Java 禁用Jax-WS-Apache-CXF-httpconductor消息日志记录
在过去的几天里,我一直被困在这个问题上,但毫无结果。在谷歌搜索和反复尝试之后,我又回到了一开始,没有任何运气 我目前正在开发一个通过JAX-WS连接到第三方的Java应用程序。它们提供了一个WSDL,我们使用jaxws-maven插件运行该WSDL来生成服务。通过Spring实现,然后使用HttpConductor更改端点并提供相关配置(例如密钥存储),以连接到各种环境(例如SysTest、UAT、生产等) 问题是,我没有设置任何日志记录(事实上,之前删除了其中的两个拦截器),但是发送给第三方的xml消息出现在日志中。这是一个主要问题,因为我们正在向第三方发送信用卡信息,由于明显的原因,这些信息无法被记录。我可以更改log4j属性以防止这样的日志记录,但这不是一个修复方法 下面是一些代码: 这是我们的bean文件Java 禁用Jax-WS-Apache-CXF-httpconductor消息日志记录,java,spring,logging,cxf,jax-ws,Java,Spring,Logging,Cxf,Jax Ws,在过去的几天里,我一直被困在这个问题上,但毫无结果。在谷歌搜索和反复尝试之后,我又回到了一开始,没有任何运气 我目前正在开发一个通过JAX-WS连接到第三方的Java应用程序。它们提供了一个WSDL,我们使用jaxws-maven插件运行该WSDL来生成服务。通过Spring实现,然后使用HttpConductor更改端点并提供相关配置(例如密钥存储),以连接到各种环境(例如SysTest、UAT、生产等) 问题是,我没有设置任何日志记录(事实上,之前删除了其中的两个拦截器),但是发送给第三方的
<jaxws:client id="client1"
xmlns:hsn="http://example.com"
serviceClass="com.example.Service1"
address="${service1.url}"
endpointName="hsn:service1"/>
<jaxws:client id="client2"
xmlns:hsn="http://example.com"
serviceClass="com.example.Service2"
address="${service2.url}"
endpointName="hsn:service2"/>
<jaxws:client id="client3"
xmlns:hsn="http://example.com"
serviceClass="com.example.Service3"
address="${service3.url}"
endpointName="hsn:service3"/>
<http:conduit name="https://*/.*">
<http:tlsClientParameters disableCNCheck="${service.disable-cn-check}">
<sec:keyManagers keyPassword="${service.keystore.password}">
<sec:keyStore type="JKS" password="${service.keystore.password}"
resource="${service.keystore.name}"/>
</sec:keyManagers>
<sec:trustManagers>
<sec:keyStore type="JKS" password="${service.truststore.password}"
resource="${service.truststore.name}"/>
</sec:trustManagers>
<sec:cipherSuitesFilter>
<sec:include>.*_EXPORT_.*</sec:include>
<sec:include>.*_EXPORT1024_.*</sec:include>
<sec:include>.*_WITH_DES_.*</sec:include>
<sec:include>.*_WITH_AES_.*</sec:include>
<sec:include>.*_WITH_NULL_.*</sec:include>
<sec:exclude>.*_DH_anon_.*</sec:exclude>
</sec:cipherSuitesFilter>
</http:tlsClientParameters>
<http:client AutoRedirect="true" Connection="Keep-Alive"
ConnectionTimeout="${service.max-response-time}"
ReceiveTimeout="${service.max-response-time}"/>
</http:conduit>
<http:conduit name="http://*/.*">
<http:client AutoRedirect="true" Connection="Keep-Alive"
ConnectionTimeout="${service.max-response-time}"
ReceiveTimeout="${service.max-response-time}"/>
</http:conduit>
.*u导出*
*.\u导出1024\u*
带有“DES”的**
.*u与\u AES\u*
带有空值的*u*
.*DH_anon_*
正如您所看到的,没有日志拦截器,也没有使用以下命令显式打开日志记录:
<cxf:bus>
<cxf:features>
<cxf:logging/>
</cxf:features>
</cxf:bus>
我能想到的唯一其他相关文件是META-INF/cxf/org.apache.cxf.Logger,它包含:
org.apache.cxf.common.logging.Slf4jLogger
即使没有文件,也不会进行任何更改
正如您所见,以下是日志中的一个示例:
15:05:45.742 DEBUG | org.apache.cxf.phase.PhaseInterceptorChain - Invoking handleMessage on interceptor org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor@5e62b59d
15:05:45.742 DEBUG | org.apache.cxf.transport.http.Headers - Accept: */*
15:05:45.743 DEBUG | org.apache.cxf.transport.http.Headers - Connection: Keep-Alive
15:05:45.743 DEBUG | org.apache.cxf.transport.http.Headers - SOAPAction: ""
15:05:45.744 DEBUG | org.apache.cxf.transport.http.HTTPConduit - No Trust Decider for Conduit '{http://example.com}service1.http-conduit'. An afirmative Trust Decision is assumed.
15:05:45.746 DEBUG | org.apache.cxf.transport.http.HTTPConduit - Sending POST Message with Headers to http://localhost:8080/stubs/Service1 Conduit :{http://example.com}service1.http-conduit
15:05:45.746 DEBUG | org.apache.cxf.transport.http.HTTPConduit - Conduit "{http://example.com}service1.http-conduit" Transmit cached message to: http://localhost:8080/stubs/Service1: <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body>********************HERE LIES THE XML MESSAGE*********************</soap:Body></soap:Envelope>
15:05:45.766 DEBUG | org.apache.cxf.endpoint.ClientImpl - Interceptors contributed by bus: [org.apache.cxf.ws.policy.PolicyInInterceptor@24ec87dc]
15:05:45.767 DEBUG | org.apache.cxf.endpoint.ClientImpl - Interceptors contributed by client: []
15:05:45.767 DEBUG | org.apache.cxf.endpoint.ClientImpl - Interceptors contributed by endpoint: [org.apache.cxf.jaxws.interceptors.WrapperClassInInterceptor@52d1f1fb, org.apache.cxf.jaxws.interceptors.HolderInInterceptor@5565c037, org.apache.cxf.jaxws.interceptors.SwAInInterceptor@b2e86ae, org.apache.cxf.frontend.WSDLGetInterceptor@1ca801a2]
15:05:45.768 DEBUG | org.apache.cxf.endpoint.ClientImpl - Interceptors contributed by binding: [org.apache.cxf.interceptor.AttachmentInInterceptor@1b8c0f3e, org.apache.cxf.interceptor.StaxInInterceptor@83cbd93, org.apache.cxf.binding.soap.interceptor.SoapActionInInterceptor@4bc2021e, org.apache.cxf.interceptor.DocLiteralInInterceptor@2e19266d, org.apache.cxf.binding.soap.interceptor.SoapHeaderInterceptor@7529d5bf, org.apache.cxf.binding.soap.interceptor.ReadHeadersInterceptor@d902ab1, org.apache.cxf.binding.soap.interceptor.StartBodyInterceptor@73e2d16b, org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor@3023033d, org.apache.cxf.binding.soap.interceptor.MustUnderstandInterceptor@4aa9b27b]
15:05:45.768 DEBUG | org.apache.cxf.endpoint.ClientImpl - Interceptors contributed by databinging: [org.apache.cxf.jaxb.attachment.JAXBAttachmentSchemaValidationHack@331fef77]
15:05:45.769 DEBUG | org.apache.cxf.phase.PhaseInterceptorChain - Chain org.apache.cxf.phase.PhaseInterceptorChain@273221e was created. Current flow:
receive [PolicyInInterceptor, AttachmentInInterceptor]
post-stream [StaxInInterceptor]
read [WSDLGetInterceptor, ReadHeadersInterceptor, SoapActionInInterceptor, StartBodyInterceptor]
pre-protocol [MustUnderstandInterceptor]
post-protocol [CheckFaultInterceptor, JAXBAttachmentSchemaValidationHack]
unmarshal [DocLiteralInInterceptor, SoapHeaderInterceptor]
post-logical [WrapperClassInInterceptor]
pre-invoke [SwAInInterceptor, HolderInInterceptor]
15:05:45.769 DEBUG | org.apache.cxf.phase.PhaseInterceptorChain - Invoking handleMessage on interceptor org.apache.cxf.ws.policy.PolicyInInterceptor@24ec87dc
15:05:45.742调试| org.apache.cxf.phase.PhaseInterceptorChain-调用拦截器org.apache.cxf.interceptor.MessageSenderInterceptor上的handleMessage$MessageSenderEndingInterceptor@5e62b59d
15:05:45.742调试| org.apache.cxf.transport.http.Headers-接受:*/*
15:05:45.743调试| org.apache.cxf.transport.http.Headers-连接:保持活动状态
15:05:45.743调试| org.apache.cxf.transport.http.Headers-SOAPAction:“
15:05:45.744调试| org.apache.cxf.transport.http.httpconductor-对conductor的{http://example.com}service1.http管道'。假设存在一个不确定的信任决策。
15:05:45.746调试| org.apache.cxf.transport.http.httpconductor-将带有标题的POST消息发送到http://localhost:8080/stubs/Service1 导管:{http://example.com}service1.http-conductor
15:05:45.746调试| org.apache.cxf.transport.http.httpconductor-conductor“{http://example.com}service1.http导管“将缓存的消息传输到:http://localhost:8080/stubs/Service1: ********************下面是XML消息*********************
15:05:45.766调试| org.apache.cxf.endpoint.ClientImpl-总线贡献的拦截器:[org.apache.cxf.ws.policy。PolicyInInterceptor@24ec87dc]
15:05:45.767调试| org.apache.cxf.endpoint.ClientImpl-客户端提供的拦截器:[]
15:05:45.767 DEBUG | org.apache.cxf.endpoint.ClientImpl-端点贡献的拦截器:[org.apache.cxf.jaxws.Interceptors。WrapperClassInInterceptor@52d1f1fb,org.apache.cxf.jaxws.interceptors。HolderInInterceptor@5565c037,org.apache.cxf.jaxws.interceptors。SwAInInterceptor@b2e86ae,org.apache.cxf.frontend。WSDLGetInterceptor@1ca801a2]
15:05:45.768 DEBUG | org.apache.cxf.endpoint.ClientImpl-绑定贡献的拦截器:[org.apache.cxf.interceptor。AttachmentInInterceptor@1b8c0f3e,org.apache.cxf.interceptor。StaxInInterceptor@83cbd93,org.apache.cxf.binding.soap.interceptor。SoapActionInInterceptor@4bc2021e,org.apache.cxf.interceptor。DocLiteralInInterceptor@2e19266d,org.apache.cxf.binding.soap.interceptor。SoapHeaderInterceptor@7529d5bf,org.apache.cxf.binding.soap、 拦截器。ReadHeadersInterceptor@d902ab1,org.apache.cxf.binding.soap.interceptor。StartBodyInterceptor@73e2d16b,org.apache.cxf.binding.soap.interceptor。CheckFaultInterceptor@3023033d,org.apache.cxf.binding.soap.interceptor。MustUnderstandInterceptor@4aa9b27b]
15:05:45.768 DEBUG | org.apache.cxf.endpoint.ClientImpl-数据绑定贡献的拦截器:[org.apache.cxf.jaxb.attachment]。JAXBAttachmentSchemaValidationHack@331fef77]
15:05:45.769调试| org.apache.cxf.phase.PhaseInterceptorChain-Chain org.apache.cxf.phase。PhaseInterceptorChain@273221e已创建。当前流:
接收[保单接收人,附件接收人]
后置流[StaxInInterceptor]
读取[WSDLGetInterceptor、ReadHeaderInterceptor、SoapActionInInterceptor、StartBodyInterceptor]
预协议[必须理解interceptor]
post协议[CheckFaultInterceptor,JAXBAttachmentSchemaValidationHack]
解组器[docliteralinterceptor,SoapHeaderInterceptor]
post逻辑[WrapperClassInInterceptor]
预调用[SwAInInterceptor,HolderInterceptor]
15:05:45.769调试| org.apache.cxf.phase.PhaseInterceptorChain-调用拦截器org.apache.cxf.ws.policy上的handleMessage。PolicyInInterceptor@24ec87dc
几个月前,我遇到了类似的问题,我需要屏蔽xml的几个字段
CustomLoginInterceptor
import org.apache.commons.lang3.StringUtils;
import org.apache.cxf.interceptor.LoggingInInterceptor;
import org.apache.cxf.interceptor.LoggingMessage;
public class KPLogInInterceptor extends LoggingInInterceptor {
@Override
protected String formatLoggingMessage(LoggingMessage loggingMessage) {
String str = loggingMessage.toString();
String output = maskPasswords(str);
//output = maskRestPasswords(output);
return(output);
}
private String maskPasswords(String str) {
// String str =
// "<password1>asdasdad</password1><Password3></Password3><Password5/><PassWord6>fdsfsf</PassWord6>";
final String[] keys = { "password", "authpass", "accountnumber", "authphrase" };
for (String key : keys) {
int beginIndex = 0;
int lastIndex = -1;
boolean emptyPass = false;
boolean multiline = false;
if(key.equals("authphrase") || key.equals("authpass"))
{
//when lines are in multiplelines say <name>authphrase</name><value>vals</value>
multiline = true;
}
while (beginIndex != -1
&& (beginIndex = StringUtils.indexOfIgnoreCase(str, key,
beginIndex)) > 0) {
if(multiline){
beginIndex = StringUtils.indexOfIgnoreCase(str, "value", beginIndex);
}
beginIndex = StringUtils.indexOf(str, ">", beginIndex);
if (beginIndex != -1) {
char ch = str.charAt(beginIndex - 1);
if (ch == '/') {
emptyPass = true;
}
if (!emptyPass) {
lastIndex = StringUtils.indexOf(str, "<", beginIndex);
if (lastIndex != -1) {
String overlay = "*";
String str2 = StringUtils.substring(str,
beginIndex + 1, lastIndex);
if (str2 != null && str2.length() > 1) {
overlay = StringUtils.rightPad(overlay,
str2.length(), "*");
str = StringUtils.overlay(str, overlay,
beginIndex + 1, lastIndex);
}
}
}
if (emptyPass) {
emptyPass = false;
lastIndex = beginIndex + 1;
} else {
if (lastIndex != -1) {
lastIndex = StringUtils
.indexOf(str, ">", lastIndex);
}
}
}
beginIndex = lastIndex;
}
}
return str;
}
}
并在CXF配置文件中创建一个bean
<bean id="kpLog4Jsupresser" class="com.kp.swasthik.KPLogicSupresser" init-method="kpinit" ></bean>
只需在类路径中添加logback.xml文件和记录器级别信息,它将禁用CXF调试的所有输出 示例文件 文件名:logback.xml 位置:src/main/resources(在我的项目及其资源中,您可以将文件相应地放置在项目类路径中) 文件内容:
<contextListener class="ch.qos.logback.classic.jul.LevelChangePropagator">
<resetJUL>true</resetJUL>
</contextListener>
<!-- To enable JMX Management -->
<jmxConfigurator/>
<appender name="console" class="ch.qos.logback.core.ConsoleAppender">
<encoder>
<pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</pattern>
</encoder>
</appender>
<logger name="com.mycompany.subpackage" level="INFO"/>
<root level="INFO">
<appender-ref ref="console"/>
</root>
真的
%d{HH:mm:ss.SSS}[%thread]-5级别%logger{36}-%msg%n
您在SLF4J中使用了什么日志记录实现?Log4J?看起来您已经为CXF启用了调试日志记录,这就是输出消息的原因。我将查找Log4J.properties,
<bean id="kpLog4Jsupresser" class="com.kp.swasthik.KPLogicSupresser" init-method="kpinit" ></bean>
<contextListener class="ch.qos.logback.classic.jul.LevelChangePropagator">
<resetJUL>true</resetJUL>
</contextListener>
<!-- To enable JMX Management -->
<jmxConfigurator/>
<appender name="console" class="ch.qos.logback.core.ConsoleAppender">
<encoder>
<pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</pattern>
</encoder>
</appender>
<logger name="com.mycompany.subpackage" level="INFO"/>
<root level="INFO">
<appender-ref ref="console"/>
</root>