Package org.mockserver.imports

Class ImportRedaction

java.lang.Object
org.mockserver.imports.ImportRedaction
public class ImportRedaction extends Object
Applies FixtureRedactor masking to expectations produced by the import pipeline (HarImporter, PostmanCollectionImporter) before they are persisted, so real credentials in captured traffic never land in the expectation store.

Redaction is on by default. Imported requests and responses have sensitive headers (Authorization, X-Api-Key, Cookie, Set-Cookie, Proxy-Authorization, etc. — see FixtureRedactor.defaultSensitiveHeaders()) and well-known sensitive JSON body fields replaced with FixtureRedactor.REDACTED_PLACEHOLDER. The placeholder keeps the expectation structurally intact so it still matches.

Callers can disable redaction or extend the sensitive-key list via ImportRedaction.Options. The expectation id assigned by the importer is preserved across redaction (the underlying FixtureRedactor rebuilds expectations without copying the id).

  • Field Details

    • DEFAULT_SENSITIVE_BODY_FIELDS

      public static final Set<String> DEFAULT_SENSITIVE_BODY_FIELDS
      Default JSON body field names redacted on import (case-insensitive, matched at any depth). Covers the common secret-bearing field names seen in captured API traffic.

  • Constructor Details

    • ImportRedaction

      public ImportRedaction()

  • Method Details

    • redact

      public static List<Expectation> redact(List<Expectation> expectations, ImportRedaction.Options options)
      Redact the supplied expectations according to options. When redaction is disabled the input list is returned unchanged; otherwise a new list of redacted expectations (preserving each expectation's id) is returned.
      Parameters:
      expectations - expectations produced by an importer (may be empty)
      options - redaction options; defaults to enabled if null
      Returns:
      the redacted (or original, when disabled) expectations