最近在搭建springCloud项目,正好这个废了我点时间,也就记录下来,防止下次使用,也为了方便别人
首先是pom.xml配置:
删除springBoot自己的logback,导入log4j2
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
<exclusions>
<exclusion>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-logging</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-log4j2</artifactId>
</dependency>
然后创建咱们的log4j2.xml配置文件:
<?xml version="1.0" encoding="UTF-8"?>
<!-- 根节点Configuration有两个属性:status和monitorinterval,有两个子节点:Appenders和Loggers(表明可以定义多个Appender和Logger) -->
<!-- status:这个用于设置log4j2自身内部的信息输出,可以不设置,当设置成trace时,会看到log4j2内部各种详细输出-->
<!-- monitorInterval:用于指定log4j自动重新配置的监测间隔时间,单位是s,最小是5s;Log4j能够自动检测修改配置 文件和重新配置本身,设置间隔秒数-->
<Configuration status="info">
<Appenders>
<!-- SYSTEM_OUT是输出到统一的输出流,没有指定日志文件 -->
<Console name="Console" target="SYSTEM_OUT">
<PatternLayout pattern="[%d{yyyy-MM-dd HH:mm:ss.SSS}]%p[%t]%c{1}|%m%n" />
</Console>
<!-- RollingFile节点用来定义超过指定大小自动删除旧的创建新的的Appender. name:指定Appender的名字. fileName:指定输出日志的目的文件带全路径的文件名. filePattern:指定新建日志文件的名称格式. -->
<!-- 详细日志 -->
<RollingRandomAccessFile name="DetailRollingFile" fileName="log/consumer/consumer_detail.log" filePattern="log/consumer/consumer_detail.log.%d{yyyyMMddHH}" immediateFlush="true">
<!--控制台只输出level及以上级别的信息(onMatch),其他的直接拒绝(onMismatch)-->
<ThresholdFilter level="INFO" onMatch="ACCEPT" onMismatch="DENY"/>
<!-- PatternLayout:输出格式,不设置默认为:%m%n. -->
<Log4jEncodeLayout pattern="[%d{yyyy-MM-dd HH:mm:ss.SSS}]%p[%t]%c{1}|%m%n" charset="UTF-8"/>
<!-- Policies:指定滚动日志的策略. -->
<Policies>
<!-- TimeBasedTriggeringPolicy:Policies子节点,基于时间的滚动策略,interval属性用来指定多久滚动一次,默认是1 hour。modulate=true用来调整时间:比如现在是早上3am,interval是4,那么第一次滚动是在4am,接着是8am,12am...而不是7am. -->
<TimeBasedTriggeringPolicy interval="1"/>
</Policies>
</RollingRandomAccessFile>
<!-- 简要日志 -->
<RollingRandomAccessFile name="MpspRollingFile" fileName="log/consumer/consumer_mpsp.log" filePattern="log/consumer/consumer_mpsp.log.%d{yyyyMMddHH}">
<ThresholdFilter level="INFO" onMatch="ACCEPT" onMismatch="DENY"/>
<PatternLayout pattern="[%d{yyyy-MM-dd HH:mm:ss.SSS}]%m%n"/>
<Policies>
<TimeBasedTriggeringPolicy interval="1"/>
</Policies>
<!-- DefaultRolloverStrategy属性如不设置,则默认为最多同一文件夹下7个文件,用来指定同一个文件夹下最多有几个日志文件时开始删除最旧的,创建新的(通过max属性) -->
<!--<DefaultRolloverStrategy max="200"/>-->
</RollingRandomAccessFile>
<!-- 性能监控日志 -->
<RollingRandomAccessFile name="ssRollingLog" fileName="log/consumer/ss.log" filePattern="log/consumer/ss.log.%d{yyyyMMddHH}">
<ThresholdFilter level="INFO" onMatch="ACCEPT" onMismatch="DENY"/>
<PatternLayout pattern="[%d{yyyy-MM-dd HH:mm:ss.SSS}]%m%n"/>
<Policies>
<TimeBasedTriggeringPolicy interval="1"/>
</Policies>
</RollingRandomAccessFile>
<!-- 关键日志 -->
<RollingRandomAccessFile name="mpspRollingLog" fileName="log/consumer/mpsp.log" filePattern="log/consumer/mpsp.log.%d{yyyyMMddHH}">
<ThresholdFilter level="INFO" onMatch="ACCEPT" onMismatch="DENY"/>
<PatternLayout pattern="[%d{yyyy-MM-dd HH:mm:ss.SSS}]%m%n"/>
<Policies>
<TimeBasedTriggeringPolicy interval="1"/>
</Policies>
</RollingRandomAccessFile>
</Appenders>
<!--定义logger,只有定义了logger并引入的appender,appender才会生效-->
<Loggers>
<!-- additivity的值如果为false的话,就不会在控制台上输出或者为该Logger再增加一个输出源Consloe -->
<Logger name="payGateMpspLog" level="INFO" additivity="false">
<AppenderRef ref="MpspRollingFile" />
</Logger>
<Logger name="mpspLog" level="INFO" additivity="false">
<AppenderRef ref="mpspRollingLog" />
</Logger>
<Logger name="ssLog" level="INFO" additivity="false">
<AppenderRef ref="ssRollingLog" />
</Logger>
<Logger name="payGateBusiLog" level="INFO" additivity="false">
<AppenderRef ref="DetailRollingFile" />
</Logger>
<Logger name="com" level="INFO" additivity="false">
<AppenderRef ref="DetailRollingFile" />
</Logger>
<Logger name="com" level="INFO" additivity="false">
<AppenderRef ref="DetailRollingFile" />
</Logger>
<Root level="info">
<AppenderRef ref="Console" />
</Root>
</Loggers>
</Configuration>
这里要注意!!!
由于我的是要实现日志脱敏的,所以,详细日志的打印格式,我是自己定义的,并不是 PatternLayout
如果只想要实现集成,则需要改正。
接下来是实现日志脱敏,说白了,就是匹配正则表达式,将value值更换为********
这里是实现类代码:
package com.umpay.utils;
import java.nio.charset.Charset;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import com.umpay.utils.StringUtils;
import org.apache.logging.log4j.core.Layout;
import org.apache.logging.log4j.core.LogEvent;
import org.apache.logging.log4j.core.config.Node;
import org.apache.logging.log4j.core.config.plugins.Plugin;
import org.apache.logging.log4j.core.config.plugins.PluginAttribute;
import org.apache.logging.log4j.core.config.plugins.PluginFactory;
import org.apache.logging.log4j.core.layout.AbstractStringLayout;
import org.apache.logging.log4j.core.layout.PatternLayout;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
/**
* log4j1.x重写log4j的PatternLayout,实现日志信息中敏感信息的编码或加密
* log4j2.x重写log4j的AbstractStringLayout,实现日志信息中敏感信息的编码或加密
*/
@Plugin(name = "Log4jEncodeLayout", category = Node.CATEGORY, elementType = Layout.ELEMENT_TYPE, printObject = true)
public class Log4jEncodeLayout extends AbstractStringLayout {
private PatternLayout patternLayout;
protected Log4jEncodeLayout(Charset charset, String pattern) {
super(charset);
patternLayout = PatternLayout.newBuilder().withPattern(pattern).build();
init();
}
private static final Logger log = LoggerFactory.getLogger(Log4jEncodeLayout.class);
/** 要匹配的正则表达式(身份证/银行卡) */
private Pattern patternChar;
/** 要匹配的正则表达式(姓名) */
private Pattern namepatternChar;
private Pattern cvvpatternChar;
private int keys_length_char;// 要匹配关键字的数目
private int keys_cvv_length_char;// 要匹配关键字的数目
private String[] charKeys;
private String[] cvvcharKeys;
private void init() {
// String str_char_keys = YamlConfigurerUtil.getStrYmlVal("umfWeChatCore.logLayout", "");
String str_char_keys = StringUtils.trim(YmlUtils.getCommonYml("umfWeChatCore.logLayout"));
StringBuffer charSbf = new StringBuffer();
StringBuffer cvvSbf = new StringBuffer();
String cvv_char_keys = "";
if (StringUtils.isEmpty(str_char_keys)) {// 没有配置log4j.char.keys,不需要替换*
return;
}
// 2、区分脱敏字段配置规则
// 把带[]的脱敏字段放入到cvvSbf中,其他脱敏字段放入到charSbf中
String[] charKeysStrs = str_char_keys.split(",");// 读取配置中要加密的key
for (int i = 0; i < charKeysStrs.length; i++) {
if (isOptional(charKeysStrs[i])) {
// 带[]的脱敏字段
cvvSbf.append(charKeysStrs[i].substring(1, charKeysStrs[i].length() - 1) + ",");
} else {
charSbf.append(charKeysStrs[i] + ",");
}
}
str_char_keys = charSbf.toString();
cvv_char_keys = cvvSbf.toString();
// 去掉拼转好的字符串最后一个逗号“,”
if (StringUtils.isNotEmpty(str_char_keys) && str_char_keys.length() > 0) {
str_char_keys = str_char_keys.substring(0, str_char_keys.length() - 1);
}
if (StringUtils.isNotEmpty(cvv_char_keys) && cvv_char_keys.length() > 0) {
cvv_char_keys = cvv_char_keys.substring(0, cvv_char_keys.length() - 1);
}
// 3、组织需要脱敏字段的正则表达式
if (str_char_keys.length() > 0) {
charKeys = str_char_keys.split(",");// 读取配置中要加密的key
StringBuffer sbRegChar = new StringBuffer();
sbRegChar.append("(");
for (int i = 0; i < charKeys.length; i++) {
sbRegChar.append("(");
sbRegChar.append(charKeys[i]);
sbRegChar.append(")");
if (i < charKeys.length - 1) {
sbRegChar.append("|");
}
}
StringBuffer namesbRegChar = new StringBuffer(sbRegChar);
namesbRegChar.append(")(=|:|:|>)([\u4E00-\u9FA5\u00B7]{1,16})(;|,|\\||\\}|]|$|&|<)");
// 由于(\\s*\\w+={0,2}) key:value 中value中结尾包括==(base64导致,所以修改该写法)
sbRegChar.append(")(=|:|:|>)(\\s*\\w+={0,2})(;|,|\\||\\}|]|$|&|<)");
namepatternChar = Pattern.compile(namesbRegChar.toString());// 编译正则表达式
patternChar = Pattern.compile(sbRegChar.toString());// 编译正则表达式
keys_length_char = charKeys.length;
}
if (cvv_char_keys.length() > 0) {
cvvcharKeys = cvv_char_keys.split(",");// 读取配置中要加密的key
StringBuffer cvvRegChar = new StringBuffer();
cvvRegChar.append("(");
for (int i = 0; i < cvvcharKeys.length; i++) {
cvvRegChar.append("(");
cvvRegChar.append(cvvcharKeys[i]);
cvvRegChar.append(")");
if (i < cvvcharKeys.length - 1) {
cvvRegChar.append("|");
}
}
cvvRegChar.append(")(=|:|:|>)(.*?)(;|,|\\||\\}|]|$|&|<)");
cvvpatternChar = Pattern.compile(cvvRegChar.toString());// 编译正则表达式
keys_cvv_length_char = cvvcharKeys.length;
}
}
public static void main(String[] args) {
Log4jEncodeLayout log = new Log4jEncodeLayout(null, "");
}
/**
* 对银行卡以及身份证号脱敏处理 1.判断配置文件中是否已经配置需要脱敏字段 2.判断敏感信息内容是否需要处理 2.1 处理银行卡和身份证敏感信息
* 2.2 处理用户姓名敏感信息 2.3 处理需要不展示字段(例如:cvv=123展示为cvv=)
*
* @param @param msg
* @param @return
* @return String
* @throws
*/
private String dimChar(String msg) {
try {
// 1.判断配置文件中是否已经配置需要脱敏字段
if (keys_length_char <= 0 && keys_cvv_length_char <= 0) {
return msg;
}
boolean nameFlag = false;
Matcher match = null;
StringBuffer sbMsg = new StringBuffer();
if (patternChar != null) {
match = patternChar.matcher(msg);
// 处理要打印的日志信息
// 2.判断敏感信息内容是否需要处理
while (match.find()) {
// 2.1 处理银行卡和身份证敏感信息
nameFlag = true;
// group(1)匹配key,group(keys_length+2)匹配(=|:|:),group(keys_length+3)匹配value,group(keys_length+4)匹配(;|,|\\||]|\\)|$)
match.appendReplacement(sbMsg, match.group(1)
+ match.group(keys_length_char + 2)
+ replaceChar(match.group(keys_length_char + 3))
+ match.group(keys_length_char + 4));
}
match.appendTail(sbMsg);// 增加最后一个匹配项后面的值
}
if (namepatternChar != null) {
// 2.2 处理用户姓名敏感信息
if (nameFlag) {
match = namepatternChar.matcher(sbMsg);
} else {
match = namepatternChar.matcher(msg);
}
sbMsg = new StringBuffer();
while (match.find()) {
nameFlag = true;
// group(1)匹配key,group(keys_length+2)匹配(=|:|:),group(keys_length+3)匹配value,group(keys_length+4)匹配(;|,|\\||]|\\)|$)
match.appendReplacement(sbMsg,
match.group(1)
+ match.group(keys_length_char + 2)
+ replaceNameChar(match.group(keys_length_char + 3))
+ match.group(keys_length_char + 4));
}
match.appendTail(sbMsg);// 增加最后一个匹配项后面的值
}
if (cvvpatternChar != null) {
if (nameFlag) {
match = cvvpatternChar.matcher(sbMsg);
} else {
match = cvvpatternChar.matcher(msg);
}
sbMsg = new StringBuffer();
// 2.3 处理需要不展示字段(例如:cvv=123展示为cvv=)
while (match.find()) {
// group(1)匹配key,group(keys_length+2)匹配(=|:|:),group(keys_length+3)匹配value,group(keys_length+4)匹配(;|,|\\||]|\\)|$)
match.appendReplacement(
sbMsg,
match.group(1)
+ match.group(keys_cvv_length_char + 2)
+ replaceCvvChar(match.group(keys_cvv_length_char + 3))
+ match.group(keys_cvv_length_char + 4));
}
match.appendTail(sbMsg);// 增加最后一个匹配项后面的值
}
return sbMsg.toString();
} catch (Exception e) {
// 如果跑出异常为了不影响流程,直接返回原信息
log.error(e.getMessage(), e);
}
return msg;
}
private boolean isOptional(String key) {
return key.startsWith("[") && key.endsWith("]");
}
/**
* 日志关键字用* 替换 规则: value <= 6 替换为****** 6 > value <= 12 后四位保留,其他为* value > 12
* 前6位保留 中间* 后4位保留
*
* @param value
* @return
*/
private static String replaceChar(String value) {
if (StringUtils.isEmpty(value)) {
return "";
}
if (value.length() <= 6) { // value <= 6 替换为******
return lStr("", '*', value.length());
} else if (value.length() > 6 && value.length() <= 12) { // 后四位保留,其他为*
int valLen = value.length();
String replaceHeadStr = value.substring(value.length() - 4);
return replaceHeadStr = lStr(replaceHeadStr, '*', valLen);
} else if (value.length() > 12) { // 前6位保留 中间* 后4位保留
String replaceHeadStr = value.substring(0, 6);
String replaceTailStr = value.substring(value.length() - 4);
String dimStr = lStr("", '*', value.length() - 10);
return replaceHeadStr + dimStr + replaceTailStr;
} else {
return value;
}
}
/**
* 日志姓名关键字替换 保留第一个汉字,后边用*号表示(例如:张三--》张*)
*
* @param @param value
* @param @return
* @return String
* @throws
*/
private static String replaceNameChar(String value) {
if (StringUtils.isEmpty(value)) {
return "";
}
String replaceHeadStr = value.substring(0, 1);
return replaceHeadStr + lStr("", '*', value.length() - 1);
}
/**
* 日志cvv关键字替换 直接输出空(例如:1608--》)
*
* @param @param value
* @param @return
* @return String
* @throws
*/
private static String replaceCvvChar(String value) {
return "";
}
/*
* 左补长char
*/
public static String lStr(String s, char ch, int width) {
if (s.length() < width) { // 需要前面补'0'
while (s.length() < width)
s = ch + s;
} else { // 需要将高位丢弃
s = s.substring(s.length() - width, s.length());
}
return s;
}
@Override
public String toSerializable(LogEvent event) {
String message = patternLayout.toSerializable(event);
return dimChar(message);
}
@PluginFactory
public static Layout createLayout(
@PluginAttribute(value = "pattern") final String pattern,
// LOG4J2-783 use platform default by default, so do not specify
// defaultString for charset
@PluginAttribute(value = "charset") final Charset charset) {
return new Log4jEncodeLayout(charset, pattern);
}
}
这个类,也就是我上面说过的,那个自定义的,至此,实现完成,但是还差个问题就是如何获取配置项的值。
package com.umpay.utils;
import org.springframework.beans.factory.config.YamlPropertiesFactoryBean;
import org.springframework.core.io.ClassPathResource;
import org.springframework.core.io.Resource;
import java.util.Properties;
/**
* 读取配置文件地址
*/
public class YmlUtils {
private static String PROPERTY_NAME = "application.yml";
public static Object getCommonYml(Object key){
Resource resource = new ClassPathResource(PROPERTY_NAME);
Properties properties = null;
try {
YamlPropertiesFactoryBean yamlFactory = new YamlPropertiesFactoryBean();
yamlFactory.setResources(resource);
properties = yamlFactory.getObject();
} catch (Exception e) {
e.printStackTrace();
return null;
}
return properties.get(key);
}
}
如果还有哪里写的不对,也有请大佬们批评指正。