diff --git a/uw-spring-security-sample-war/src/main/java/edu/wisc/uwss/sample/configuration/DemonstrationOnlyPreAuthenticationConfiguration.java b/uw-spring-security-sample-war/src/main/java/edu/wisc/uwss/sample/configuration/DemonstrationOnlyPreAuthenticationConfiguration.java
index 0f5f269ff3bf5bf2f335a77ac584d0b1d4f2ad65..db1900692a08d01c41b5e34ee514dc8d35adf2ea 100644
--- a/uw-spring-security-sample-war/src/main/java/edu/wisc/uwss/sample/configuration/DemonstrationOnlyPreAuthenticationConfiguration.java
+++ b/uw-spring-security-sample-war/src/main/java/edu/wisc/uwss/sample/configuration/DemonstrationOnlyPreAuthenticationConfiguration.java
@@ -98,9 +98,9 @@ public class DemonstrationOnlyPreAuthenticationConfiguration {
           String param = httpRequest.getParameter("_ignorepreauth");
 
           // remove CRLF to avoid CWE-93
-          uri = (uri!=null) ? uri.replaceAll("([\\r\\n])", " ") : null;
-          param = (param!=null) ? param.replace("([\\r\\n])","") : null;
-          logger.debug("uri={}, param={}", uri, param);
+          String cleanUri = (uri!=null) ? uri.replaceAll("([\\r\\n])", " ") : null;
+          String cleanParam = (param!=null) ? param.replace("([\\r\\n])","") : null;
+          logger.debug("uri={}, param={}", cleanUri, cleanParam);
           if(null != param || IGNORED.contains(uri)) {
             logger.info("skipping PreAuthenticationSimulationServletFilter, either due to '_ignorepreauth' or visiting ignore uri");
             filterChain.doFilter(request, response);