Regex 如何在requestBody日志中屏蔽用户名和密码
下面是我的请求体xml,我正在用这个请求进行rest调用。具有自定义LoggingInterceptor来记录请求和响应。我想在日志中屏蔽用户和密码Regex 如何在requestBody日志中屏蔽用户名和密码,regex,spring-boot,logging,logback,slf4j,Regex,Spring Boot,Logging,Logback,Slf4j,下面是我的请求体xml,我正在用这个请求进行rest调用。具有自定义LoggingInterceptor来记录请求和响应。我想在日志中屏蔽用户和密码 目前我正在打印我的日志,如下所示: LoggingRequestInterceptor-请求uri=http://localhost:8080/,method=POST,requestBody= 下面是我的logback.xml <?xml version="1.0" encoding="UTF-8"?> <configurat
目前我正在打印我的日志,如下所示:
LoggingRequestInterceptor-请求uri=http://localhost:8080/,method=POST,requestBody=
下面是我的logback.xml
<?xml version="1.0" encoding="UTF-8"?>
<configuration scan="true" scanPeriod="30 seconds">
<property name="logFile" value="logs/employee.log" />
<property name="logFile-WS" value="logs/employee-ws.log" />
<appender name="employee" class="ch.qos.logback.core.rolling.RollingFileAppender">
<file>${logFile}</file>
<rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
<fileNamePattern>${logFile}.%d{yyyy-MM-dd}.gz</fileNamePattern>
<maxHistory>30</maxHistory>
</rollingPolicy>
<encoder>
<pattern>%d [%thread] %-5level %logger{64} - %msg%n</pattern>
</encoder>
</appender>
<appender name="mainAppender" class="ch.qos.logback.core.rolling.RollingFileAppender">
<file>${logFile-WS}</file>
<rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
<fileNamePattern>${logFile-WS}.%d{yyyy-MM-dd}.gz</fileNamePattern>
<maxHistory>30</maxHistory>
</rollingPolicy>
<encoder>
<pattern>%d [%thread] %-5level %logger{64} - %replace(%msg){'having masking logic for other property'}%n</pattern>
</encoder>
</appender>
<appender name="stdout" class="ch.qos.logback.core.ConsoleAppender">
<encoder>
<pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</pattern>
</encoder>
</appender>
<logger name="org.springframework.ws.client.MessageTracing" level="TRACE" additivity="false">
<appender-ref ref="mainAppender" />
</logger>
<logger name="org.springframework.ws.server.MessageTracing" level="TRACE" additivity="false">
<appender-ref ref="mainAppender" />
</logger>
<logger name="com.employee.LoggingRequestInterceptor" level="TRACE" additivity="false">
<appender-ref ref="mainAppender" />
</logger>
<root level="${root-log-level:-INFO}">
<appender-ref ref="stdout"/>
<appender-ref ref="mainAppender"/>
</root>
</configuration>
${logFile}
${logFile}.%d{yyyy-MM-dd}.gz
30
%d[%thread]-5级别%logger{64}-%msg%n
${logFile WS}
${logFile WS}.%d{yyyy-MM-dd}.gz
30
%d[%thread]-5级别%logger{64}-%replace(%msg){'having masking logic for other property'}%n
%d{HH:mm:ss.SSS}[%thread]-5级别%logger{36}-%msg%n
请有人帮我解决这个问题。注意:我使用的是spring boot 2和slf4j记录器
logbackspring.xml
李>
值中自定义正则表达式,以匹配要屏蔽的内容maskingpatterlayout
类(使用更新的类,开始的一个不起作用)我在logback.xml中添加了带有replace的模式。它屏蔽了用户和密码
<encoder>
<pattern>%d [%thread] %-5level %logger{64} - %replace( %replace( %replace(%msg){'user="[^"]+"', 'user=*****'} ){'Password="[^"]+"', 'Password=*****'} ){'my another pattern', 'replacement'}%n</pattern>
</encoder>
%d[%thread]-5级%logger{64}-%replace(%replace(%replace(%msg){'user=“[^”]+','user=****}{'Password=“[^”]+','Password=****}{'my other pattern','replacement}%n
我已经听了你的回答。但我的日志仍然没有被掩盖。此外,现在日志只打印在文件中。我想在控制台和文件中都记录它。我添加了有问题的logback xml,并更新为(?:User | Password)=“([a-zA-Z0-9]+)%d[%thread]-5级%logger{35}-%msg%n是的,这是标准输出。我已经更新了,并且在将appender添加到LoggingRequestInterceptor之后,它不适用于meNo登录控制台或无掩码?这两种情况都没有发生
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<appender name="Console"
class="ch.qos.logback.core.ConsoleAppender">
<encoder
class="ch.qos.logback.core.encoder.LayoutWrappingEncoder">
<layout class="com.example.springboot.MaskingPatternLayout">
<patternsProperty>(?:user|Password)="([a-zA-Z0-9]+)"
</patternsProperty>
<pattern>%d [%thread] %-5level %logger{35} - %msg%n</pattern>
</layout>
</encoder>
</appender>
<!-- LOG everything at INFO level -->
<root level="info">
<appender-ref ref="Console" />
</root>
</configuration>
@RestController
public class HelloController {
private static final Logger logger = LoggerFactory.getLogger(HelloController.class);
@RequestMapping("/")
public String index() {
logger.info("<login><credentials user=\"user\" Password=\"pass\"/></login>");
return "Greetings from Spring Boot!";
}
}
2020-04-13 12:38:47,511 [http-nio-8080-exec-1] INFO c.e.springboot.HelloController - <login><credentials user="****" Password="****"/></login>
<root level="${root-log-level:-INFO}">
<appender-ref ref="console"/>
<appender-ref ref="mainAppender"/>
</root>
<logger name="com.employee.LoggingRequestInterceptor"
level="TRACE" additivity="false">
<appender-ref ref="stdout" />
<appender-ref ref="mainAppender" />
</logger>
<encoder>
<pattern>%d [%thread] %-5level %logger{64} - %replace( %replace( %replace(%msg){'user="[^"]+"', 'user=*****'} ){'Password="[^"]+"', 'Password=*****'} ){'my another pattern', 'replacement'}%n</pattern>
</encoder>