Only access parameters in WebRequestTraceFilter when they are included

wilkinsona · wilkinsona · commit 607dba97f8e3 · 2016-02-12T10:26:23.000Z
Previously, WebRequestTraceFilter would call request.getParameterMap() before deciding whether or not the parameters should be included in the trace. For a POST request, this had the unwanted side-effect of always reading the request body. This commit updates WebRequestTraceFilter so that it checks that parameters are to be included in the trace before calling request.getParameterMap() Closes gh-5089
diff --git a/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/trace/WebRequestTraceFilter.java b/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/trace/WebRequestTraceFilter.java
@@ -45,6 +45,7 @@
  *
  * @author Dave Syer
  * @author Wallace Wadge
+ * @author Andy Wilkinson
  */
 public class WebRequestTraceFilter extends OncePerRequestFilter implements Ordered {
 
@@ -135,7 +136,9 @@ protected Map<String, Object> getTrace(HttpServletRequest request) {
 		add(trace, Include.CONTEXT_PATH, "contextPath", request.getContextPath());
 		add(trace, Include.USER_PRINCIPAL, "userPrincipal",
 				(userPrincipal == null ? null : userPrincipal.getName()));
-		add(trace, Include.PARAMETERS, "parameters", request.getParameterMap());
+		if (isIncluded(Include.PARAMETERS)) {
+			trace.put("parameters", request.getParameterMap());
+		}
 		add(trace, Include.QUERY_STRING, "query", request.getQueryString());
 		add(trace, Include.AUTH_TYPE, "authType", request.getAuthType());
 		add(trace, Include.REMOTE_ADDRESS, "remoteAddress", request.getRemoteAddr());
diff --git a/spring-boot-actuator/src/test/java/org/springframework/boot/actuate/trace/WebRequestTraceFilterTests.java b/spring-boot-actuator/src/test/java/org/springframework/boot/actuate/trace/WebRequestTraceFilterTests.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2012-2015 the original author or authors.
+ * Copyright 2012-2016 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -39,13 +39,17 @@
 
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertTrue;
+import static org.mockito.Mockito.spy;
+import static org.mockito.Mockito.times;
+import static org.mockito.Mockito.verify;
 
 /**
  * Tests for {@link WebRequestTraceFilter}.
  *
  * @author Dave Syer
  * @author Wallace Wadge
  * @author Phillip Webb
+ * @author Andy Wilkinson
  */
 public class WebRequestTraceFilterTests {
 
@@ -59,13 +63,14 @@ public class WebRequestTraceFilterTests {
 	@Test
 	@SuppressWarnings("unchecked")
 	public void filterAddsTraceWithDefaultIncludes() {
-		MockHttpServletRequest request = new MockHttpServletRequest("GET", "/foo");
+		MockHttpServletRequest request = spy(new MockHttpServletRequest("GET", "/foo"));
 		request.addHeader("Accept", "application/json");
 		Map<String, Object> trace = this.filter.getTrace(request);
 		assertEquals("GET", trace.get("method"));
 		assertEquals("/foo", trace.get("path"));
 		Map<String, Object> map = (Map<String, Object>) trace.get("headers");
 		assertEquals("{Accept=application/json}", map.get("request").toString());
+		verify(request, times(0)).getParameterMap();
 	}
 
 	@Test
