由于项目中的我们日志存在某些敏感字段,需要进行脱敏,废话不多说直接上代码。

1.新建一个类 CustomPatternLayout继承AbstractStringLayout,并编写相应方法如下代码。

import org.apache.commons.collections.MapUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.logging.log4j.core.Layout;
import org.apache.logging.log4j.core.LogEvent;
import org.apache.logging.log4j.core.config.Node;
import org.apache.logging.log4j.core.config.plugins.Plugin;
import org.apache.logging.log4j.core.config.plugins.PluginAttribute;
import org.apache.logging.log4j.core.config.plugins.PluginFactory;
import org.apache.logging.log4j.core.layout.AbstractStringLayout;
import org.apache.logging.log4j.core.layout.PatternLayout;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import java.nio.charset.Charset;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
import java.util.Set;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import java.util.stream.Collectors;

/**
 * log4j2 脱敏插件
 * 继承AbstractStringLayout
 *
 **/
@Plugin(name = "CustomPatternLayout", category = Node.CATEGORY, elementType = Layout.ELEMENT_TYPE, printObject = true)
public class CustomPatternLayout extends AbstractStringLayout {


    public final static Logger logger = LoggerFactory.getLogger(CustomPatternLayout.class);
    private final PatternLayout patternLayout;


    protected CustomPatternLayout(Charset charset, String pattern) {
        super(charset);
        patternLayout = PatternLayout.newBuilder().withPattern(pattern).build();
        initRule();
    }

    /**
     * 要匹配的正则表达式map
     */
    private static final Map<String, Pattern> REG_PATTERN_MAP = new HashMap<>();
    private static final Map<String, String> KEY_REG_MAP = new HashMap<>();


    private void initRule() {
        try {
            if (MapUtils.isEmpty(Log4j2Rule.regularMap)) {
                return;
            }
            Log4j2Rule.regularMap.forEach((a, b) -> {
                if (StringUtils.isNotBlank(a)) {
                    Map<String, String> collect = Arrays.stream(a.split(",")).collect(Collectors.toMap(c -> c, w -> b, (key1, key2) -> key1));
                    KEY_REG_MAP.putAll(collect);
                }
                Pattern compile = Pattern.compile(b);
                REG_PATTERN_MAP.put(b, compile);
            });

        } catch (Exception e) {
            logger.info(">>>>>> 初始化日志脱敏规则失败 ERROR:{0}", e);
        }

    }

    /**
     * 处理日志信息,进行脱敏
     * 1.判断配置文件中是否已经配置需要脱敏字段
     * 2.判断内容是否有需要脱敏的敏感信息
     * 2.1 没有需要脱敏信息直接返回
     * 2.2 处理: 身份证 ,姓名,手机号,地址敏感信息
     */
    public String hideMarkLog(String logStr) {
        try {
            //1.判断配置文件中是否已经配置需要脱敏字段
            if (StringUtils.isBlank(logStr) || MapUtils.isEmpty(KEY_REG_MAP) || MapUtils.isEmpty(REG_PATTERN_MAP)) {
                return logStr;
            }
            //2.判断内容是否有需要脱敏的敏感信息
            Set<String> charKeys = KEY_REG_MAP.keySet();
            for (String key : charKeys) {
                if (logStr.contains(key)) {
                    String regExp = KEY_REG_MAP.get(key);
                    logStr = matchingAndEncrypt(logStr, regExp, key);
                }
            }
            return logStr;
        } catch (Exception e) {
            logger.info(">>>>>>>>> 脱敏处理异常 ERROR:{0}", e);
            //如果抛出异常为了不影响流程,直接返回原信息
            return logStr;
        }
    }

    /**
     * 正则匹配对应的对象。
     *
     * @param msg    日志对象
     * @param regExp 正则匹配
     * @param key    字段
     * @return 找到对应对象
     */
    private static String matchingAndEncrypt(String msg, String regExp, String key) {
        Pattern pattern = Pattern.compile(regExp);
        Matcher matcher = pattern.matcher(msg);
        int length = key.length() + 5;
        boolean names = Log4j2Rule.USER_NAME_STR.contains(key);
        boolean address = Log4j2Rule.USER_ADDRESS_STR.contains(key);
        boolean phones = Log4j2Rule.USER_PHONE_STR.contains(key);
        String hiddenStr = "";
        StringBuffer result = new StringBuffer(msg);
        int i=0;
        while (matcher.find()) {
            String originStr = matcher.group();
            // 计算关键词和需要脱敏词的距离小于5。
             i = msg.indexOf(originStr,i);
            if (i < 0) {
                continue;
            }
            int span = i - length;
            int startIndex = Math.max(span, 0);
            String substring = msg.substring(startIndex, i);
            if (StringUtils.isBlank(substring) || !substring.contains(key)) {
                i+=key.length();
                continue;
            }
            if (names) {
                hiddenStr = hideMarkStr(originStr,1);
            }else if(phones){
                hiddenStr = hideMarkStr(originStr,2);
            }else if(address){
                hiddenStr = hideMarkStr(originStr,3);
            }
            msg = result.replace(i,i+originStr.length(), hiddenStr).toString();
        }
        return msg;
    }

    /**
     * 标记敏感文字规则
     *
     * @param needHideMark 日志对象
     *  @param type 脱敏规则类型  1为姓名脱敏规则,2为姓名脱敏规则手机号,3为地址脱敏规则,
     * @return 返回过敏字段
     */
    private static String hideMarkStr(String needHideMark,int type) {
        if (StringUtils.isBlank(needHideMark)) {
            return "";
        }
        int startSize = 0, endSize = 0, mark = 0, length = needHideMark.length();

        StringBuffer hideRegBuffer = new StringBuffer("(\\S{");
        StringBuffer replaceSb = new StringBuffer("$1");
        if(type==1) {
            startSize = 1;
        } else if(type==2) {
            int i = length / 3;
            startSize = i;
            endSize = i+1;
        }else if (type==3) {
            startSize = 3;
        }
        mark = length - startSize - endSize;
        for (int i = 0; i < mark; i++) {
            replaceSb.append("*");
        }
        hideRegBuffer.append(startSize).append("})\\S*(\\S{").append(endSize).append("})");
        replaceSb.append("$2");
        needHideMark = needHideMark.replaceAll(hideRegBuffer.toString(), replaceSb.toString());
        return needHideMark;
    }


    /**
     * 创建插件
     */
    @PluginFactory
    public static Layout createLayout(@PluginAttribute(value = "pattern") final String pattern,
                                      @PluginAttribute(value = "charset") final Charset charset) {
        return new CustomPatternLayout(charset, pattern);
    }


    @Override
    public String toSerializable(LogEvent event) {
        return hideMarkLog(patternLayout.toSerializable(event));
    }

}

2.编写需要脱敏字段配置与匹配规则(自己根据需要自定义)

import java.util.HashMap;
import java.util.Map;

/**
 * 拦截脱敏的日志:
 * 1,身份证
 * 2,姓名
 * 3,身份证号 (目前暂时不脱敏)
 * 4、地址
 * 脱敏规则后续可以优化在配置文件中
 *
 **/
public class Log4j2Rule {

    /**
     * 正则匹配 关键词 类别
     */
    public static Map<String, String> regularMap = new HashMap<>();
    /**
     * TODO  可配置
     * 此项可以后期放在配置项中
     */
    public static final String USER_NAME_STR = "customerName,userName,user,paymentUserName,order_contacts_name";
    public static final String USER_ADDRESS_STR = "receiveAddress,address,order_address";
    //暂时不需要脱敏身份证
//    public static final String USER_IDCARD_STR = "empCard,idCard";
    public static final String USER_PHONE_STR = "mobile,phone,contactPhone,customerTelephone,customerLinkPhone,memberPhone,phoneNumber,mealPhone,order_contacts_phone,from,to";

    /**
     * 正则匹配,根据业务要求自定义
     */
//    private static final String IDCARD_REGEXP = "(\\d{17}[0-9Xx]|\\d{14}[0-9Xx])";
    private static final String USERNAME_REGEXP = "[\\u4e00-\\u9fa5_a-zA-Z0-9-]{2,50}";
    private static final String ADDRESS_REGEXP = "[\\u4e00-\\u9fa5_a-zA-Z0-9-]{3,200}";
    private static final String PHONE_REGEXP = "(?<!\\d)(?:(?:1[3456789]\\d{9})|(?:861[356789]\\d{9}))(?!\\d)";

    static {
        regularMap.put(USER_NAME_STR, USERNAME_REGEXP);
        regularMap.put(USER_ADDRESS_STR, ADDRESS_REGEXP);
//        regularMap.put(USER_IDCARD_STR, IDCARD_REGEXP);
        regularMap.put(USER_PHONE_STR, PHONE_REGEXP);
    }

}

3.将写好的CustomPatternLayout配置到log4j2.xml中并注释掉原来的PatternLayout

<?xml version="1.0" encoding="UTF-8"?>
<configuration status="debug">
	<properties>
		<property name="UCS_LOG_HOME">D:/data/ucs/logs</property>
	</properties>

	<appenders>
		<Console name="STDOUT">
			<ThresholdFilter level="debug" onMatch="ACCEPT"
				onMismatch="DENY" />
<!--			<PatternLayout-->
<!--				pattern="%d{yyyy-MM-dd HH:mm:ss.SSS} [%t] %l %-5level - %msg%n"-->
<!--				charset="UTF-8" />-->
			<CustomPatternLayout pattern="%d{yyyy-MM-dd HH:mm:ss.SSS} [%t] %l %-5level - %msg%n" charset="UTF-8" />
		</Console>

		<RollingRandomAccessFile name="FILE-DEBUG"
			fileName="${UCS_LOG_HOME}/ucs-debug.log"
			filePattern="${UCS_LOG_HOME}/logbak/ucs-debug.%d{yyyy-MM-dd}-%i.log">

			<Filters>
				<ThresholdFilter level="info" onMatch="DENY"
					onMismatch="NEUTRAL" />
				<ThresholdFilter level="debug" onMatch="ACCEPT"
					onMismatch="DENY" />
			</Filters>
<!--			<PatternLayout-->
<!--				pattern="%d{yyyy-MM-dd HH:mm:ss.SSS} [%t] %l %-5level - %msg%n"-->
<!--				charset="UTF-8" />-->
			<CustomPatternLayout pattern="%d{yyyy-MM-dd HH:mm:ss.SSS} [%t] %l %-5level - %msg%n" charset="UTF-8" />
			<Policies>
				<!-- 关键点在于 filePattern后的日期格式,日期格式精确到哪一位,interval也精确到哪一个单位 -->
				<TimeBasedTriggeringPolicy interval="1"
					modulate="true" />
				<SizeBasedTriggeringPolicy size="500MB" />
			</Policies>
			<!-- 如果不做配置,默认是7,这个7指的是上面i的最大值,超过了就会覆盖之前的 -->
			<DefaultRolloverStrategy max="100" />

		</RollingRandomAccessFile>

		<RollingRandomAccessFile name="FILE-INFO"
			fileName="${UCS_LOG_HOME}/ucs-info.log"
			filePattern="${UCS_LOG_HOME}/logbak/ucs-info.%d{yyyy-MM-dd}-%i.log">
			<Filters>
				<ThresholdFilter level="warn" onMatch="DENY"
					onMismatch="NEUTRAL" />
				<ThresholdFilter level="info" onMatch="ACCEPT"
					onMismatch="DENY" />
			</Filters>
<!--			<PatternLayout-->
<!--				pattern="%d{yyyy-MM-dd HH:mm:ss.SSS} [%t] %l %-5level - %msg%n"-->
<!--				charset="UTF-8" />-->
			<CustomPatternLayout pattern="%d{yyyy-MM-dd HH:mm:ss.SSS} [%t] %l %-5level - %msg%n" charset="UTF-8" />
			<Policies>
				<TimeBasedTriggeringPolicy interval="1"
					modulate="true" />
				<SizeBasedTriggeringPolicy size="500MB" />
			</Policies>
			<!-- 如果不做配置,默认是7,这个7指的是上面i的最大值,超过了就会覆盖之前的 -->
			<DefaultRolloverStrategy max="100" />


		</RollingRandomAccessFile>

		<RollingRandomAccessFile name="FILE-WARN"
			fileName="${UCS_LOG_HOME}/ucs-warn.log"
			filePattern="${UCS_LOG_HOME}/logbak/ucs-warn.%d{yyyy-MM-dd}-%i.log">
			<Filters>
				<ThresholdFilter level="error" onMatch="DENY"
					onMismatch="NEUTRAL" />
				<ThresholdFilter level="warn" onMatch="ACCEPT"
					onMismatch="DENY" />
			</Filters>

<!--			<PatternLayout-->
<!--				pattern="%d{yyyy-MM-dd HH:mm:ss.SSS} [%t] %l %-5level - %msg%n"-->
<!--				charset="UTF-8" />-->
			<CustomPatternLayout pattern="%d{yyyy-MM-dd HH:mm:ss.SSS} [%t] %l %-5level - %msg%n" charset="UTF-8" />
			<Policies>
				<TimeBasedTriggeringPolicy interval="1"
					modulate="true" />
				<SizeBasedTriggeringPolicy size="500MB" />
			</Policies>
			<!-- 如果不做配置,默认是7,这个7指的是上面i的最大值,超过了就会覆盖之前的 -->
			<DefaultRolloverStrategy max="100" />


		</RollingRandomAccessFile>

		<RollingRandomAccessFile name="FILE-ERROR"
			fileName="${UCS_LOG_HOME}/ucs-error.log"
			filePattern="${UCS_LOG_HOME}/logbak/ucs-error.%d{yyyy-MM-dd}-%i.log">

			<Filters>
				<ThresholdFilter level="fatal" onMatch="DENY"
					onMismatch="NEUTRAL" />
				<ThresholdFilter level="error" onMatch="ACCEPT"
					onMismatch="DENY" />
			</Filters>

<!--			<PatternLayout-->
<!--				pattern="%d{yyyy-MM-dd HH:mm:ss.SSS} [%t] %l %-5level - %msg%n"-->
<!--				charset="UTF-8" />-->
			<CustomPatternLayout pattern="%d{yyyy-MM-dd HH:mm:ss.SSS} [%t] %l %-5level - %msg%n" charset="UTF-8" />
			<Policies>
				<TimeBasedTriggeringPolicy interval="1"
					modulate="true" />
				<SizeBasedTriggeringPolicy size="500MB" />
			</Policies>
			<!-- 如果不做配置,默认是7,这个7指的是上面i的最大值,超过了就会覆盖之前的 -->
			<DefaultRolloverStrategy max="100" />


		</RollingRandomAccessFile>

		<RollingRandomAccessFile name="FILE-FATAL"
			fileName="${UCS_LOG_HOME}/ucs-fatal.log"
			filePattern="${UCS_LOG_HOME}/logbak/ucs-fatal.%d{yyyy-MM-dd}-%i.log">
			<ThresholdFilter level="fatal" onMatch="ACCEPT"
				onMismatch="DENY" />
<!--			<PatternLayout-->
<!--				pattern="%d{yyyy-MM-dd HH:mm:ss.SSS} [%t] %l %-5level - %msg%n"-->
<!--				charset="UTF-8" />-->
			<CustomPatternLayout pattern="%d{yyyy-MM-dd HH:mm:ss.SSS} [%t] %l %-5level - %msg%n" charset="UTF-8" />
			<Policies>
				<TimeBasedTriggeringPolicy interval="1"
					modulate="true" />
				<SizeBasedTriggeringPolicy size="500MB" />
			</Policies>
			<!-- 如果不做配置,默认是7,这个7指的是上面i的最大值,超过了就会覆盖之前的 -->
			<DefaultRolloverStrategy max="100" />


		</RollingRandomAccessFile>
	</appenders>
	<loggers>
		<AsyncLogger name="springfox" level="off"></AsyncLogger>

	<!--  使用异步Logger方式输出日志
		<AsyncLogger name="com.roadway.DebugUtils"
			additivity="FALSE" level="INFO">
			<appender-ref ref="FILE-DEBUG" />
		</AsyncLogger> 
	-->

		<Root level="DEBUG" includeLocation="true">
			<AppenderRef ref="FILE-DEBUG" />
			<AppenderRef ref="FILE-INFO" />
			<AppenderRef ref="FILE-WARN" />
			<AppenderRef ref="FILE-ERROR" />
			<AppenderRef ref="FILE-FATAL" />
			<AppenderRef ref="STDOUT" />
		</Root>
	</loggers>
</configuration>

4.测试

JAVA log日志脱敏打印 log4j配置日志脱敏_JAVA log日志脱敏打印