我们使用带有嵌入式tomcat的spring boot。由于某些原因,我们必须为雄猫使用DEBUG级别。但是,这使得tomcat将以纯文本而不是***或其他方式记录用户的密码。例如:
2018-08-10 12:47:19.224 DEBUG 21128 --- [nio-8080-exec-2] o.a.coyote.http11.Http11InputBuffer : Received [POST /security/public-rest-api/v1/access-token HTTP/1.1
cache-control: no-cache
Postman-Token: c9d78df1-ff23-46b6-a354-a829dbe440d3
Authorization: Basic Y2xvdWQtZGlzazo=
User-Agent: PostmanRuntime/7.1.1
Accept: */*
Host: localhost:8080
cookie: JSESSIONID=63024FEAB8E01024D0FBFBF89E89AB3C;
JSESSIONID=D9BCEC160EAF9655E24E972FEE9C7FE1
accept-encoding: gzip, deflate
content-type: multipart/form-data; boundary=-------------------------
-923834761753566047828684
content-length: 399
Connection: keep-alive
----------------------------923834761753566047828684
Content-Disposition: form-data; name="grant_type"
password
----------------------------923834761753566047828684
Content-Disposition: form-data; name="username"
user
----------------------------923834761753566047828684
Content-Disposition: form-data; name="password"
password
----------------------------923834761753566047828684--
所以我的问题是如何隐藏纯文本密码?
非常感谢。