You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@syncope.apache.org by il...@apache.org on 2019/03/12 13:18:27 UTC
[syncope] branch 2_0_X updated: [SYNCOPE-1450] Extending the
masking filter for audit entries
This is an automated email from the ASF dual-hosted git repository.
ilgrosso pushed a commit to branch 2_0_X
in repository https://gitbox.apache.org/repos/asf/syncope.git
The following commit(s) were added to refs/heads/2_0_X by this push:
new 600af55 [SYNCOPE-1450] Extending the masking filter for audit entries
600af55 is described below
commit 600af5539a875dd6c39adb7bbfbf73100a7ff945
Author: Francesco Chicchiriccò <il...@apache.org>
AuthorDate: Tue Mar 12 14:09:02 2019 +0100
[SYNCOPE-1450] Extending the masking filter for audit entries
---
.../syncope/core/provisioning/java/AuditEntry.java | 25 +++++++++++++++-------
1 file changed, 17 insertions(+), 8 deletions(-)
diff --git a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/AuditEntry.java b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/AuditEntry.java
index 8d56f53..35d5297 100644
--- a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/AuditEntry.java
+++ b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/AuditEntry.java
@@ -23,6 +23,7 @@ import com.fasterxml.jackson.annotation.JsonProperty;
import org.apache.commons.lang3.ArrayUtils;
import org.apache.commons.lang3.SerializationUtils;
import org.apache.syncope.common.lib.AbstractBaseBean;
+import org.apache.syncope.common.lib.patch.UserPatch;
import org.apache.syncope.common.lib.to.UserTO;
import org.apache.syncope.common.lib.types.AuditLoggerName;
@@ -30,6 +31,8 @@ public class AuditEntry extends AbstractBaseBean {
private static final long serialVersionUID = -2299082316063743582L;
+ private static final String MASKED_VALUE = "<MASKED>";
+
private final String who;
private final AuditLoggerName logger;
@@ -52,23 +55,30 @@ public class AuditEntry extends AbstractBaseBean {
this.who = who;
this.logger = logger;
- this.before = filterUserPassword(before);
- this.output = filterUserPassword(output);
+ this.before = maskSensitive(before);
+ this.output = maskSensitive(output);
this.input = ArrayUtils.clone(input);
if (this.input != null) {
for (int i = 0; i < this.input.length; i++) {
- this.input[i] = filterUserPassword(this.input[i]);
+ this.input[i] = maskSensitive(this.input[i]);
}
}
}
- private Object filterUserPassword(final Object object) {
+ private Object maskSensitive(final Object object) {
Object filtered;
if (object instanceof UserTO) {
- UserTO user = SerializationUtils.clone((UserTO) object);
- user.setPassword(null);
- filtered = user;
+ filtered = SerializationUtils.clone((UserTO) object);
+ if (((UserTO) filtered).getPassword() != null) {
+ ((UserTO) filtered).setPassword(MASKED_VALUE);
+ }
+ if (((UserTO) filtered).getSecurityAnswer() != null) {
+ ((UserTO) filtered).setSecurityAnswer(MASKED_VALUE);
+ }
+ } else if (object instanceof UserPatch && ((UserPatch) object).getPassword() != null) {
+ filtered = SerializationUtils.clone((UserPatch) object);
+ ((UserPatch) filtered).getPassword().setValue(MASKED_VALUE);
} else {
filtered = object;
}
@@ -95,5 +105,4 @@ public class AuditEntry extends AbstractBaseBean {
public Object[] getInput() {
return input;
}
-
}