Package org.mockserver.fixture

Class FixtureRedactor

java.lang.Object

org.mockserver.fixture.FixtureRedactor

public class FixtureRedactor
extends Object

Masks sensitive data in recorded expectations before they are written to fixture files.

Operates on copies: the live event log is never mutated. Header values for a configurable set of header names are replaced with a placeholder ("***REDACTED***").

Default sensitive headers: Authorization, x-api-key, api-key, Cookie, Set-Cookie, Proxy-Authorization.

Field Summary

Fields

Modifier and Type	Field	Description
static final String	REDACTED_PLACEHOLDER

Constructor Summary

Constructors

Constructor	Description
FixtureRedactor()	Create a redactor with the default sensitive header list and no body-field redaction.
FixtureRedactor(Collection<String> sensitiveHeaders)	Create a redactor with a custom sensitive header list and no body-field redaction.
FixtureRedactor(Collection<String> sensitiveHeaders, Collection<String> sensitiveBodyFields)	Create a redactor with custom sensitive headers and JSON body field names.

Method Summary

Modifier and Type	Method	Description
static Set<String>	defaultSensitiveHeaders()	The default sensitive header names (case-insensitive), as an unmodifiable set, so callers can reuse them when constructing a redactor with additional body fields without re-declaring the list.
Expectation[]	redact(Expectation[] expectations)	Redact sensitive headers in an array of expectations.
Expectation[]	redact(Expectation[] expectations, boolean preserveConstraints)	Redact sensitive headers in an array of expectations.
RequestDefinition	redactRequestDefinition(RequestDefinition requestDefinition)	Redact sensitive headers (and configured JSON body fields) in a single request definition, returning a redacted clone.
HttpResponse	redactResponseObject(HttpResponse response)	Redact sensitive headers (and configured JSON body fields) in a single response, returning a redacted clone.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

REDACTED_PLACEHOLDER

public static final String REDACTED_PLACEHOLDER

See Also:

• Constant Field Values

Constructor Details

FixtureRedactor

public FixtureRedactor()

Create a redactor with the default sensitive header list and no body-field redaction.

FixtureRedactor

public FixtureRedactor(Collection<String> sensitiveHeaders)

Create a redactor with a custom sensitive header list and no body-field redaction.

Parameters:

sensitiveHeaders - header names to redact (case-insensitive)

FixtureRedactor

public FixtureRedactor(Collection<String> sensitiveHeaders,
 Collection<String> sensitiveBodyFields)

Create a redactor with custom sensitive headers and JSON body field names. Body fields are matched case-insensitively at any depth of a JSON request/response body; their values are replaced with the placeholder.

Parameters:

sensitiveHeaders - header names to redact (case-insensitive)

sensitiveBodyFields - JSON field names to redact in bodies (case-insensitive)

Method Details

defaultSensitiveHeaders

public static Set<String> defaultSensitiveHeaders()

The default sensitive header names (case-insensitive), as an unmodifiable set, so callers can reuse them when constructing a redactor with additional body fields without re-declaring the list.

redact

public Expectation[] redact(Expectation[] expectations)

Redact sensitive headers in an array of expectations. Returns new Expectation objects; the originals are not modified.

The Times / TimeToLive of the result default to unlimited and the expectation id is dropped — appropriate for the fixture export/import use case where redacted expectations are re-imported as fresh, unlimited mocks. Use redact(Expectation[], boolean) with preserveConstraints=true to keep the original replay constraints and id (e.g. on the recorded-expectation path).

Parameters:

expectations - the expectations to redact

Returns:

new expectations with sensitive header values replaced

redact

public Expectation[] redact(Expectation[] expectations,
 boolean preserveConstraints)

Redact sensitive headers in an array of expectations. Returns new Expectation objects; the originals are not modified.

Parameters:

expectations - the expectations to redact

preserveConstraints - when true, copy Times, TimeToLive, priority and id from each source expectation into its redacted result; when false, default to unlimited Times / TimeToLive and drop the id (original fixture export/import behaviour)

Returns:

new expectations with sensitive header values replaced

redactRequestDefinition

public RequestDefinition redactRequestDefinition(RequestDefinition requestDefinition)

Redact sensitive headers (and configured JSON body fields) in a single request definition, returning a redacted clone. The original is never mutated. Non-HttpRequest request definitions (e.g. OpenAPI definitions) are returned unchanged.

Used by the live event-log / dashboard redaction path so the masked copy is shown without affecting verification, which reads the unredacted request directly.

Parameters:

requestDefinition - the request to redact (may be null)

Returns:

a redacted clone, or the original for null / non-HttpRequest inputs

redactResponseObject

public HttpResponse redactResponseObject(HttpResponse response)

Redact sensitive headers (and configured JSON body fields) in a single response, returning a redacted clone. The original is never mutated.

Parameters:

response - the response to redact (may be null)

Returns:

a redacted clone, or null when response is null