Your go-to microservice framework for any situation, from the creator of Netty et al. You can build any type of microservice leveraging your favorite technologies, including gRPC, Thrift, Kotlin, Retrofit, Reactive Streams, Spring Boot and Dropwizard.
We sometimes want to mask some fields in the request content which include sensitive information.
We could use the builderForJson() method alongside Jackson to convert the request content into JsonNode , allowing us to mask specific fields. With this method, we need to manually list the fields that we want to mask in a setting file or elsewhere, which I think might lead to misspellings and inadvertently expose sensitive information in the logs.
I think we need a way to verify that the fields we specify in the settings file exist in the request content. I believe that other methods, such as attaching a custom annotation to sensitive fields, would be better.
@trustin suggested an idea: implementing a parser that specializes in sanitization, i.e. don't parse everything but just replace a value at certain location (e.g. foo.bar.baz)
Another idea: Introduce an annotation like @Mask and make Jackson (or the JSON serializer of choice) mask the annotated field during the serialization.
We can use a decorator to output request and response logs from a HTTP client as shown below
We sometimes want to mask some fields in the request content which include sensitive information.
We could use the
builderForJson()
method alongsideJackson
to convert the request content intoJsonNode
, allowing us to mask specific fields. With this method, we need to manually list the fields that we want to mask in a setting file or elsewhere, which I think might lead to misspellings and inadvertently expose sensitive information in the logs.I think we need a way to verify that the fields we specify in the settings file exist in the request content. I believe that other methods, such as attaching a custom annotation to sensitive fields, would be better.
@trustin suggested an idea: implementing a parser that specializes in sanitization, i.e. don't parse everything but just replace a value at certain location (e.g.
foo.bar.baz
)