Spring Boot REST 应用程序在这里。我正在尝试配置 Spring Boot 请求审核,以记录任何资源/控制器接收到的每个 HTTP 请求,其中包含以下信息:
- 我需要在日志中查看客户端请求的确切 HTTP URL(路径),包括 HTTP 方法和任何查询字符串参数;和
- 如果有请求正文(例如带有 POST 或 PUT),我还需要在日志中查看该正文的内容
到目前为止我最好的尝试:
@Component
public class MyAppAuditor {
private Logger logger;
@EventListener
public void handleAuditEvent(AuditApplicationEvent auditApplicationEvent) {
logger.info(auditApplicationEvent.auditEvent);
}
}
public class AuditingTraceRepository implements TraceRepository {
@Autowired
private ApplicationEventPublisher applicationEventPublisher
@Override
List<Trace> findAll() {
throw new UnsupportedOperationException("We don't expose trace information via /trace!");
}
@Override
void add(Map<String, Object> traceInfo) {
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
AuditEvent traceRequestEvent = new AuditEvent(new Date(), "SomeUser", 'http.request.trace', traceInfo);
AuditApplicationEvent traceRequestAppEvent = new AuditApplicationEvent(traceRequestEvent);
applicationEventPublisher.publishEvent(traceRequestAppEvent);
}
}
但是在运行时,如果我使用以下 curl 命令:
curl -i -H "Content-Type: application/json" -X GET 'http://localhost:9200/v1/data/profiles?continent=NA&country=US&isMale=0&height=1.5&dob=range('1980-01-01','1990-01-01')'
然后我只看到以下日志消息(MyAppAuditor
发送审计事件):
{ "timestamp" : "14:09:50.516", "thread" : "qtp1293252487-17", "level" : "INFO", "logger" : "com.myapp.ws.shared.auditing.MyAppAuditor", "message" : {"timestamp":"2018-06-29T18:09:50+0000","principal":"SomeUser","type":"http.request.trace","data":{"method":"GET","path":"/v1/data/profiles","headers":{"request":{"User-Agent":"curl/7.54.0","Host":"localhost:9200","Accept":"*/*","Content-Type":"application/json"},"response":{"X-Frame-Options":"DENY","Cache-Control":"no-cache, no-store, max-age=0, must-revalidate","X-Content-Type-Options":"nosniff","Pragma":"no-cache","Expires":"0","X-XSS-Protection":"1; mode=block","X-Application-Context":"application:9200","Date":"Fri, 29 Jun 2018 18:09:50 GMT","Content-Type":"application/json;charset=utf-8","status":"200"}},"timeTaken":"89"}} }
如您所见,审计员正在获取基本路径 ( /v1/data/profiles
),但没有记录任何查询字符串参数。当我点击需要请求正文 (JSON) 的 POST 或 PUT 端点时,我也看到类似的请求正文信息缺失。
我需要做什么来配置这些类(或其他 Spring 类/配置),以便获得我正在寻找的请求审计级别?