You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@shindig.apache.org by ss...@apache.org on 2012/06/29 19:04:40 UTC
svn commit: r1355472 - in /shindig/trunk/java/gadgets/src:
main/java/org/apache/shindig/gadgets/oauth2/logger/FilteredLogger.java
test/java/org/apache/shindig/gadgets/oauth2/logger/FilteredLoggerTest.java
Author: ssievers
Date: Fri Jun 29 17:04:38 2012
New Revision: 1355472
URL: http://svn.apache.org/viewvc?rev=1355472&view=rev
Log:
SHINDIG-1813 | Add more OAuth2 log filters | Patch from Adam Clarke. Thanks!
Modified:
shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth2/logger/FilteredLogger.java
shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth2/logger/FilteredLoggerTest.java
Modified: shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth2/logger/FilteredLogger.java
URL: http://svn.apache.org/viewvc/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth2/logger/FilteredLogger.java?rev=1355472&r1=1355471&r2=1355472&view=diff
==============================================================================
--- shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth2/logger/FilteredLogger.java (original)
+++ shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth2/logger/FilteredLogger.java Fri Jun 29 17:04:38 2012
@@ -1,84 +1,93 @@
/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with this
- * work for additional information regarding copyright ownership. The ASF
- * licenses this file to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
*
- * http://www.apache.org/licenses/LICENSE-2.0
+ * http://www.apache.org/licenses/LICENSE-2.0
*
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- * License for the specific language governing permissions and limitations under
- * the License.
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
*/
package org.apache.shindig.gadgets.oauth2.logger;
+import org.apache.shindig.gadgets.oauth2.OAuth2Error;
+
import java.util.ResourceBundle;
import java.util.logging.Level;
import java.util.logging.Logger;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
-import org.apache.shindig.gadgets.oauth2.OAuth2Error;
-
/**
- * Wraps a {@link Logger} with functions to remove OAuth2 secrets so they don't
- * show up in trace logs.
+ * Wraps a {@link Logger} with functions to remove OAuth2 secrets so they don't show up in trace
+ * logs.
*
*/
public class FilteredLogger {
private static final Level DEFAULT_LOG_LEVEL = Level.FINEST;
- private static final Pattern REMOVE_SECRETS1 = Pattern.compile("(?<=access_token=)[^=& \t\r\n]*");
- private static final Pattern REMOVE_SECRETS2 = Pattern.compile("(Authorization:)[^\t\r\n]*");
-
- private static String filteredMsg(final String msg) {
- return FilteredLogger.filterSecrets(msg);
- }
+ private static final Pattern[] filters = new Pattern[] {
+ Pattern.compile("(?<=access_token=)[^=& \t\r\n]*"),
+ Pattern.compile("(?<=refresh_token=)[^=& \t\r\n]*"),
+ Pattern.compile("(?<=Authorization:)[^\t\r\n]*"),
+ Pattern.compile("(?<=client_id:)[^\t\r\n]*"),
+ Pattern.compile("(?<=client_id=)[^=& \t\r\n]*"),
+ Pattern.compile("(?<=client_secret=)[^=& \t\r\n]*"),
+ Pattern.compile("(?<=client_secret:)[^\t\r\n]*") };
private static String filteredParam(final Object param) {
- final String _param;
+ final String paramString;
if (param != null) {
- _param = FilteredLogger.filterSecrets(param.toString());
+ paramString = FilteredLogger.filterSecrets(param.toString());
} else {
- _param = "";
+ paramString = "";
}
- return _param;
+ return paramString;
}
private static String[] filteredParams(final Object[] params) {
- final String[] _params;
+ final String[] paramStrings;
if (params != null) {
- _params = new String[params.length];
+ paramStrings = new String[params.length];
int i = 0;
for (final Object param : params) {
if (param != null) {
- _params[i] = FilteredLogger.filteredMsg(param.toString());
+ paramStrings[i] = FilteredLogger.filteredParam(param.toString());
} else {
- _params[i] = "";
+ paramStrings[i] = "";
}
i++;
}
} else {
- _params = new String[] {};
+ paramStrings = new String[] {};
}
- return _params;
+ return paramStrings;
}
- public static String filterSecrets(String in) {
- if ((in != null) && (in.length() > 0)) {
- Matcher m = FilteredLogger.REMOVE_SECRETS1.matcher(in);
- final String ret = m.replaceAll("REMOVED");
- m = FilteredLogger.REMOVE_SECRETS2.matcher(ret);
- return m.replaceAll("REMOVED");
+ public static String filterSecrets(final String in) {
+ String ret = in;
+ if (ret != null && ret.length() > 0) {
+ for (final Pattern pattern : FilteredLogger.filters) {
+ final Matcher m = pattern.matcher(ret);
+ ret = m.replaceAll("REMOVED");
+ }
+ }
+
+ if (ret == null) {
+ ret = "";
}
- return "";
+ return ret;
}
public static FilteredLogger getFilteredLogger(final String className) {
@@ -91,15 +100,15 @@ public class FilteredLogger {
this.logger = java.util.logging.Logger.getLogger(className, OAuth2Error.MESSAGES);
}
- public void entering(String sourceClass, String sourceMethod) {
+ public void entering(final String sourceClass, final String sourceMethod) {
this.logger.entering(sourceClass, sourceMethod);
}
- public void entering(String sourceClass, String sourceMethod, Object param) {
+ public void entering(final String sourceClass, final String sourceMethod, final Object param) {
this.logger.entering(sourceClass, sourceMethod, FilteredLogger.filteredParam(param));
}
- public void entering(String sourceClass, String sourceMethod, Object[] params) {
+ public void entering(final String sourceClass, final String sourceMethod, final Object[] params) {
this.logger.entering(sourceClass, sourceMethod, FilteredLogger.filteredParams(params));
}
@@ -115,36 +124,37 @@ public class FilteredLogger {
return this.logger.isLoggable(logLevel);
}
- public void log(Level logLevel, String msg, Object param) {
- this.logger.log(logLevel, FilteredLogger.filteredMsg(msg), FilteredLogger.filteredParam(param));
+ public void log(final Level logLevel, final String msg, final Object param) {
+ this.logger.log(logLevel, FilteredLogger.filterSecrets(msg),
+ FilteredLogger.filteredParam(param));
}
- public void log(Level logLevel, String msg, Object[] params) {
- this.logger.log(logLevel, FilteredLogger.filteredMsg(msg),
- FilteredLogger.filteredParams(params));
+ public void log(final Level logLevel, final String msg, final Object[] params) {
+ this.logger.log(logLevel, FilteredLogger.filterSecrets(msg),
+ FilteredLogger.filteredParams(params));
}
- public void log(Level logLevel, String msg, Throwable thrown) {
+ public void log(final Level logLevel, final String msg, final Throwable thrown) {
this.logger.log(logLevel, FilteredLogger.filterSecrets(msg), thrown);
}
- public void log(String msg, Object param) {
+ public void log(final String msg, final Object param) {
this.log(FilteredLogger.DEFAULT_LOG_LEVEL, msg, param);
}
- public void log(String msg, Object[] params) {
+ public void log(final String msg, final Object[] params) {
this.log(FilteredLogger.DEFAULT_LOG_LEVEL, msg, params);
}
- public void log(String msg, Throwable thrown) {
+ public void log(final String msg, final Throwable thrown) {
this.logger.log(FilteredLogger.DEFAULT_LOG_LEVEL, msg, thrown);
}
- public void exiting(String sourceClass, String sourceMethod) {
+ public void exiting(final String sourceClass, final String sourceMethod) {
this.logger.exiting(sourceClass, sourceMethod);
}
- public void exiting(String sourceClass, String sourceMethod, Object result) {
+ public void exiting(final String sourceClass, final String sourceMethod, final Object result) {
this.logger.exiting(sourceClass, sourceMethod, FilteredLogger.filteredParam(result));
}
}
\ No newline at end of file
Modified: shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth2/logger/FilteredLoggerTest.java
URL: http://svn.apache.org/viewvc/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth2/logger/FilteredLoggerTest.java?rev=1355472&r1=1355471&r2=1355472&view=diff
==============================================================================
--- shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth2/logger/FilteredLoggerTest.java (original)
+++ shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth2/logger/FilteredLoggerTest.java Fri Jun 29 17:04:38 2012
@@ -126,7 +126,7 @@ public class FilteredLoggerTest {
final String result = FilteredLogger.filterSecrets(in);
- Assert.assertEquals("REMOVED", result);
+ Assert.assertEquals("Authorization:REMOVED", result);
}
@Test