We need to mask SSN(9 digits) only in the sql logs file and not Order No(9 digits). There is one problem - a number (123456789) can be a SSN and Order No both. How can we distinguish the both, so that one is masked and the other is not masked.
There is another problem - the sql logs are not created by us , they are created by the inbuilt classes of the jars that we are using , let me explain what I mean to say.
Log4j.xml code is below
<appender name="SQL_logfile" class="org.apache.log4j.DailyRollingFileAppender">
<param name="File" value="../logs/sql.log" />
<layout class="CustomFilterLayout;">
<param name="ConversionPattern" value="[%d{ISO8601}{CST}] [%p] [%X{ipAddress}] [%X{userID}] [%t] [%c] - %m%n" />
</layout>
</appender>
<appender name="async_SQL_logfile" class="org.apache.log4j.AsyncAppender">
<appender-ref ref="SQL_logfile"/>
</appender>
<logger name="java.sql" additivity="false">
<level value="DEBUG" />
<appender-ref ref="async_SQL_logfile" />
</logger>
DAO File code is below
public List<TestDelivery> getTestDelivery(long SSN, long orderNo)
{
List<TestDelivery> testDeliveryList = new ArrayList<>();
Map<String, Object> params = new HashMap<>();
params.put("SSN", SSN);
params.put("orderNo", orderNo);
try {
testDeliveryList = (List<TestDelivery>) getSqlMapClientTemplate().queryForList("getTestDelivery", params);
} catch(Exception e) {
}
return testDeliveryList;
}
The problem is that the Logs that get written are done automatically by the getSqlMapClientTemplate class on which we have no control and the Logs get printed as below
Params -> (SSN,123456789),(orderNo,123456789)
But we want the logs to get printed as below, and we cannot mask the SSN value that is send in parameters in the DAO class getTestDelivery method because that value is passed to fetch the TestDelivery List.We only want the SSN masking in the logs.
Params -> (SSN,#########),(orderNo,123456789)
