Uploaded image for project: 'Red Hat Fuse'
  1. Red Hat Fuse
  2. ENTESB-21958

camel-http4 HttpComponent logs a raw password unsafe characters

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Major
    • fuse-7.13-GA
    • fuse-7.12-GA
    • Camel
    • None
    • Very Likely

    Description

      Altough org.apache.camel.impl.DefaultComponent masking a raw password for logging, org.apache.camel.component.http4.HttpComponent doesn't.

      camel route

      <to id="_to1" uri="http4://localhost:8181/hawtio/auth/login?authMethodPriority=Digest&amp;authPassword=admin&amp;authUsername=admin"/>

      DEBUG level log

      09:55:42.735 [main] DEBUG o.apache.camel.impl.DefaultComponent - Creating endpoint uri=[http4://localhost:8181/hawtio/auth/login?authMethodPriority=Digest&authPassword=xxxxxx&authUsername=admin], path=[localhost:8181/hawtio/auth/login]
09:55:42.744 [main] DEBUG o.a.c.component.http4.HttpComponent - Creating endpoint uri http4://localhost:8181/hawtio/auth/login?authUsername=admin&authMethodPriority=Digest&authPassword=admin

      Please check the value for the "authPassword" parameter.

      The implementations are different between DefaultComponent and HttpComponent.

      org.apache.camel.impl.DefaultComponent

      LOG.debug("Creating endpoint uri=[{}], path=[{}]", URISupport.sanitizeUri(uri), URISupport.sanitizePath(path));

      org.apache.camel.component.http4.HttpComponent

      // create the endpoint and set the http uri to be null
String endpointUriString = endpointUri.toString();

LOG.debug("Creating endpoint uri {}", endpointUriString);

      Attachments

        Activity

          People

            ldemasi Luigi De Masi
            rhn-support-hfuruich Hisao Furuichi
            Daniel Olearcin Daniel Olearcin
            Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: