struts-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jose L Martinez-Avial (Commented) (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (WW-3760) Change of access level to enable overriding
Date Wed, 22 Feb 2012 12:25:52 GMT

    [ https://issues.apache.org/jira/browse/WW-3760?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13213566#comment-13213566
] 

Jose L Martinez-Avial commented on WW-3760:
-------------------------------------------

Well, the issue is that we have a test environment where the users can connect to authenticating
against the production directory. So their real password is being shown on the logs, and our
security department is not happy about that. We changed the ParametersInterceptor on our own,
but we would prefer to change it in the core itself, instead of customizing it ourselves.
                
> Change of access level to enable overriding
> -------------------------------------------
>
>                 Key: WW-3760
>                 URL: https://issues.apache.org/jira/browse/WW-3760
>             Project: Struts 2
>          Issue Type: Improvement
>          Components: Core Interceptors
>    Affects Versions: 2.3.1.2
>            Reporter: Jose L Martinez-Avial
>            Priority: Minor
>              Labels: ParametersInterceptor, overridable
>             Fix For: 2.3.2
>
>   Original Estimate: 0.5h
>  Remaining Estimate: 0.5h
>
> The method getParameterLogMap on com.opensymphony.xwork2.interceptor.ParametersInterceptor
is declared as private. As a consequence it is not possible to override it.
> The idea of overriding it is to be able to use log level DEBUG for that interceptor(and
see the parameters on the log) while allowing some massaging of the log that will be shown.
For example, I would like to show the value of any parameter, except for the one called password.
As it is today, that is not possible.
> The proposed solution is trivial: just change the method to be protected, so any user
can override that method.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message