From fde5e1b6a53411005c50fc54f7b4bf6224b584e6 Mon Sep 17 00:00:00 2001 From: Venil Noronha Date: Tue, 24 May 2016 09:59:56 +0530 Subject: [PATCH] Add ability to filter cookies in trace data See gh-6018 --- .../boot/actuate/trace/TraceProperties.java | 9 +++++- .../actuate/trace/WebRequestTraceFilter.java | 13 ++++++-- .../trace/WebRequestTraceFilterTests.java | 30 +++++++++++++++++++ 3 files changed, 49 insertions(+), 3 deletions(-) diff --git a/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/trace/TraceProperties.java b/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/trace/TraceProperties.java index 13184a50a6..fd38d8d350 100644 --- a/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/trace/TraceProperties.java +++ b/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/trace/TraceProperties.java @@ -1,5 +1,5 @@ /* - * Copyright 2012-2015 the original author or authors. + * Copyright 2012-2016 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -28,6 +28,7 @@ import org.springframework.boot.context.properties.ConfigurationProperties; * * @author Wallace Wadge * @author Phillip Webb + * @author Venil Noronha * @since 1.3.0 */ @ConfigurationProperties(prefix = "management.trace") @@ -39,6 +40,7 @@ public class TraceProperties { Set defaultIncludes = new LinkedHashSet(); defaultIncludes.add(Include.REQUEST_HEADERS); defaultIncludes.add(Include.RESPONSE_HEADERS); + defaultIncludes.add(Include.COOKIES); defaultIncludes.add(Include.ERRORS); DEFAULT_INCLUDES = Collections.unmodifiableSet(defaultIncludes); } @@ -71,6 +73,11 @@ public class TraceProperties { */ RESPONSE_HEADERS, + /** + * Include Cookie in request and Set-Cookie in response headers. + */ + COOKIES, + /** * Include errors (if any). */ diff --git a/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/trace/WebRequestTraceFilter.java b/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/trace/WebRequestTraceFilter.java index d1c86f0d36..c716de6412 100644 --- a/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/trace/WebRequestTraceFilter.java +++ b/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/trace/WebRequestTraceFilter.java @@ -48,6 +48,7 @@ import org.springframework.web.filter.OncePerRequestFilter; * @author Dave Syer * @author Wallace Wadge * @author Andy Wilkinson + * @author Venil Noronha */ public class WebRequestTraceFilter extends OncePerRequestFilter implements Ordered { @@ -122,7 +123,11 @@ public class WebRequestTraceFilter extends OncePerRequestFilter implements Order trace.put("path", request.getRequestURI()); trace.put("headers", headers); if (isIncluded(Include.REQUEST_HEADERS)) { - headers.put("request", getRequestHeaders(request)); + Map requestHeaders = getRequestHeaders(request); + if (!isIncluded(Include.COOKIES)) { + requestHeaders.remove("Cookie"); + } + headers.put("request", requestHeaders); } add(trace, Include.PATH_INFO, "pathInfo", request.getPathInfo()); add(trace, Include.PATH_TRANSLATED, "pathTranslated", @@ -169,7 +174,11 @@ public class WebRequestTraceFilter extends OncePerRequestFilter implements Order protected void enhanceTrace(Map trace, HttpServletResponse response) { if (isIncluded(Include.RESPONSE_HEADERS)) { Map headers = (Map) trace.get("headers"); - headers.put("response", getResponseHeaders(response)); + Map responseHeaders = getResponseHeaders(response); + if (!isIncluded(Include.COOKIES)) { + responseHeaders.remove("Set-Cookie"); + } + headers.put("response", responseHeaders); } } diff --git a/spring-boot-actuator/src/test/java/org/springframework/boot/actuate/trace/WebRequestTraceFilterTests.java b/spring-boot-actuator/src/test/java/org/springframework/boot/actuate/trace/WebRequestTraceFilterTests.java index db0a32b7ab..4f4db9ea1a 100644 --- a/spring-boot-actuator/src/test/java/org/springframework/boot/actuate/trace/WebRequestTraceFilterTests.java +++ b/spring-boot-actuator/src/test/java/org/springframework/boot/actuate/trace/WebRequestTraceFilterTests.java @@ -50,6 +50,7 @@ import static org.mockito.Mockito.verify; * @author Wallace Wadge * @author Phillip Webb * @author Andy Wilkinson + * @author Venil Noronha */ public class WebRequestTraceFilterTests { @@ -153,6 +154,35 @@ public class WebRequestTraceFilterTests { assertThat(headers.get("response") == null).isTrue(); } + @Test + @SuppressWarnings({ "unchecked" }) + public void filterDoesNotAddRequestCookiesWithCookiesExclude() + throws ServletException, IOException { + this.properties.setInclude(Collections.singleton(Include.REQUEST_HEADERS)); + MockHttpServletRequest request = spy(new MockHttpServletRequest("GET", "/foo")); + request.addHeader("Accept", "application/json"); + request.addHeader("Cookie", "testCookie=testValue;"); + Map map = (Map) this.filter.getTrace(request) + .get("headers"); + assertThat(map.get("request").toString()).isEqualTo("{Accept=application/json}"); + } + + @Test + @SuppressWarnings({ "unchecked" }) + public void filterDoesNotAddResponseCookiesWithCookiesExclude() + throws ServletException, IOException { + this.properties.setInclude(Collections.singleton(Include.RESPONSE_HEADERS)); + MockHttpServletRequest request = new MockHttpServletRequest("GET", "/foo"); + MockHttpServletResponse response = new MockHttpServletResponse(); + response.addHeader("Content-Type", "application/json"); + response.addHeader("Set-Cookie", "testCookie=testValue;"); + Map trace = this.filter.getTrace(request); + this.filter.enhanceTrace(trace, response); + Map map = (Map) trace.get("headers"); + assertThat(map.get("response").toString()) + .isEqualTo("{Content-Type=application/json, status=200}"); + } + @Test public void filterHasResponseStatus() { MockHttpServletRequest request = new MockHttpServletRequest("GET", "/foo");