[jboss-cvs] JBossAS SVN: r80163 - trunk/tomcat/src/main/org/jboss/web/tomcat/security.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Tue Oct 28 15:05:10 EDT 2008
Author: anil.saldhana at jboss.com
Date: 2008-10-28 15:05:10 -0400 (Tue, 28 Oct 2008)
New Revision: 80163
Modified:
trunk/tomcat/src/main/org/jboss/web/tomcat/security/WebUtil.java
Log:
mask authorization header
Modified: trunk/tomcat/src/main/org/jboss/web/tomcat/security/WebUtil.java
===================================================================
--- trunk/tomcat/src/main/org/jboss/web/tomcat/security/WebUtil.java 2008-10-28 18:35:31 UTC (rev 80162)
+++ trunk/tomcat/src/main/org/jboss/web/tomcat/security/WebUtil.java 2008-10-28 19:05:10 UTC (rev 80163)
@@ -34,7 +34,9 @@
{
String headerName = (String)en.nextElement();
sb.append(headerName).append("=");
- sb.append(httpRequest.getHeader(headerName)).append(",");
+ //Ensure HTTP Basic Password is not logged
+ if(headerName.contains("authorization") == false)
+ sb.append(httpRequest.getHeader(headerName)).append(",");
}
sb.append("]");
//Append Request parameter information
More information about the jboss-cvs-commits
mailing list