From cf16711291fd28a92f45e93215f02545b2347d9c Mon Sep 17 00:00:00 2001
From: Pekka Helenius <fincer89@hotmail.com>
Date: Tue, 13 Oct 2020 14:22:56 +0300
Subject: [PATCH] Also exclude 'password' from server log entries

Signed-off-by: Pekka Helenius <fincer89@hotmail.com>
---
 .../fjordtek/bookstore/service/HttpServerLogger.java   | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/bookstore/src/main/java/com/fjordtek/bookstore/service/HttpServerLogger.java b/bookstore/src/main/java/com/fjordtek/bookstore/service/HttpServerLogger.java
index 6597c13..16e2b5f 100644
--- a/bookstore/src/main/java/com/fjordtek/bookstore/service/HttpServerLogger.java
+++ b/bookstore/src/main/java/com/fjordtek/bookstore/service/HttpServerLogger.java
@@ -3,6 +3,7 @@
 package com.fjordtek.bookstore.service;
 
 import java.util.ArrayList;
+import java.util.Arrays;
 import java.util.Enumeration;
 import java.util.List;
 
@@ -42,12 +43,15 @@ public class HttpServerLogger {
 		if (requestParamNames != null) {
 			while (requestParamNames.hasMoreElements()) {
 
-				String paramName     = requestParamNames.nextElement().toString();
+				String paramName         = requestParamNames.nextElement().toString();
 
 				/*
-				 * Do not log CSRF tokens
+				 * Do not include specific keywords to log entries
+				 * (use method reference operator)
 				 */
-				if (paramName.contains("csrf")) continue;
+
+				String[] excludeKeywords = {"csrf", "password"};
+				if (Arrays.stream(excludeKeywords).anyMatch(paramName::contains)) continue;
 
 				String[] paramValues = request.getParameterValues(paramName);