Remove Logging of Untrusted Data

2 years ago · fed3de8dce
2 changed files with 2 additions and 4 deletions
--- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerAuthenticationManagerResolver.java
+++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerAuthenticationManagerResolver.java
@ -227,8 +227,7 @@ public final class JwtIssuerAuthenticationManagerResolver implements Authenticat
 				return authenticationManager;
 			}
 			else {
-				this.logger.debug(LogMessage
+				this.logger.debug("Did not resolve AuthenticationManager since issuer is not trusted");
 						.format("Did not resolve AuthenticationManager since issuer is not trusted", issuer));
 			}
 			return null;
 		}
--- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerReactiveAuthenticationManagerResolver.java
+++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerReactiveAuthenticationManagerResolver.java
@ -221,8 +221,7 @@ public final class JwtIssuerReactiveAuthenticationManagerResolver
 		@Override
 		public Mono<ReactiveAuthenticationManager> resolve(String issuer) {
 			if (!this.trustedIssuer.test(issuer)) {
-				this.logger.debug(LogMessage
+				this.logger.debug("Did not resolve AuthenticationManager since issuer is not trusted");
 						.format("Did not resolve AuthenticationManager since issuer is not trusted", issuer));
 				return Mono.empty();
 			}
 			// @formatter:off