Spring Boot REST app here.我正在尝试配置 Spring 启动请求审核,以记录任何资源/控制器收到的每个 HTTP 请求,其中包含以下信息:
- 我需要在日志中看到客户端请求的确切HTTP URL(路径(,包括HTTP方法和任何查询字符串参数;和
- 如果有请求正文(例如带有 POST 或 PUT(,我也需要在日志中查看该正文的内容
到目前为止,我最好的尝试:
@Component
public class MyAppAuditor {
private Logger logger;
@EventListener
public void handleAuditEvent(AuditApplicationEvent auditApplicationEvent) {
logger.info(auditApplicationEvent.auditEvent);
}
}
public class AuditingTraceRepository implements TraceRepository {
@Autowired
private ApplicationEventPublisher applicationEventPublisher
@Override
List<Trace> findAll() {
throw new UnsupportedOperationException("We don't expose trace information via /trace!");
}
@Override
void add(Map<String, Object> traceInfo) {
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
AuditEvent traceRequestEvent = new AuditEvent(new Date(), "SomeUser", 'http.request.trace', traceInfo);
AuditApplicationEvent traceRequestAppEvent = new AuditApplicationEvent(traceRequestEvent);
applicationEventPublisher.publishEvent(traceRequestAppEvent);
}
}
但是在运行时,如果我使用以下 curl 命令:
curl -i -H "Content-Type: application/json" -X GET 'http://localhost:9200/v1/data/profiles?continent=NA&country=US&isMale=0&height=1.5&dob=range('1980-01-01','1990-01-01')'
然后我只看到以下日志消息(MyAppAuditor在其中发送审核事件(:
{ "timestamp" : "14:09:50.516", "thread" : "qtp1293252487-17", "level" : "INFO", "logger" : "com.myapp.ws.shared.auditing.MyAppAuditor", "message" : {"timestamp":"2018-06-29T18:09:50+0000","principal":"SomeUser","type":"http.request.trace","data":{"method":"GET","path":"/v1/data/profiles","headers":{"request":{"User-Agent":"curl/7.54.0","Host":"localhost:9200","Accept":"*/*","Content-Type":"application/json"},"response":{"X-Frame-Options":"DENY","Cache-Control":"no-cache, no-store, max-age=0, must-revalidate","X-Content-Type-Options":"nosniff","Pragma":"no-cache","Expires":"0","X-XSS-Protection":"1; mode=block","X-Application-Context":"application:9200","Date":"Fri, 29 Jun 2018 18:09:50 GMT","Content-Type":"application/json;charset=utf-8","status":"200"}},"timeTaken":"89"}} }
如您所见,审计员正在选取基本路径(/v1/data/profiles(,但没有记录任何查询字符串参数。当我点击确实需要请求正文 (JSON( 的 POST 或 PUT 端点时,我还看到类似的请求正文信息缺失。
我需要做什么来配置这些类(或其他 Spring 类/配置(,以便获得我正在寻找的请求审核级别?
幸运的是,执行器使配置这些Trace事件变得非常容易。
向跟踪信息添加参数
您可以查看所有选项。您会注意到默认值 (line 42( 是:
Include.REQUEST_HEADERS,
Include.RESPONSE_HEADERS,
Include.COOKIES,
Include.ERRORS,
Include.TIME_TAKEN
因此,您还需要添加Include.PARAMETERS以及您希望在跟踪中包含的任何其他内容。要配置它,有一个该management.trace.include的配置属性。
所以得到你想要的(即parameters(,加上默认值,您将拥有:
management.trace.include = parameters, request-headers, response-headers, cookies, errors, time-taken
将请求正文添加到跟踪信息
为了获得body,您必须将Bean添加到您的Context中:
@Component
public class WebRequestTraceFilterWithPayload extends WebRequestTraceFilter {
public WebRequestTraceFilterWithPayload(TraceRepository repository, TraceProperties properties) {
super(repository, properties);
}
@Override
protected Map<String, Object> getTrace(HttpServletRequest request) {
Map<String, Object> trace = super.getTrace(request);
String body = null;
try {
body = request.getReader().lines().collect(Collectors.joining("n"));
} catch (IOException e) {
throw new RuntimeException(e);
}
if(body != null) {
trace.put("body", body);
}
return trace;
}
}
上面的代码将覆盖AutoConfigure'dWebRequestTraceFilterbean(因为它是@ConditionalOnMissingBean会尊重你的自定义 bean(,并从request中提取额外的 payload 属性,然后将其添加到发布到您的TraceRepository的Map属性中!
总结
- 可以通过
management.trace.include属性将请求参数添加到TraceRepository trace events - 可以通过创建扩展
Bean来读取 HTTP 请求的body并补充跟踪事件,将请求正文添加到TraceRepository trace events