Enable/Disable logging in Worklight application

0
votes

We are developing a WL application using WL enterprise 6.2.0.1. We have four environments (Dev/QA/UAT and PROD).

Our application is logging the user credentials on the Server (file:SystemOut.log) which is ok for Dev environment. However, when we need to move the build to QA and UAT we need to disable the logging since it is a security point of view and we can't proceed to PROD.

What we did is we added the following code to the initOptions.js:

var bEnableConsoleLog = false; // Enable Disable the logging

var wlInitOptions = {
...
...
...
logger : {
    enabled : bEnableConsoleLog},};


var disableLogging = function() {
WL.Logger.info("##### LOG ENABLED ?? => " + bEnableConsoleLog);

if (bEnableConsoleLog == false) 
{
    WL.Logger.config({
        enabled : false,
        level : 'info'
    });

    console.log = function() {

    }.bind(console.log);

    console.error = function() {

    }.bind(console.error);
}


};

  if (window.addEventListener) {
     window.addEventListener('load', function() {
        WL.Client.init(wlInitOptions);
        disableLogging();
    }, false);
  } else if (window.attachEvent) {
    window.attachEvent('onload', function() {
        WL.Client.init(wlInitOptions);
        disableLogging();
    });
}

disableLogging();

 WL.Logger
        .info("######################## WL.Logger.info ENABLED  ############################");
 console
        .log("######################## console.log ENABLED ############################");
 console
        .error("######################## console.error ENABLED ############################");

By Setting the value var bEnableConsoleLog = (true/false); we thought we can enable or disable the logging, but it seems still logging the credentials.

Is there a way to resolve this?

1
ibm-mobilefirst

1 Answers

2
votes

I don't think there is an 'enabled' option on WL.Logger.config based on the WL.Logger API reference. There is a 'capture' option which you can set to false, which will disable saving the client logs and sending them to the server.

If your client is logging the user credentials in a log statement then that information should only be sent based on 'capture' being true (the default) and the log statement you use being at the 'level' value or above. Given your WL.Logger.config() above, that means WL.Logger.info() would be sent to the server and WL.Logger.debug() would not. For more information see Configuring the Worklight Logger.

Note that all of this pertains only to WL.Logger calls made by the client. If you are logging the user credentials in your server-side code (for example using Java logger) then what is logged will be based on the log levels configured on the server; the client log configuration will have no effect.