shindig-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ssiev...@apache.org
Subject svn commit: r1355472 - in /shindig/trunk/java/gadgets/src: main/java/org/apache/shindig/gadgets/oauth2/logger/FilteredLogger.java test/java/org/apache/shindig/gadgets/oauth2/logger/FilteredLoggerTest.java
Date Fri, 29 Jun 2012 17:04:40 GMT
Author: ssievers
Date: Fri Jun 29 17:04:38 2012
New Revision: 1355472

URL: http://svn.apache.org/viewvc?rev=1355472&view=rev
Log:
SHINDIG-1813 | Add more OAuth2 log filters | Patch from Adam Clarke.  Thanks!

Modified:
    shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth2/logger/FilteredLogger.java
    shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth2/logger/FilteredLoggerTest.java

Modified: shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth2/logger/FilteredLogger.java
URL: http://svn.apache.org/viewvc/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth2/logger/FilteredLogger.java?rev=1355472&r1=1355471&r2=1355472&view=diff
==============================================================================
--- shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth2/logger/FilteredLogger.java
(original)
+++ shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth2/logger/FilteredLogger.java
Fri Jun 29 17:04:38 2012
@@ -1,84 +1,93 @@
 /*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with this
- * work for additional information regarding copyright ownership. The ASF
- * licenses this file to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
  *
- * http://www.apache.org/licenses/LICENSE-2.0
+ *   http://www.apache.org/licenses/LICENSE-2.0
  *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- * License for the specific language governing permissions and limitations under
- * the License.
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
  */
 package org.apache.shindig.gadgets.oauth2.logger;
 
+import org.apache.shindig.gadgets.oauth2.OAuth2Error;
+
 import java.util.ResourceBundle;
 import java.util.logging.Level;
 import java.util.logging.Logger;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
 
-import org.apache.shindig.gadgets.oauth2.OAuth2Error;
-
 /**
- * Wraps a {@link Logger} with functions to remove OAuth2 secrets so they don't
- * show up in trace logs.
+ * Wraps a {@link Logger} with functions to remove OAuth2 secrets so they don't show up in
trace
+ * logs.
  *
  */
 public class FilteredLogger {
   private static final Level DEFAULT_LOG_LEVEL = Level.FINEST;
 
-  private static final Pattern REMOVE_SECRETS1 = Pattern.compile("(?<=access_token=)[^=&
\t\r\n]*");
-  private static final Pattern REMOVE_SECRETS2 = Pattern.compile("(Authorization:)[^\t\r\n]*");
-
-  private static String filteredMsg(final String msg) {
-    return FilteredLogger.filterSecrets(msg);
-  }
+  private static final Pattern[] filters = new Pattern[] {
+          Pattern.compile("(?<=access_token=)[^=& \t\r\n]*"),
+          Pattern.compile("(?<=refresh_token=)[^=& \t\r\n]*"),
+          Pattern.compile("(?<=Authorization:)[^\t\r\n]*"),
+          Pattern.compile("(?<=client_id:)[^\t\r\n]*"),
+          Pattern.compile("(?<=client_id=)[^=& \t\r\n]*"),
+          Pattern.compile("(?<=client_secret=)[^=& \t\r\n]*"),
+          Pattern.compile("(?<=client_secret:)[^\t\r\n]*") };
 
   private static String filteredParam(final Object param) {
-    final String _param;
+    final String paramString;
     if (param != null) {
-      _param = FilteredLogger.filterSecrets(param.toString());
+      paramString = FilteredLogger.filterSecrets(param.toString());
     } else {
-      _param = "";
+      paramString = "";
     }
 
-    return _param;
+    return paramString;
   }
 
   private static String[] filteredParams(final Object[] params) {
-    final String[] _params;
+    final String[] paramStrings;
     if (params != null) {
-      _params = new String[params.length];
+      paramStrings = new String[params.length];
       int i = 0;
       for (final Object param : params) {
         if (param != null) {
-          _params[i] = FilteredLogger.filteredMsg(param.toString());
+          paramStrings[i] = FilteredLogger.filteredParam(param.toString());
         } else {
-          _params[i] = "";
+          paramStrings[i] = "";
         }
         i++;
       }
     } else {
-      _params = new String[] {};
+      paramStrings = new String[] {};
     }
 
-    return _params;
+    return paramStrings;
   }
 
-  public static String filterSecrets(String in) {
-    if ((in != null) && (in.length() > 0)) {
-      Matcher m = FilteredLogger.REMOVE_SECRETS1.matcher(in);
-      final String ret = m.replaceAll("REMOVED");
-      m = FilteredLogger.REMOVE_SECRETS2.matcher(ret);
-      return m.replaceAll("REMOVED");
+  public static String filterSecrets(final String in) {
+    String ret = in;
+    if (ret != null && ret.length() > 0) {
+      for (final Pattern pattern : FilteredLogger.filters) {
+        final Matcher m = pattern.matcher(ret);
+        ret = m.replaceAll("REMOVED");
+      }
+    }
+
+    if (ret == null) {
+      ret = "";
     }
 
-    return "";
+    return ret;
   }
 
   public static FilteredLogger getFilteredLogger(final String className) {
@@ -91,15 +100,15 @@ public class FilteredLogger {
     this.logger = java.util.logging.Logger.getLogger(className, OAuth2Error.MESSAGES);
   }
 
-  public void entering(String sourceClass, String sourceMethod) {
+  public void entering(final String sourceClass, final String sourceMethod) {
     this.logger.entering(sourceClass, sourceMethod);
   }
 
-  public void entering(String sourceClass, String sourceMethod, Object param) {
+  public void entering(final String sourceClass, final String sourceMethod, final Object
param) {
     this.logger.entering(sourceClass, sourceMethod, FilteredLogger.filteredParam(param));
   }
 
-  public void entering(String sourceClass, String sourceMethod, Object[] params) {
+  public void entering(final String sourceClass, final String sourceMethod, final Object[]
params) {
     this.logger.entering(sourceClass, sourceMethod, FilteredLogger.filteredParams(params));
   }
 
@@ -115,36 +124,37 @@ public class FilteredLogger {
     return this.logger.isLoggable(logLevel);
   }
 
-  public void log(Level logLevel, String msg, Object param) {
-    this.logger.log(logLevel, FilteredLogger.filteredMsg(msg), FilteredLogger.filteredParam(param));
+  public void log(final Level logLevel, final String msg, final Object param) {
+    this.logger.log(logLevel, FilteredLogger.filterSecrets(msg),
+            FilteredLogger.filteredParam(param));
   }
 
-  public void log(Level logLevel, String msg, Object[] params) {
-    this.logger.log(logLevel, FilteredLogger.filteredMsg(msg),
-        FilteredLogger.filteredParams(params));
+  public void log(final Level logLevel, final String msg, final Object[] params) {
+    this.logger.log(logLevel, FilteredLogger.filterSecrets(msg),
+            FilteredLogger.filteredParams(params));
   }
 
-  public void log(Level logLevel, String msg, Throwable thrown) {
+  public void log(final Level logLevel, final String msg, final Throwable thrown) {
     this.logger.log(logLevel, FilteredLogger.filterSecrets(msg), thrown);
   }
 
-  public void log(String msg, Object param) {
+  public void log(final String msg, final Object param) {
     this.log(FilteredLogger.DEFAULT_LOG_LEVEL, msg, param);
   }
 
-  public void log(String msg, Object[] params) {
+  public void log(final String msg, final Object[] params) {
     this.log(FilteredLogger.DEFAULT_LOG_LEVEL, msg, params);
   }
 
-  public void log(String msg, Throwable thrown) {
+  public void log(final String msg, final Throwable thrown) {
     this.logger.log(FilteredLogger.DEFAULT_LOG_LEVEL, msg, thrown);
   }
 
-  public void exiting(String sourceClass, String sourceMethod) {
+  public void exiting(final String sourceClass, final String sourceMethod) {
     this.logger.exiting(sourceClass, sourceMethod);
   }
 
-  public void exiting(String sourceClass, String sourceMethod, Object result) {
+  public void exiting(final String sourceClass, final String sourceMethod, final Object result)
{
     this.logger.exiting(sourceClass, sourceMethod, FilteredLogger.filteredParam(result));
   }
 }
\ No newline at end of file

Modified: shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth2/logger/FilteredLoggerTest.java
URL: http://svn.apache.org/viewvc/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth2/logger/FilteredLoggerTest.java?rev=1355472&r1=1355471&r2=1355472&view=diff
==============================================================================
--- shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth2/logger/FilteredLoggerTest.java
(original)
+++ shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth2/logger/FilteredLoggerTest.java
Fri Jun 29 17:04:38 2012
@@ -126,7 +126,7 @@ public class FilteredLoggerTest {
 
     final String result = FilteredLogger.filterSecrets(in);
 
-    Assert.assertEquals("REMOVED", result);
+    Assert.assertEquals("Authorization:REMOVED", result);
   }
 
   @Test



Mime
View raw message