Kuali Rice Development
  1. Kuali Rice Development
  2. KULRICE-10434

modify BusinessObjectBase.toString to hide sensitive information

    Details

    • Type: Improvement Improvement
    • Status: Open Open
    • Priority: Major Major
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: Backlog
    • Component/s: Development
    • Security Level: Public (Public: Anyone can view)
    • Labels:
    • Similar issues:
      KULRICE-7518Selecting the Document Information "hide" button on the Document Configuration pages makes all tab disappear on the page.
      KULRICE-14137Client state needs to be processed in the submitAjax function so it can be modified by dialog hide events
      KULRICE-13927BusinessObjectBase.toString causing OutOfMemory errors
      KULRICE-3179Document Configuration screen Show/Hide buttons not working correctly
      KULRICE-8006In Uif-LinkGroup - hiding linkSeparator for the link if the link is hidden
      KULRICE-4408allow hiding of the lookup header bar based on a http parameter
      KULRICE-7438Doc search: initiator is case sensitive
      KULRICE-4534Improvements to configurability of sensitive data checks in the KNS
      KULRICE-4175Group Lookup - Group Name search is case sensitive
      KULRICE-7171Document type field on document search seems to be case sensitive in Rice 2.0
    • Rice Module:
      KRAD
    • Application Requirement:
      KFS
    • KAI Review Status:
      Not Required
    • KTI Review Status:
      Not Required
    • Code Review Status:
      Not Required
    • Include in Release Notes?:
      Yes

      Description

      KFS is currently accepting a contribution that modifies one of our BOs to not included sensitive data in the results of toString(). It would be nice if this was included in core Rice, as an improvement to BusinessObjectBase.toString.

      This is the KFS BO-specific code for reference, that could perhaps be generalized:

      DataDictionaryService dataDictionaryService = SpringContext.getBean(DataDictionaryService.class);
      AttributeSecurity attributeSecurity = dataDictionaryService.getAttributeSecurity(PayeeACHAccount.class.getName(), field.getName());
      if (ObjectUtils.isNotNull(attributeSecurity)
              && (attributeSecurity.isHide() || attributeSecurity.isMask() || attributeSecurity.isPartialMask())) {
          return false;
      }
      

        Issue Links

          Activity

          Hide
          James Smith added a comment -

          Claus, Jonathan, and I discussed on 12/2. Jonathan dislikes the idea of using any service in the toString method of a business object, which is reasonable. He suggested we override toString in business object classes where we know we have secure attributes and simply skip any values which would have been printed out which were secure.

          I replied that this was reasonable, but that I was worried about cases where institutions were adding security on fields which we from foundation had not done. In that case, since BO's are not easily overridable, overriding toString would be problematic. We checked in with a couple institutional implementations and we did find cases of this occurring. Given that, not certain how to proceed.

          Show
          James Smith added a comment - Claus, Jonathan, and I discussed on 12/2. Jonathan dislikes the idea of using any service in the toString method of a business object, which is reasonable. He suggested we override toString in business object classes where we know we have secure attributes and simply skip any values which would have been printed out which were secure. I replied that this was reasonable, but that I was worried about cases where institutions were adding security on fields which we from foundation had not done. In that case, since BO's are not easily overridable, overriding toString would be problematic. We checked in with a couple institutional implementations and we did find cases of this occurring. Given that, not certain how to proceed.

            People

            • Assignee:
              Unassigned
              Reporter:
              Bryan Hutchinson
            • Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:

                Structure Helper Panel