remove logging of user data (SAP#1304)

* Improve error message in SpringSecurityContext.java --------- Signed-off-by: Manuel Fink <[email protected]> Co-authored-by: Manuel Fink <[email protected]>
clnative · Oct 4, 2023 · 7274555 · 7274555
1 parent 2757325
commit 7274555
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 6 deletions.
diff --git a/spring-security/src/main/java/com/sap/cloud/security/spring/token/SpringSecurityContext.java b/spring-security/src/main/java/com/sap/cloud/security/spring/token/SpringSecurityContext.java
@@ -56,7 +56,7 @@ public static Token getToken() {
 			return (Token) principal;
 		}
 		throw new AccessDeniedException(
-				"Access forbidden: SecurityContextHolder does not contain a principal of type 'Token' " + principal);
+				"Access forbidden: SecurityContextHolder does not contain a principal of type 'Token'. Found instead a principal of type " + principal.getClass());
 	}
 
 	/**

diff --git a/spring-xsuaa/src/main/java/com/sap/cloud/security/xsuaa/token/SpringSecurityContext.java b/spring-xsuaa/src/main/java/com/sap/cloud/security/xsuaa/token/SpringSecurityContext.java
@@ -30,7 +30,7 @@ private SpringSecurityContext() {
 	 *             <p>
 	 *             Note: This method is introduced with xsuaa spring client lib.
 	 */
-	static public Token getToken() {
+	public static Token getToken() {
 		Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
 
 		if (authentication == null) {
@@ -41,7 +41,7 @@ static public Token getToken() {
 			return (Token) principal;
 		}
 		throw new AccessDeniedException(
-				"Access forbidden: SecurityContextHolder does not contain a principal of type 'Token' " + principal);
+				"Access forbidden: SecurityContextHolder does not contain a principal of type 'Token'. Found instead a principal of type " + principal.getClass());
 	}
 
 	/**
@@ -57,7 +57,7 @@ static public Token getToken() {
 	 *            the extractor used to turn Jwt scopes into Spring Security
 	 *            authorities.
 	 */
-	static public void init(String encodedJwtToken, JwtDecoder xsuaaJwtDecoder,
+	public static void init(String encodedJwtToken, JwtDecoder xsuaaJwtDecoder,
 			AuthoritiesExtractor authoritiesExtractor) {
 		Assert.isInstanceOf(XsuaaJwtDecoder.class, xsuaaJwtDecoder,
 				"Passed JwtDecoder instance must be of type 'XsuaaJwtDecoder'");
@@ -74,7 +74,7 @@ static public void init(String encodedJwtToken, JwtDecoder xsuaaJwtDecoder,
 	 * Cleans up the Spring Security Context {@link SecurityContextHolder} and
 	 * release thread locals for Garbage Collector to avoid memory leaks resources.
 	 */
-	static public void clear() {
+	public static void clear() {
 		SecurityContextHolder.clearContext();
 	}
-}
+}