grails kickstart plugin KickstartFilters how to prevent password information on logs

问题

I am using Grails version 2.2.4 and I have installed kickstart plugin as compile ":kickstart-with-bootstrap:0.9.6".

BuildConfig.groovy
plugins {
        runtime ":hibernate:$grailsVersion"
        runtime ":jquery:1.8.3"
        runtime ":resources:1.1.6"

        compile ":kickstart-with-bootstrap:0.9.6"
        build ":tomcat:$grailsVersion"

        runtime ":database-migration:1.3.2"

        compile ':cache:1.0.1'
}

I found "KickstartFilters.groovy" filter with following directory structure

plugin
  -> kickstart-with-bootstrap:0.9.6
     -> conf
         -> kickstart
             -> KickstartFilters.groovy

my "KickstartFilters.groovy" file contains following information

package kickstart

class KickstartFilters {

    def filters = {
        all() {
            before = {
                // Small "logging" filter for controller & actions
                log.info(!params.controller ? '/: ' + params : params.controller +"."+(params.action ?: "index")+": "+params)
            }
            after = {
            }
            afterView = {
            }
        }
    }
}

while log.info are printed in logs at that time if password is passed as params then password information are visible on log so how can I prevent only password Information?

回答1:

I have a work around for this...

https://github.com/joergrech/KickstartWithBootstrap/issues/84

Basically create your filter under conf/kickstart/YourAppFilters.groovy

package kickstart

class YourAppFilters  extends KickstartFilters { 
    def filters = {


        kickstartLogger() { 
            before = {
                // Small "logging" filter for controller & actions
                if (log.infoEnabled) {
                    if (!params.controller.equals('chat')) {
                        if (!params.password ) { 
                            log.info(!params.controller ? '/: ' + params : params.controller +"."+(params.action ?: "index")+": "+params)
                        }else{
                            log.info (params.controller+","+params.action+":"+params?.username)
                        }
                    }       
                }
            }
        }
    }
}

Now under conf/spring/resources.groovy under beans add:

yourAppFilters(KickstartFilters)

This should now override kickstarts filter

来源：https://stackoverflow.com/questions/27293945/grails-kickstart-plugin-kickstartfilters-how-to-prevent-password-information-on

标签

grails

grails-plugin

grails-filters

kickstrap