Regex 如何在requestBody日志中屏蔽用户名和密码_Regex_Spring Boot_Logging_Logback_Slf4j

Regex 如何在requestBody日志中屏蔽用户名和密码

regex spring-boot logging

Regex 如何在requestBody日志中屏蔽用户名和密码,regex,spring-boot,logging,logback,slf4j,Regex,Spring Boot,Logging,Logback,Slf4j,下面是我的请求体xml，我正在用这个请求进行rest调用。具有自定义LoggingInterceptor来记录请求和响应。我想在日志中屏蔽用户和密码目前我正在打印我的日志，如下所示： LoggingRequestInterceptor-请求uri=http://localhost:8080/，method=POST，requestBody= 下面是我的logback.xml <?xml version="1.0" encoding="UTF-8"?> <configurat

下面是我的请求体xml，我正在用这个请求进行rest调用。具有自定义LoggingInterceptor来记录请求和响应。我想在日志中屏蔽用户和密码

目前我正在打印我的日志，如下所示：

LoggingRequestInterceptor-请求uri=http://localhost:8080/，method=POST，requestBody=

下面是我的logback.xml

<?xml version="1.0" encoding="UTF-8"?>
<configuration scan="true" scanPeriod="30 seconds">

    <property name="logFile" value="logs/employee.log" />
    <property name="logFile-WS" value="logs/employee-ws.log" />


    <appender name="employee" class="ch.qos.logback.core.rolling.RollingFileAppender">
        <file>${logFile}</file>
        <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
            <fileNamePattern>${logFile}.%d{yyyy-MM-dd}.gz</fileNamePattern>
            <maxHistory>30</maxHistory>
        </rollingPolicy>
        <encoder>
            <pattern>%d [%thread] %-5level %logger{64} - %msg%n</pattern>
        </encoder>
    </appender>

    <appender name="mainAppender" class="ch.qos.logback.core.rolling.RollingFileAppender">
        <file>${logFile-WS}</file>
        <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
            <fileNamePattern>${logFile-WS}.%d{yyyy-MM-dd}.gz</fileNamePattern>
            <maxHistory>30</maxHistory>
        </rollingPolicy>
        <encoder>
            <pattern>%d [%thread] %-5level %logger{64} - %replace(%msg){'having masking logic for other property'}%n</pattern>
        </encoder>
    </appender>
    <appender name="stdout" class="ch.qos.logback.core.ConsoleAppender">
        <encoder>
            <pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</pattern>
        </encoder>
    </appender>
    <logger name="org.springframework.ws.client.MessageTracing" level="TRACE" additivity="false">
        <appender-ref ref="mainAppender" />
    </logger>

    <logger name="org.springframework.ws.server.MessageTracing" level="TRACE" additivity="false">
        <appender-ref ref="mainAppender" />
    </logger>

    <logger name="com.employee.LoggingRequestInterceptor" level="TRACE" additivity="false">
        <appender-ref ref="mainAppender" />
    </logger>


    <root level="${root-log-level:-INFO}">
        <appender-ref ref="stdout"/>
        <appender-ref ref="mainAppender"/>
    </root>
</configuration>


${logFile}
${logFile}.%d{yyyy-MM-dd}.gz
30
%d[%thread]-5级别%logger{64}-%msg%n
${logFile WS}
${logFile WS}.%d{yyyy-MM-dd}.gz
30
%d[%thread]-5级别%logger{64}-%replace（%msg）{'having masking logic for other property'}%n
%d{HH:mm:ss.SSS}[%thread]-5级别%logger{36}-%msg%n

请有人帮我解决这个问题。注意：我使用的是spring boot 2和slf4j记录器

在项目中添加

logbackspring.xml

在

值中自定义正则表达式，以匹配要屏蔽的内容

从上面的答案中添加

maskingpatterlayout

类（使用更新的类，开始的一个不起作用）

logbackspring.xml

我在logback.xml中添加了带有replace的模式。它屏蔽了用户和密码

<encoder>
            <pattern>%d [%thread] %-5level %logger{64} - %replace(  %replace(  %replace(%msg){'user="[^"]+"', 'user=*****'}  ){'Password="[^"]+"', 'Password=*****'}  ){'my another pattern', 'replacement'}%n</pattern>
</encoder>


%d[%thread]-5级%logger{64}-%replace（%replace（%replace（%msg）{'user=“[^”]+'，'user=****}{'Password=“[^”]+'，'Password=****}{'my other pattern'，'replacement}%n

我已经听了你的回答。但我的日志仍然没有被掩盖。此外，现在日志只打印在文件中。我想在控制台和文件中都记录它。我添加了有问题的logback xml，并更新为（？：User | Password）=“（[a-zA-Z0-9]+）%d[%thread]-5级%logger{35}-%msg%n是的，这是标准输出。我已经更新了，并且在将appender添加到LoggingRequestInterceptor之后，它不适用于meNo登录控制台或无掩码？这两种情况都没有发生

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
    <appender name="Console"
        class="ch.qos.logback.core.ConsoleAppender">
        <encoder
            class="ch.qos.logback.core.encoder.LayoutWrappingEncoder">
            <layout class="com.example.springboot.MaskingPatternLayout">
                <patternsProperty>(?:user|Password)="([a-zA-Z0-9]+)"
                </patternsProperty>
                <pattern>%d [%thread] %-5level %logger{35} - %msg%n</pattern>
            </layout>
        </encoder>
    </appender>

    <!-- LOG everything at INFO level -->
    <root level="info">
        <appender-ref ref="Console" />
    </root>
</configuration>

@RestController
public class HelloController {

    private static final Logger logger = LoggerFactory.getLogger(HelloController.class);

    @RequestMapping("/")
    public String index() {
        logger.info("<login><credentials user=\"user\" Password=\"pass\"/></login>");
        return "Greetings from Spring Boot!";
    }

}

2020-04-13 12:38:47,511 [http-nio-8080-exec-1] INFO c.e.springboot.HelloController  - <login><credentials user="****" Password="****"/></login>

<root level="${root-log-level:-INFO}">
    <appender-ref ref="console"/>
    <appender-ref ref="mainAppender"/>
</root>

<logger name="com.employee.LoggingRequestInterceptor"
    level="TRACE" additivity="false">
    <appender-ref ref="stdout" />
    <appender-ref ref="mainAppender" />
</logger>

<encoder>
            <pattern>%d [%thread] %-5level %logger{64} - %replace(  %replace(  %replace(%msg){'user="[^"]+"', 'user=*****'}  ){'Password="[^"]+"', 'Password=*****'}  ){'my another pattern', 'replacement'}%n</pattern>
</encoder>