The code below shows that I am trying to get the "encodedpassword" attribute value from the User type's JsonAuditRecord using the ReadAuditGateway.
JsonAuditRecord userJsonRecord = getUserJsonAuditRecords_withReadAuditGateway(query);
String encodedPassword = userJsonRecord.getAttributeAfterOperation("encodedpassword");
System.out.println(encodedPassword); //Hybris1808 would print the actual encoded password
System.out.println(encodedPassword); //CX2011 prints **** instead
After upgrading to CX2011, I found out that the User type's encodedPassword is audit blacklisted. Also, any blacklisted attributes would have their value obscured e.g. ****. I understand the rational behind that (possibly a security enhancement). However, to allow our custom code (that requires the un-obscured value of the encodedPassword) to continue working, I have tried to remove it from the audit blacklist by making sure that the two properties below are not set with any value in my local.properties
audit.user.blacklistedProperties=
audit.userpasswordchangeaudit.blacklistedProperties=
However, after performing "ant all" and restarted my local Hybris server, the encodedPassword is still obscured..
May I ask other than changing those properties above, are there other steps that needs to be done? e.g. overriding some OOTB classes.
Also, I have tried to read the Audit Report section in the SAP Commerce Documentation, I do not see the audit blacklisting part is being documented. I would appreciate if someone could also provide any links that relates to this topic.