You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@syncope.apache.org by il...@apache.org on 2019/03/12 13:18:27 UTC
[syncope] branch 2_1_X updated: [SYNCOPE-1450] Extending the
masking filter for audit entries
This is an automated email from the ASF dual-hosted git repository.
ilgrosso pushed a commit to branch 2_1_X
in repository https://gitbox.apache.org/repos/asf/syncope.git
The following commit(s) were added to refs/heads/2_1_X by this push:
new a86ccb3 [SYNCOPE-1450] Extending the masking filter for audit entries
a86ccb3 is described below
commit a86ccb3638168408898bc2344c0af8e00f03cdce
Author: Francesco Chicchiriccò <il...@apache.org>
AuthorDate: Tue Mar 12 14:09:02 2019 +0100
[SYNCOPE-1450] Extending the masking filter for audit entries
---
.../syncope/core/provisioning/java/AuditEntry.java | 31 ++++++++++++++--------
1 file changed, 20 insertions(+), 11 deletions(-)
diff --git a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/AuditEntry.java b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/AuditEntry.java
index a462107..b117beb 100644
--- a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/AuditEntry.java
+++ b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/AuditEntry.java
@@ -23,6 +23,7 @@ import com.fasterxml.jackson.annotation.JsonProperty;
import java.io.Serializable;
import org.apache.commons.lang3.ArrayUtils;
import org.apache.commons.lang3.SerializationUtils;
+import org.apache.syncope.common.lib.patch.UserPatch;
import org.apache.syncope.common.lib.to.UserTO;
import org.apache.syncope.common.lib.types.AuditLoggerName;
@@ -30,6 +31,8 @@ public class AuditEntry implements Serializable {
private static final long serialVersionUID = -2299082316063743582L;
+ private static final String MASKED_VALUE = "<MASKED>";
+
private final String who;
private final AuditLoggerName logger;
@@ -52,28 +55,35 @@ public class AuditEntry implements Serializable {
this.who = who;
this.logger = logger;
- this.before = filterUserPassword(before);
- this.output = filterUserPassword(output);
+ this.before = maskSensitive(before);
+ this.output = maskSensitive(output);
this.input = ArrayUtils.clone(input);
if (this.input != null) {
for (int i = 0; i < this.input.length; i++) {
- this.input[i] = filterUserPassword(this.input[i]);
+ this.input[i] = maskSensitive(this.input[i]);
}
}
}
- private Object filterUserPassword(final Object object) {
- Object filtered;
+ private Object maskSensitive(final Object object) {
+ Object masked;
if (object instanceof UserTO) {
- UserTO user = SerializationUtils.clone((UserTO) object);
- user.setPassword(null);
- filtered = user;
+ masked = SerializationUtils.clone((UserTO) object);
+ if (((UserTO) masked).getPassword() != null) {
+ ((UserTO) masked).setPassword(MASKED_VALUE);
+ }
+ if (((UserTO) masked).getSecurityAnswer() != null) {
+ ((UserTO) masked).setSecurityAnswer(MASKED_VALUE);
+ }
+ } else if (object instanceof UserPatch && ((UserPatch) object).getPassword() != null) {
+ masked = SerializationUtils.clone((UserPatch) object);
+ ((UserPatch) masked).getPassword().setValue(MASKED_VALUE);
} else {
- filtered = object;
+ masked = object;
}
- return filtered;
+ return masked;
}
public String getWho() {
@@ -95,5 +105,4 @@ public class AuditEntry implements Serializable {
public Object[] getInput() {
return input;
}
-
}