Obfuscate JSON Request Body

[IkoroVictor]

I'm using the logbook-spring-boot-starter 1.7.0, and currently "access_token" in the JSON response 'body' is obfuscated, which is fine. But when I try to obfuscate other fields by setting them in logbook.obfuscate.parameters property, nothing happens. Is the logbook.obfuscate.parameters only limited to 'query' parameters and not request/response 'body'. Also if that's the case, how do I set fields to obfuscate from a JSON body.

Looking through the configuration class, it seems one needs to create a BodyFilter bean using the BodyFilters.replaceJsonStringProperty, passing the fields required to be masked.

The regex pattern in BodyFilters.replaceJsonStringProperty doesn't seem to cater for fields with array values.

[whiskeysierra]

Is the logbook.obfuscate.parameters only limited to 'query' parameters and not request/response 'body'

Indeed.

List of parameter names that need obfuscation

https://github.com/zalando/logbook#configuration:

What you're looking for is the BodyFilter interface. See https://github.com/zalando/logbook#filtering. Any implementation of that interface will be picked up by the spring boot integration via Spring's application context.

For string properties you may use BodyFilters.replaceJsonStringProperty. Anything more sophisticated than that would require a custom implementation.