[jira] [Commented] (CXF-7254) New LoggingFeature Sl4jEventSender does not log the request headers

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[jira] [Commented] (CXF-7254) New LoggingFeature Sl4jEventSender does not log the request headers

Omar Atia (Jira)

    [ https://issues.apache.org/jira/browse/CXF-7254?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17110710#comment-17110710 ]

fml2 commented on CXF-7254:
---------------------------

Is it on purpose that the Sl4jEventSender logs the Authorization header (which always contains data that should not be displayed – be it basic auth or the token data)? Should the application take care that the data is not logged by providing its own Sender? We did exactly that in our recent project because we could not found a better solution.

> New LoggingFeature Sl4jEventSender does not log the request headers
> -------------------------------------------------------------------
>
>                 Key: CXF-7254
>                 URL: https://issues.apache.org/jira/browse/CXF-7254
>             Project: CXF
>          Issue Type: Bug
>          Components: logging
>            Reporter: Sergey Beryozkin
>            Assignee: Christian Schneider
>            Priority: Major
>             Fix For: 3.1.11, 3.2.0
>
>
> No request/response properties are reported which, in case of the requests with the empty payloads, leads to no info reported at all, while for the requests with the payloads only the payload INFO is displayed



--
This message was sent by Atlassian Jira
(v8.3.4#803005)