Only access parameters in WebRequestTraceFilter when they are included

Previously, WebRequestTraceFilter would call request.getParameterMap() before deciding whether or not the parameters should be included in the trace. For a POST request, this had the unwanted side-effect of always reading the request body. This commit updates WebRequestTraceFilter so that it checks that parameters are to be included in the trace before calling request.getParameterMap() Closes gh-5089
9 years ago · 607dba97f8
parent 815da8b845
commit 607dba97f8
2 changed files with 11 additions and 3 deletions
--- a/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/trace/WebRequestTraceFilter.java
+++ b/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/trace/WebRequestTraceFilter.java
@ -45,6 +45,7 @@ import org.springframework.web.filter.OncePerRequestFilter;
 *
 * @author Dave Syer
 * @author Wallace Wadge
 * @author Andy Wilkinson
 */
 public class WebRequestTraceFilter extends OncePerRequestFilter implements Ordered {
@ -135,7 +136,9 @@ public class WebRequestTraceFilter extends OncePerRequestFilter implements Order
 		add(trace, Include.CONTEXT_PATH, "contextPath", request.getContextPath());
 		add(trace, Include.USER_PRINCIPAL, "userPrincipal",
 				(userPrincipal == null ? null : userPrincipal.getName()));
-		add(trace, Include.PARAMETERS, "parameters", request.getParameterMap());
+		if (isIncluded(Include.PARAMETERS)) {
 			trace.put("parameters", request.getParameterMap());
 		}
 		add(trace, Include.QUERY_STRING, "query", request.getQueryString());
 		add(trace, Include.AUTH_TYPE, "authType", request.getAuthType());
 		add(trace, Include.REMOTE_ADDRESS, "remoteAddress", request.getRemoteAddr());
--- a/spring-boot-actuator/src/test/java/org/springframework/boot/actuate/trace/WebRequestTraceFilterTests.java
+++ b/spring-boot-actuator/src/test/java/org/springframework/boot/actuate/trace/WebRequestTraceFilterTests.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2012-2015 the original author or authors.
+ * Copyright 2012-2016 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -39,6 +39,9 @@ import org.springframework.mock.web.MockHttpServletResponse;
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertTrue;
 import static org.mockito.Mockito.spy;
 import static org.mockito.Mockito.times;
 import static org.mockito.Mockito.verify;
 /**
 * Tests for {@link WebRequestTraceFilter}.
@ -46,6 +49,7 @@ import static org.junit.Assert.assertTrue;
 * @author Dave Syer
 * @author Wallace Wadge
 * @author Phillip Webb
 * @author Andy Wilkinson
 */
 public class WebRequestTraceFilterTests {
@ -59,13 +63,14 @@ public class WebRequestTraceFilterTests {
 	@Test
 	@SuppressWarnings("unchecked")
 	public void filterAddsTraceWithDefaultIncludes() {
-		MockHttpServletRequest request = new MockHttpServletRequest("GET", "/foo");
+		MockHttpServletRequest request = spy(new MockHttpServletRequest("GET", "/foo"));
 		request.addHeader("Accept", "application/json");
 		Map<String, Object> trace = this.filter.getTrace(request);
 		assertEquals("GET", trace.get("method"));
 		assertEquals("/foo", trace.get("path"));
 		Map<String, Object> map = (Map<String, Object>) trace.get("headers");
 		assertEquals("{Accept=application/json}", map.get("request").toString());
 		verify(request, times(0)).getParameterMap();
 	}
 	@Test