统计管理-审计日志
最近项目中要引入审计日志模块,第一次看到审计日志就是在3.0的监控中心,当时以为是和数据质量绑定的什么新功能呢,后来发现其实就是操作日志(没感觉到有啥区别,就是审计这个字眼感觉好像更严谨似的),记录一下当前用户什么时间进行了增删改查操作,假如环境突然出问题了,可以通过操作日志查看,是不是有人删了数据。
🐬3.0 审计日志代码
🐠现状
3.0的审计日志并没有效果,去官网看了下,有人提出这个问题审计日志不生效issues,估计下个版本应该能修复这个功能,目前最新的3.1.0也是没修复的,或者说是没开发完的吧。我发现2.0就有审计日志相关代码了,到了3.0页面也有了,表也有了,但是结果还是没有,看表结构和代码,是没开发完。
- 3.0增加的日志表结果如下(看来确实是还没开发完):
- 一般存放审计日志的表,主要存储调用的方法类型和请求响应参数,比如开源用户权限系统,若依的操作日志表:
- 审计日志都打印出来了,但是没入库
- 项目列表查询日志
[INFO] 2022-10-25 03:49:15.127 +0000 org.apache.dolphinscheduler.api.aspect.AccessLogAspect:[90] - REQUEST TRACE_ID:1844461f-cba9-42cf-9281-0751d6634edb, LOGIN_USER:renxiaozhao, URI:/dolphinscheduler/projects, METHOD:GET, HANDLER:org.apache.dolphinscheduler.api.controller.ProjectController.queryProjectListPaging, ARGS:{searchVal=, pageNo=1, pageSize=10}
🐠微微动
加了一行代码,登记日志表,纯粹为了满足强迫症,真实代码的话,还有不少要做的事情:
-
查询方法感觉没必要记录,这个不配置注解
@AccessLogAnnotation就行
-
方法增删改查,这个也没办法解析,查询一般通过get请求方式,但不是所有get都是查询,可以增加方法类型参数,通过注解传进来
-
其它好像也没啥了,增加一些存储请求响应的字段,现有代码都解析好了
-
源码
/*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.dolphinscheduler.api.aspect;
import org.apache.dolphinscheduler.api.audit.AuditMessage;
import org.apache.dolphinscheduler.api.audit.AuditSubscriberImpl;
import org.apache.dolphinscheduler.common.Constants;
import org.apache.dolphinscheduler.common.enums.AuditOperationType;
import org.apache.dolphinscheduler.common.enums.AuditResourceType;
import org.apache.dolphinscheduler.dao.entity.AuditLog;
import org.apache.dolphinscheduler.dao.entity.User;
import org.apache.dolphinscheduler.service.bean.SpringApplicationContext;
import org.apache.dolphinscheduler.spi.utils.StringUtils;
import java.lang.reflect.Method;
import java.util.*;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import java.util.stream.Collectors;
import java.util.stream.IntStream;
import javax.servlet.http.HttpServletRequest;
import org.aspectj.lang.ProceedingJoinPoint;
import org.aspectj.lang.annotation.Around;
import org.aspectj.lang.annotation.Aspect;
import org.aspectj.lang.annotation.Pointcut;
import org.aspectj.lang.reflect.MethodSignature;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.stereotype.Component;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;
@Aspect
@Component
public class AccessLogAspect {
private static final Logger logger = LoggerFactory.getLogger(AccessLogAspect.class);
private static final String TRACE_ID = "traceId";
public static final String sensitiveDataRegEx = "(password=[\'\"]+)(\\S+)([\'\"]+)";
private static final Pattern sensitiveDataPattern = Pattern.compile(sensitiveDataRegEx, Pattern.CASE_INSENSITIVE);
@Pointcut("@annotation(org.apache.dolphinscheduler.api.aspect.AccessLogAnnotation)")
public void logPointCut(){
// Do nothing because of it's a pointcut
}
@Around("logPointCut()")
public Object doAround(ProceedingJoinPoint proceedingJoinPoint) throws Throwable {
long startTime = System.currentTimeMillis();
// fetch AccessLogAnnotation
MethodSignature sign = (MethodSignature) proceedingJoinPoint.getSignature();
Method method = sign.getMethod();
AccessLogAnnotation annotation = method.getAnnotation(AccessLogAnnotation.class);
String traceId = UUID.randomUUID().toString();
// log request
//if (!annotation.ignoreRequest()) {
ServletRequestAttributes attributes = (ServletRequestAttributes) RequestContextHolder.getRequestAttributes();
if (attributes != null) {
HttpServletRequest request = attributes.getRequest();
String traceIdFromHeader = request.getHeader(TRACE_ID);
if (!StringUtils.isEmpty(traceIdFromHeader)) {
traceId = traceIdFromHeader;
}
// handle login info
String userName = parseLoginInfo(request);
// handle args
String argsString = parseArgs(proceedingJoinPoint, annotation);
// handle sensitive data in the string
argsString = handleSensitiveData(argsString);
logger.info("REQUEST TRACE_ID:{}, LOGIN_USER:{}, URI:{}, METHOD:{}, HANDLER:{}, ARGS:{}",
traceId,
userName,
request.getRequestURI(),
request.getMethod(),
proceedingJoinPoint.getSignature().getDeclaringTypeName() + "." + proceedingJoinPoint.getSignature().getName(),
argsString);
}
//}
Object ob = proceedingJoinPoint.proceed();
// log response
if (!annotation.ignoreResponse()) {
logger.info("RESPONSE TRACE_ID:{}, BODY:{}, REQUEST DURATION:{} milliseconds", traceId, ob, (System.currentTimeMillis() - startTime));
}
User loginUser = (User) (attributes.getRequest().getAttribute(Constants.SESSION_USER));
if (loginUser != null) {
SpringApplicationContext.getBean(AuditSubscriberImpl.class).execute(new AuditMessage(loginUser, new Date(), AuditResourceType.USER_MODULE, AuditOperationType.CREATE, 1));
}
return ob;
}
private String parseArgs(ProceedingJoinPoint proceedingJoinPoint, AccessLogAnnotation annotation) {
Object[] args = proceedingJoinPoint.getArgs();
String argsString = Arrays.toString(args);
if (annotation.ignoreRequestArgs().length > 0) {
String[] parameterNames = ((MethodSignature) proceedingJoinPoint.getSignature()).getParameterNames();
if (parameterNames.length > 0) {
Set<String> ignoreSet = Arrays.stream(annotation.ignoreRequestArgs()).collect(Collectors.toSet());
HashMap<String, Object> argsMap = new HashMap<>();
for (int i = 0; i < parameterNames.length; i++) {
if (!ignoreSet.contains(parameterNames[i])) {
argsMap.put(parameterNames[i], args[i]);
}
}
argsString = argsMap.toString();
}
}
return argsString;
}
protected String handleSensitiveData(String originalData) {
Matcher matcher = sensitiveDataPattern.matcher(originalData.toLowerCase());
IntStream stream = IntStream.builder().build();
boolean exists = false;
while (matcher.find()) {
if (matcher.groupCount() == 3) {
stream = IntStream.concat(stream, IntStream.range(matcher.end(1),matcher.end(2)));
exists = true;
}
}
if (exists) {
char[] chars = originalData.toCharArray();
stream.forEach(idx -> {
chars[idx] = '*';
});
return new String(chars);
}
return originalData;
}
private String parseLoginInfo(HttpServletRequest request) {
String userName = "NOT LOGIN";
User loginUser = (User) (request.getAttribute(Constants.SESSION_USER));
if (loginUser != null) {
userName = loginUser.getUserName();
}
return userName;
}
}
扫一扫
1818
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
