cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sergey Beryozkin <>
Subject Re: Masking Payload Data in Logs for RESTful Services
Date Mon, 31 Oct 2011 22:21:50 GMT

On 26/10/11 21:31, Steve Karlovic wrote:
> Hi,
> I am currently logging inbound and outbound messages (with the
> LoggingInInterceptor and LoggingOutInterceptor) using CXF 2.2.12 (JAX-RS
> only) and I would like to mask sensitive data before it's written to a
> file. Upgrading is not an option at the moment. We are supporting multiple
> media types and it's possible there could be multiple data elements I would
> need to mask. Does anyone have any best practices or successful approaches
> they are willing to share in order to achieve this?

In addition to what Dan suggested, what may help there is setting a 
property on the outbound message from say ResponseHandler filter where 
you can check the current Response and if this particular Response 
entity should not be logged then do

message.set("log.entity", "false");

and then override LoggingOutInterceptor and block the logging.
Perhaps we can actually update LoggingOut/InInterceptor itself to ignore 
the payloads if a property like that is set to false...

Cheers, Sergey

> Thanks in advance,
> Steve

View raw message