Is there a way to hash security data in Spring Boot logs? - spring

I have logs like:
Dec 24, 15:50:45.234 | DEBUG ...: client_id=[123] accessToken=[123123]
How can I hash or mask these security values in logs in a Spring Boot?

Related

Set custom traceId in spring sleuth

I have an angular application using a tracing library to trace each operation (user bouton click).
This application after SPA is loaded sends a list of traces in the request body to the backend microservice to log them.
In the backend microservice, I am using the spring boot 2.3.7, the spring cloud Hoxton.SR9 and logback 1.2.3.
This is the method:
#PostMapping("/traces")
public ResponseEntity<List<Trace>> addTrace(#RequestBody List<Trace> traces) {
traces.forEach(trace -> {
RtLog log = RtLog.builder.parentSpanId(trace.getParentId()).traceId(trace.getTraceId()).spanId(trace.getSpanId)).operationName(trace.getOperationName())
.businessJourney(trace.getBaggages().getBusinessJourney())
.componentId(trace.getBaggages().getComponentId()).componentType(trace.getBaggages().getComponentType())
.sessionId(trace.getBaggages().getSessionId()).userId(trace.getBaggages().getUserId())
.duration(trace.getDuration())
.time(!Null.isNullOrEmpty(datetime) ? datetime.format(DateTimeFormatter.ofPattern(TIMESTAMP_PATTERN))
: EMPTY)
.tags(trace.getTags()).build();
logger.info("spa_log", StructuredArguments.fields(log));
An example of traces send by the application:
The problem is when logging the information, the spring sleuth adds on the log another traceId and spanId that I don't need, and it causes conflict with the correct Ids.
So how can I override the traceId and spanId or is it possible to disable the tracing in this method?
There is the traceContext or brave Tracing but I found that I can builder a new trace but I didn't find a way to change the current trace.

Disable logging Trace id, Span Id for few endpoints in Spring Sleuth

I am using Spring Sleuth for distributed tracing. In my logs, I am able to see Span Id, Trace Id like below
2020-05-22 11:07:43.388 INFO [Project,fff1bc87aebe740a,fff1bc87aebe740a,false] - request received for url /info
But I want to disable logging Trace Id, Span Id for some URLs, For URL /info my logs should look like
2020-05-22 11:07:43.388 INFO [Project] - request received for url /info
Is it possible to achieve this? I found spring.sleuth.web.additionalSkipPattern = /info, but this still logs the id's in my logs.

How to disable spring logging

I am working in a core java application and i recently added springintegration for TCP connection with my server.
I am using my own logger so I need to disable the spring logging. I have no logback xml, only an xml to have spring integration tcp connection.
How can I disable spring logging?
I already tried some stuffs in spring integration docs but doesn't work.
The spring logs are logging those for no use I already catches the errors and logs them but spring again does it of no use.
This is the file i am having for logging
# Logging Options
log.level = INFO
log.path = ./log/
log.console = yes
log.backup.path = ./log/bkp/
log.rotate.pattern = yyyyMMddHH
log.org.springframework=OFF
# RawLog Logging Options
rawlog.path = ./raw_log/
rawlog.backup.path = ./raw_log/bkp/
rawlog.rotate.pattern = yyyyMMddHH

spring-cloud-sleuth(boot) integration with spring-integration

The problem occurs when Spring Integration(spring boot) Application calls Spring boot application for sleuth logging of traceID and spanID from.
URL call --> Facade(written in spring integration,spring boot and supports sleuth)--> Spring boot microservice(Sleuth supported)
Microservice 1 : spring integration Http call
Microservice 2 : spring boot Rest controller
Here is the detail of the logs of both of the microservices.
Microservice 1 calls Microservice 2
Microserice 1 log:
2017-04-18 17:42:31.887[0;39m [32m INFO [CS Facade,ff711e7b275d03a7,b3f14f1a5cf6bd1d,true][0;39m [35m6280[0;39m [2m---[0;39m [2m[
Microservice 2 log :
[2m2017-04-18 17:43:26.133[0;39m [32m INFO [-,32226de675c3a463,32226de675c3a463,false][0;39m [35m14184[0;39m [2m---[0;39m [2m[nio-8083-exec-1][0;39m [36mc.t.cloud.resource.HelloResource
Although, both have same request call , traceID is different.
It works perfect when both the application are pure spring boot application and no http spring Integration used.
Microservice 1 Code
<int-http:outbound-gateway id="getAccount"
url="http://localhost:8083/rest/hello/micro2"
request-channel="receiveChannel" reply-channel="publishsubscribechannel"
http-method="GET" expected-response-type="java.lang.String">
</int-http:outbound-gateway>
Microservice 2 code
#GetMapping(value = "/micro2")
public String hello() {
LOGGER.info("Reached micro2"+accessor.getCurrentSpan());
return "HelloWorld";
}
I'm sorry but you formatted the code and wrote the text in such a way that I barely understand what the problem is. If both apps are Spring Boot and everything is working fine? That's not strange cause Sleuth is a Boot based library. That means that it's enough to use Boot and Sleuth registers all the necessary components. In case of a non Spring Boot app you basically have to do all the work yourself. That means pass the tracing headers either via HTTP or messaging.
Up to Sleuth 2.1.0, spring-integration won't propagate the X-B3* headers automatically.
https://github.com/spring-cloud/spring-cloud-sleuth/issues/1333 with workaround.

how to change the session id length in spring boot

I am using spring boot for a webapp running on embedded tomcat. I want to change the session id length from the default 16 bytes to 32 bytes.
I had a look into this post
Session Id Length in Tomcat
and learnt that we can provide the following in the tomcat config file context.xml
How do we do the equivalent in spring boot?
I mean how do we do that programatically?
This did the trick:
context.getManager().getSessionIdGenerator().setSessionIdLength(32);
where context is the context you get when you extend TomcatContextCustomizer class

Resources