Java Ninja Chronicles By Norris Shelton

Things I learned in the pursuit of code

We like to use Apache Commons Lang to convert our Objects to a String for easy logging of our application state. Our usual way of doing this is to specify the Objects toString method as.

public String toString() {
    return ReflectionToStringBuilder.toString(this);
}

This works great for us. It isn’t a hard-coded String conversion and will pick up new properties as the bean is maintained.

However, this method is not aware of any fields that may have sensitive content, such as passwords. To prevent sensitive fields from being included in the toString conversion, there are 2 different ways that this can be prevented.

The first way to prevent sensitive information from being included in the toString output is to annotate the individual property, such as

@ToStringExclude
private String password;

Another method for preventing sensitive Object fields from being included in the toString is to specify exclude fields by

public String toString() {
    return ReflectionToStringBuilder.toStringExclude(this, password);
}

Both of these work equally as well to prevent the sensitive information from being included in the toString output.

February 5th, 2019

Posted In: Javaninja

Tags: , , , ,

Leave a Comment

WP to LinkedIn Auto Publish Powered By : XYZScripts.com