Skip to content

Overview

Concepts and Principles

Development

Overview

IDEs

API Explorer

Releases

Release Notes

TORO Integrate

Coder Studio

Coder Cloud

Bug Reports

Search

Security and Privacy Concerns in Tracker

Since logged service invocations may log data necessary for data mining, troubleshooting, and report generation, it might raise some security concerns as the stored data may contain sensitive information such as credit card numbers, social security numbers, or any other personal information.

To ensure that access to such data is limited, only Marketplace Users and Integrate Users under the ESBAPIAdminGroup are permitted to access the data. To fetch Tracker documents, users of any of these types may use the REST API. Additionally, Marketplace Users (but not Integrate Users) can also view the documents via the Tracker UI.

To avoid any privacy breach you can:

  • Turn off the Tracker feature to avoid any sensitive data being persisted in the database.
  • Mask all sensitive data before data gets into the Tracker database.
  • Selectively choose whether to persist inbound, outbound, or both inbound and outbound data in the Tracker database.

In Groovy Services, you can do this by annotating the Groovy class or method with io.toro.integrate.core.service.annotation.Track1 and set its method property to:

  • NONE to disable logging completely
  • REQUEST to log only HTTP requests
  • RESPONSE to log only HTTP responses
  • ALL to log both HTTP requests and responses

Below is a controller that will only persist the inbound request data received by its endpoints:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
import io.toro.integrate.core.api.APIResponse
import io.toro.integrate.core.service.annotation.Track
import io.toro.integrate.tracker.TrackMethod
import org.springframework.web.bind.annotation.RequestMapping
import org.springframework.web.bind.annotation.RequestMethod
import org.springframework.web.bind.annotation.RestController

@RestController
@RequestMapping(value = 'greet', produces = ['application/json', 'application/xml'])
@Track(method = TrackMethod.REQUEST)
class GreetingController {

    @RequestMapping(value = 'hello', method = [RequestMethod.GET])
    APIResponse sayHello() {
        new APIResponse('Hello!')
    }

    // More request handler methods...

}

  1. Unfortunately, this annotation has no counterpart in Gloop yet.