{"id":2090,"date":"2026-02-01T15:55:03","date_gmt":"2026-02-01T02:55:03","guid":{"rendered":"https:\/\/www.ronella.xyz\/?p=2090"},"modified":"2026-02-01T15:55:03","modified_gmt":"2026-02-01T02:55:03","slug":"custom-log-masking-in-apache-camel","status":"publish","type":"post","link":"https:\/\/www.ronella.xyz\/?p=2090","title":{"rendered":"Custom Log Masking in Apache Camel"},"content":{"rendered":"

Apache Camel's built-in masking can sometimes truncate after the first match. This article shows how to implement a custom MaskingFormatter<\/code><\/strong> that processes entire strings<\/strong> and masks all<\/strong> sensitive fields in JSON, query strings, and mixed formats without truncation.<\/p>\n

Why Custom Masking?<\/h2>\n

The custom formatter:<\/p>\n

    \n
  • Uses SensitiveUtils.getSensitiveKeys()<\/code> (~100 built-in keywords like password<\/code>, secret<\/code>, token<\/code>)<\/li>\n
  • Adds your custom keywords (userId<\/code>, ssn<\/code>, creditCard<\/code>)<\/li>\n
  • Handles both<\/strong> JSON ("key": "value"<\/code>) and query strings (key=value<\/code>)<\/li>\n
  • Uses Matcher.appendReplacement()<\/code> loop to mask every<\/strong> occurrence<\/li>\n
  • Never truncates<\/strong> - processes complete input<\/li>\n<\/ul>\n

    Example<\/h2>\n
    import org.apache.camel.builder.RouteBuilder;\nimport org.apache.camel.impl.DefaultCamelContext;\nimport org.apache.camel.spi.MaskingFormatter;\nimport org.apache.camel.support.SimpleRegistry;\nimport org.apache.camel.util.SensitiveUtils;\nimport java.util.regex.Matcher;\nimport java.util.regex.Pattern;\n\n\/**\n * Custom formatter that masks ALL sensitive fields without truncating.\n * Processes entire string and masks all occurrences of sensitive keywords.\n *\/\nstatic class NonTruncatingMaskingFormatter implements MaskingFormatter {\n    private final Pattern sensitivePattern;\n\n    public NonTruncatingMaskingFormatter() {\n        \/\/ Use SensitiveUtils for ~100 built-in keywords + custom ones\n        var sensitiveKeys = new java.util.HashSet<>(SensitiveUtils.getSensitiveKeys());\n        sensitiveKeys.add("userId");\n        sensitiveKeys.add("ssn");\n        sensitiveKeys.add("creditCard");\n\n        String keywordGroup = String.join("|", sensitiveKeys);\n\n        \/\/ Matches JSON: "keyword": "value" AND query: keyword=value\n        this.sensitivePattern = Pattern.compile(\n                "(?i)(?:([\\"'])(" + keywordGroup + ")\\\\1\\\\s*:\\\\s*[\\"']([^\\"']+)[\\"']" +  \/\/ JSON\n                        "|(" + keywordGroup + ")\\\\s*=\\\\s*([^&\\\\s,}]+))",  \/\/ Query string\n                Pattern.CASE_INSENSITIVE\n        );\n    }\n\n    @Override\n    public String format(String source) {\n        if (source == null || source.isEmpty()) {\n            return source;\n        }\n\n        Matcher matcher = sensitivePattern.matcher(source);\n        StringBuilder result = new StringBuilder();\n\n        while (matcher.find()) {\n            String replacement;\n            if (matcher.group(1) != null) {\n                \/\/ JSON format: "key": "value" -> "key": "xxxxx"\n                String quote = matcher.group(1);\n                String keyword = matcher.group(2);\n                replacement = quote + keyword + quote + ": \\"xxxxx\\"";\n            } else {\n                \/\/ Query string: key=value -> key=xxxxx\n                String keyword = matcher.group(4);\n                replacement = keyword + "=xxxxx";\n            }\n            matcher.appendReplacement(result, Matcher.quoteReplacement(replacement));\n        }\n        matcher.appendTail(result);\n\n        return result.toString();\n    }\n}\n\nstatic class MyRoutes extends RouteBuilder {\n    @Override\n    public void configure() {\n        from("direct:test")\n                .to("log:maskedLogger?showAll=true&multiline=true")\n                .log("*** FULL BODY (custom masking): ${body}");\n    }\n}\n\nvoid main() throws Exception {\n    SimpleRegistry registry = new SimpleRegistry();\n\n    \/\/ Register custom formatter\n    NonTruncatingMaskingFormatter formatter = new NonTruncatingMaskingFormatter();\n    registry.bind(MaskingFormatter.CUSTOM_LOG_MASK_REF, formatter);\n\n    DefaultCamelContext context = new DefaultCamelContext(registry);\n    context.setLogMask(true);  \/\/ Enable globally\n    context.addRoutes(new MyRoutes());\n    context.start();\n\n    \/\/ Query string payload - ALL fields masked\n    String queryPayload = "userId=12345&password=pass123&apiKey=abc-xyz-123&ssn=123-45-6789&creditCard=4111-1111-1111-1111&token=jwt.abc.def&anotherPassword=secret456";\n    context.createProducerTemplate().sendBody("direct:test", queryPayload);\n\n    \/\/ Complex nested JSON - ALL fields masked\n    String jsonPayload = """\n        {\n            "userId": "user123",\n            "username": "john.doe",\n            "password": "secretPass456",\n            "email": "john@example.com",\n            "apiKey": "sk-live-abc123xyz",\n            "ssn": "987-65-4321",\n            "creditCard": "5555-4444-3333-2222",\n            "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9",\n            "profile": {\n                "accessToken": "ghp_xxxxxxxxxxxx",\n                "refreshToken": "refresh_abc123"\n            }\n        }\n        """;\n    context.createProducerTemplate().sendBody("direct:test", jsonPayload);\n\n    Thread.sleep(2000);\n    context.stop();\n}<\/code><\/pre>\n
    Expected Output<\/h2>\n
    Query string (ALL 7 fields masked):<\/strong><\/p>\n
    *** FULL BODY (custom masking): userId=xxxxx&password=xxxxx&apiKey=xxxxx&ssn=xxxxx&creditCard=xxxxx&token=xxxxx&anotherPassword=xxxxx<\/code><\/pre>\n
    JSON (ALL 10+ fields masked):<\/strong><\/p>\n
    *** FULL BODY (custom masking): {\n    "userId": "xxxxx",\n    "username": "xxxxx",\n    "password": "xxxxx",\n    "email": "john@example.com",\n    "apiKey": "xxxxx",\n    "ssn": "xxxxx",\n    "creditCard": "xxxxx",\n    "token": "xxxxx",\n    "profile": {\n        "accessToken": "xxxxx",\n        "refreshToken": "xxxxx"\n    }\n}<\/code><\/pre>\n
    Key Advantages<\/h2>\n\n\n\n\n\n\n\n
    Feature<\/th>\nBuilt-in<\/th>\nCustom<\/th>\n<\/tr>\n<\/thead>\n
    Truncation<\/td>\n\u274c Sometimes<\/td>\n\u2705 Never<\/td>\n<\/tr>\n
    Custom keywords<\/td>\nLimited<\/td>\n\u2705 Full control<\/td>\n<\/tr>\n
    Nested objects<\/td>\n\u274c Limited<\/td>\n\u2705 Complete scan<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n
    Usage Patterns<\/h2>\n
    Route-level:<\/strong><\/p>\n
    from("direct:secure")\n    .logMask()  \/\/ Uses your custom formatter\n    .log("${body}");<\/code><\/pre>\n
    Endpoint-level:<\/strong><\/p>\n
    .to("log:secure?logMask=true")<\/code><\/pre>\n
    Global:<\/strong> context.setLogMask(true)<\/code> (as shown)<\/p>\n","protected":false},"excerpt":{"rendered":"
    Apache Camel’s built-in masking can sometimes truncate after the first match. This article shows how to implement a custom MaskingFormatter that processes entire strings and masks all sensitive fields in JSON, query strings, and mixed formats without truncation. Why Custom Masking? The custom formatter: Uses SensitiveUtils.getSensitiveKeys() (~100 built-in keywords like password, secret, token) Adds your […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[92],"tags":[],"_links":{"self":[{"href":"https:\/\/www.ronella.xyz\/index.php?rest_route=\/wp\/v2\/posts\/2090"}],"collection":[{"href":"https:\/\/www.ronella.xyz\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ronella.xyz\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ronella.xyz\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ronella.xyz\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2090"}],"version-history":[{"count":1,"href":"https:\/\/www.ronella.xyz\/index.php?rest_route=\/wp\/v2\/posts\/2090\/revisions"}],"predecessor-version":[{"id":2091,"href":"https:\/\/www.ronella.xyz\/index.php?rest_route=\/wp\/v2\/posts\/2090\/revisions\/2091"}],"wp:attachment":[{"href":"https:\/\/www.ronella.xyz\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2090"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ronella.xyz\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2090"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ronella.xyz\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2090"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}