/Aug/2023:14:01:53 +0530] "GET /hello/World?queryTest=dinesh@gmail.com HTTP/1.1" 200 13 20 19

I tried different ways to mask the query params, that is email in above case, in access.log file, but nothing worked.

Version used spring-boot-starter-parent: 2.6.6

Comment From: bclozel

Have you considered other logging pattern options provided by Tomcat such as "%U"?

See https://tomcat.apache.org/tomcat-10.0-doc/api/org/apache/catalina/valves/AbstractAccessLogValve.html

Comment From: spring-projects-issues

If you would like us to look at this issue, please provide the requested information. If the information is not provided within the next 7 days this issue will be closed.

Comment From: spring-projects-issues

Closing due to lack of requested feedback. If you would like us to look at this issue, please provide the requested information and we will re-open the issue.