Description
Given the template which is used in the MaskSensitiveHelper class: https://github.com/apache/cxf/blob/dc2f6af9ad09888cafb350f95935e9ec6abf8aee/rt/features/logging/src/main/java/org/apache/cxf/ext/logging/MaskSensitiveHelper.java#L30
If, for example, we want to mask the wsse:Password element
logFeature.addSensitiveElementNames(new HashSet<>(Collections.singletonList("wsse:Password")));
but it contains a property
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">some cleantext password</wsse:Password>
the regex would not pickup the element and thus not replace it and the password would still appear in the logs.
Attachments
Issue Links
- links to