Uploaded image for project: 'CXF'
  1. CXF
  2. CXF-8451

Logging Feature: MTOM endpoint logs binary data on REQ_IN

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Information Provided
    • Affects Version/s: 3.4.3
    • Fix Version/s: None
    • Component/s: JAX-WS Runtime
    • Labels:
      None
    • Estimated Complexity:
      Unknown

      Description

      MTOM request properties that are binary are being logged, even 

       

      Given this partial definition of the request object, there is an array of ContentElement:

      @Generated(value = "com.sun.tools.xjc.Driver", date = "2020-10-16T08:48:05-04:00", comments = "JAXB RI v2.3.3")
      public class ContentElement implements Serializable, ToString2
      {
      
         @Generated(value = "com.sun.tools.xjc.Driver", date = "2020-10-16T08:48:05-04:00", comments = "JAXB RI v2.3.3")
         private final static long serialVersionUID = 2L;
         @XmlElement(name = "FileName", required = true)
         @Generated(value = "com.sun.tools.xjc.Driver", date = "2020-10-16T08:48:05-04:00", comments = "JAXB RI v2.3.3")
         protected String fileName;
         @XmlElement(name = "MimeType", required = true)
         @Generated(value = "com.sun.tools.xjc.Driver", date = "2020-10-16T08:48:05-04:00", comments = "JAXB RI v2.3.3")
         protected String mimeType;
         @XmlElement(name = "Buffer", required = true)
         @XmlMimeType("application/octet-stream")
         @Generated(value = "com.sun.tools.xjc.Driver", date = "2020-10-16T08:48:05-04:00", comments = "JAXB RI v2.3.3")
         protected DataHandler buffer;
       
      ....removed
       
      }
      

       

      excerpt from the log:

      2021-04-07 19:17:28.519  INFO [fnws3,fdbf44eb40e4b9ea,fdbf44eb40e4b9ea] 18788 --- [nio-8443-exec-6] o.a.cxf.services.PLFileNetWSSoap.REQ_IN  : REQ_IN
          Address: https://localhost:8443/fnws/DocumentServices/v3
          HttpMethod: POST
          Content-Type: application/soap+xml;charset=UTF-8;action="PLFileNetWS/CreateBinary"
          ExchangeId: 0f524d01-ce9c-43a9-b204-9cd2e2a96b60
          ServiceName: PLFileNetWS
          PortName: PLFileNetWSSoap12
          PortTypeName: PLFileNetWSSoap
          Headers: {host=localhost:8443, connection=Keep-Alive, content-type=application/soap+xml;charset=UTF-8;action="PLFileNetWS/CreateBinary", Content-Length=723848, accept-encoding=gzip,deflate, user-agent=Apache-HttpClient/4.5.5 (Java/12.0.1)}
          Payload: <soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope" xmlns:plf="PLFileNetWS">
          
        <soap:Header/>
          
        <soap:Body>
              
          <plf:CreateBinary>
                  
            <plf:Request>
                      
              <plf:UserName>s_p8dccommit_d</plf:UserName>
                      
              <plf:UserPwd>XXX</plf:UserPwd>
                      
              <plf:DocClass>New_Business</plf:DocClass>
                      
              <plf:IndexValuesXML><![CDATA[
                      <indexes>
                          <index name="Doc_Type">CORRS</index>
                          <index name="Function">NEWBS</index>
                          <index name="DOB">05-04-1964</index>
                          <index name="Insured">Doe, John B</index>
                          <index name="Policy_Number">12345678</index>
                          <index name="Face_Amount">12000000.00</index>
                          <index name="RecdDateTime">03-15-2021 11:30</index>
                          <index name="Status">XX</index>
                          <index name="Area">YY</index>
                      </indexes>
                  ]]></plf:IndexValuesXML>
                      
              <plf:ContentElements>
                          
                <plf:ContentElement>
                              
                  <plf:FileName>443643841-1.tiff</plf:FileName>
                              
                  <plf:MimeType>image/tiff</plf:MimeType>
                              
                  <plf:Buffer>SUkqAAgAAAAPAP4ABAABAAAAAAAAAAABBAABAAAAkAYAAAEBBAABAAAAfAgAAAIBAwABA   NOTE: this goes on until the max-size is reached
      
       
      

       

      Logging Bean Def:

      @Bean
      public LoggingFeature loggingFeature() {
      
          LoggingFeature feature = new LoggingFeature();
          feature.addBinaryContentMediaTypes(Const.TIFF_MIMETYPE);
          feature.setLogBinary(false);
          feature.setPrettyLogging(true);    
          feature.addSensitiveElementNames(new HashSet<>(this.properties.getSoapSensitiveElements()));
          feature.addSensitiveElementNames(new HashSet<>(this.properties.getSoapSensitiveHeaders()));
          return feature;
      }
      

        Attachments

          Activity

            People

            • Assignee:
              ffang Freeman Yue Fang
              Reporter:
              stephenpatten Stephen Patten
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: