This question is a follow on from : Camel http4 and url-encoded passwords being interpreted as separate arguments and is somewhat related to this update put in as part of Camel 2.14.x and 2.15.x for sanitizing password information...
We're using Camel 2.14.4 with http4 component to communicate with a webservice, and using the RAW syntax. However, if the password within RAW contains an ampersand, the santizeUri method only masks some of the password text.
E.g. Say my password is me#@123, and is injected into the URI so that it becomes a part of the overall URI as follows: ...password=RAW(me#@123)..., when the sanitizeURI method is called, it only sanitizes up to the ampersand, and sees the 123 as a different key, so you end up with ******&123 being logged at WARN level in the logs from this code.
Is there any way of avoiding this ?
Yeah we should remove that WARN logging as its not in use anymore. I have logged a ticket about this: https://issues.apache.org/jira/browse/CAMEL-10395
In the older Camel 2.14.4 version you can only configure your logging library to use ERROR level or OFF for the logger name that logs that WARN message.