原有切面形式对controller进来的请求记录日志,但对于一些敏感信息,比如密码、手机号打印在日志中存在泄露风险
由于应用中已经使用了AOP的方式记录请求日志,所以直接从切面判断并且将内容转密文打印。为了更加方便、灵活的设置需要遮掩的字段内容,采用注解的方式将需要遮掩的字段标记,在切面中进行识别处理
需要处理字段标记注解
@Target({ElementType.FIELD, ElementType.PARAMETER})@Retention(RetentionPolicy.RUNTIME)public @interface EncryptLog {}
应用拦截请求日志代码
@Aspect@Component@Slf4jpublic class WebLogAspect {/*** 指定 controller 包下的注解*/@Pointcut("execution( * com.test.cloud.api.web.controller.*.*(..))")public void logPointCut() {}/*** 指定当前执行方法在logPointCut之前执行*/@Before("logPointCut()")public void doBefore(JoinPoint joinPoint) {MDC.put("TRACE_ID", StrUtil.removeAll(UUID.randomUUID().toString(), "-"));// 接收到请求,记录请求内容ServletRequestAttributes attributes = (ServletRequestAttributes) RequestContextHolder.getRequestAttributes();HttpServletRequest request = attributes.getRequest();List<Object> printArgs = getPrintArgs(joinPoint.getArgs());// 记录下请求内容log.info("请求ip:{},请求地址:{},请求类型:{}", HttpUtils.getIpAddr(request), request.getRequestURL().toString(), request.getMethod());log.info("请求方法:{}", joinPoint.getSignature().getDeclaringTypeName() + "." + joinPoint.getSignature().getName());log.info("参数:{}", printArgs.toArray());}@NotNullprivate List<Object> getPrintArgs(Object[] args) {List<Object> printArgs = new ArrayList<>(args.length);for (Object arg : args) {if (arg instanceof ServletRequest || arg instanceof ServletResponse) {continue;}//复制一份,避免修改原内容Object copyArg = BeanUtil.copyProperties(arg, arg.getClass());for (Field field : copyArg.getClass().getDeclaredFields()) {EncryptLog tag = field.getAnnotation(EncryptLog.class);if (tag != null) {field.setAccessible(true);try {field.set(copyArg, "******");} catch (IllegalAccessException e) {log.error(e.getMessage(), e);}}}printArgs.add(copyArg);}return printArgs;}/*** 指定在方法之后返回*/@AfterReturning(returning = "ret", pointcut = "logPointCut()")public void doAfterReturning(Object ret) {// 处理完请求,返回内容log.info("返回值 :{}", getPrintArgs(new Object[]{ret}));MDC.clear();}@Around("logPointCut()")public Object doAround(ProceedingJoinPoint pjp) throws Throwable {StopWatch sw = new StopWatch();sw.start();Object ob = pjp.proceed();sw.stop();log.info("耗时 :{} ms", sw.getTotalTimeMillis());return ob;}
demo
@Datapublic class AccountLoginRequest {@NotBlank(message = "请填写账号")private String account;@EncryptLog@NotBlank(message = "请填写密码")private String password;}
效果
请求ip:127.0.0.1,请求地址:http://127.0.0.1:8999/login/account,请求类型:POST请求方法:com.test.cloud.api.web.controller.UserLoginController.accountLogin参数:AccountLoginRequest(account=test@163.com, password=******)
本文来自博客园,作者:IAyue,转载请注明原文链接:https://www.cnblogs.com/zmj-pr/p/17664331.html
版权说明 : 本文为转载文章, 版权归原作者所有 版权申明
原文链接 : https://www.cnblogs.com/zmj-pr/p/17664331.html
内容来源于网络,如有侵权,请联系作者删除!