admin管理员组文章数量:1199187
Spring boot version 2.7.3
I need to mask all the fields containing 'uri' string in actuator/env response.
According to documentation:
To take control over the sanitization, define a SanitizingFunction bean. The SanitizableData with which the function is called provides access to the key and value as well as the PropertySource from which they came. This allows you to, for example, sanitize every value that comes from a particular property source. Each SanitizingFunction is called in order until a function changes the value of the sanitizable data.
So i implemented class:
import org.springframework.boot.actuate.endpoint.SanitizingFunction;
@Component
public class ActuatorSanitizer implements SanitizingFunction {
...
during application startup debugging i can see my bean is initialized and even autowired to org.springframework.boot.actuate.endpoint.Sanitizer class
public Sanitizer(Iterable<SanitizingFunction> sanitizingFunctions, String... keysToSanitize) {
this.sanitizingFunctions = new ArrayList();
List var10001 = this.sanitizingFunctions;
sanitizingFunctions.forEach(var10001::add);
this.sanitizingFunctions.add(this.getDefaultSanitizingFunction());
this.setKeysToSanitize(keysToSanitize);
}
but then i see that Sanitizer constructor is invoked once again without my custom sanitizing function implementation injected and i see no effect in /actuator/env call response.
Is there a way to get more sanitizing control programatically or via config?
UPD: custom SanitizingFunction implementation works for /actuator/configprops request. This is why Sanitizer constructor is invoked twice.
Spring boot version 2.7.3
I need to mask all the fields containing 'uri' string in actuator/env response.
According to documentation:
To take control over the sanitization, define a SanitizingFunction bean. The SanitizableData with which the function is called provides access to the key and value as well as the PropertySource from which they came. This allows you to, for example, sanitize every value that comes from a particular property source. Each SanitizingFunction is called in order until a function changes the value of the sanitizable data.
So i implemented class:
import org.springframework.boot.actuate.endpoint.SanitizingFunction;
@Component
public class ActuatorSanitizer implements SanitizingFunction {
...
during application startup debugging i can see my bean is initialized and even autowired to org.springframework.boot.actuate.endpoint.Sanitizer class
public Sanitizer(Iterable<SanitizingFunction> sanitizingFunctions, String... keysToSanitize) {
this.sanitizingFunctions = new ArrayList();
List var10001 = this.sanitizingFunctions;
sanitizingFunctions.forEach(var10001::add);
this.sanitizingFunctions.add(this.getDefaultSanitizingFunction());
this.setKeysToSanitize(keysToSanitize);
}
but then i see that Sanitizer constructor is invoked once again without my custom sanitizing function implementation injected and i see no effect in /actuator/env call response.
Is there a way to get more sanitizing control programatically or via config?
UPD: custom SanitizingFunction implementation works for /actuator/configprops request. This is why Sanitizer constructor is invoked twice.
Share Improve this question edited Jan 28 at 17:46 Ivan Karotki asked Jan 22 at 17:37 Ivan KarotkiIvan Karotki 3324 silver badges20 bronze badges 2 |1 Answer
Reset to default 1Update for Spring Boot 2.7.3
For configuring sanitizing of env-endpoint in application.yml; replace keys-to-sanitize with actual keys:
management:
endpoint:
env:
keys-to-sanitize:
- USERNAME
- HOMEBREW_REPOSITORY
For customizing env-endpoint programatically, add a custom EnvironmentEndpoint bean. SanitizingFunction is the same as in the original answer.
import org.springframework.boot.actuate.env.EnvironmentEndpoint;
import org.springframework.boot.actuate.endpoint.SanitizingFunction;
import org.springframework.core.env.Environment;
@Bean
public EnvironmentEndpoint customEnvironmentEndpoint(
Environment environment,
SanitizingFunction sanitizingFunction) {
return new EnvironmentEndpoint(
environment,
Collections.singletonList(sanitizingFunction));
}
Update #2
OP experienced this error during app start:
nested exception is java.lang.IllegalStateException: Found two endpoints with the id 'env': 'writableEnvironmentEndpoint' and 'customEnvironmentEndpoint'
OP later reported that using these suggestions from me fixed the issue:
management.endpoint.env.enabled=false
and
@SpringBootApplication(exclude = EnvironmentEndpointAutoConfiguration.class)
For Spring Boot 3.4
Step 1: Configure actuator
Add this to .authorizeHttpRequests(authorize -> authorize in SecurityFilterChain
// for testing only, enable each actuator endpoint separately
.requestMatchers(EndpointRequest.toAnyEndpoint()).permitAll()
Add this to application.yml
management:
endpoints:
web:
exposure:
include:
- env
- configprops
endpoint:
env:
show-values: always
configprops:
show-values: always
Verify that both http://localhost:8080/actuator/env and http://localhost:8080/actuator/configprops works.
Step 2: Add SanitizingFunction
Put this bean into any @Configuration-annotated class
@Bean
public SanitizingFunction customSanitizingFunction() {
return data -> data.getKey().contains("uri")
? data.withValue("TESTING") // replace with e.g. ****
: data;
}
Verify that "TESTING" appears in both endpoints.
本文标签: Spring actuator SanitizingFunction bean is not usedStack Overflow
版权声明:本文标题:Spring actuator SanitizingFunction bean is not used - Stack Overflow 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1738550507a2097274.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。
public Sanitizer(Iterable<SanitizingFunction> sanitizingFunctions, String... keysToSanitize)though. – Roar S. Commented Jan 28 at 19:42