SecureConfigurationProcessor.java

/**
 * Copyright (c) 2013-2016, The SeedStack authors <http://seedstack.org>
 *
 * This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/.
 */
package org.seedstack.seed.core.internal.configuration;

import org.seedstack.coffig.NamedNode;
import org.seedstack.coffig.TreeNode;
import org.seedstack.coffig.node.MapNode;
import org.seedstack.coffig.spi.ConfigurationProcessor;

public class SecureConfigurationProcessor implements ConfigurationProcessor {
    @Override
    public void process(MapNode configuration) {
        configuration.get("env").ifPresent(TreeNode::hide);
        configuration.get("sys").ifPresent(TreeNode::hide);
        configuration.walk()
                .filter(node -> node.type() == TreeNode.Type.MAP_NODE)
                .forEach(node -> node.namedNodes()
                        .filter(this::isPotentialPassword)
                        .forEach(namedNode -> namedNode.node().hide())
                );
    }

    private boolean isPotentialPassword(NamedNode namedNode) {
        String key = namedNode.name().toUpperCase();
        return key.contains("PASSWORD") || key.contains("PASSWD") || key.contains("PWD");
    }
}