1 Introduction
- Audit diary is to record user's operation record
- Realize custom audit log annotation based on AOP dynamic proxy, and support Spel expression analysis
2- realize
2-1 Log storage entity class
@Data
@Builder
@ToString
public class AuditingLog {
private String userId; // 用户id
private String userNickname; //用户昵称
private String operationInfo; //操作信息
private String interfaceName; // 调用的接口方法名
private String applicationName; // 调用的服务名
private LocalDateTime createTime; //操作时间
}
2-2 Custom audit log annotation
@Documented
@Retention(RetentionPolicy.RUNTIME)
@Target({
ElementType.TYPE, ElementType.METHOD})
public @interface AuditLog {
String logInfo(); //日志信息
}
2-3 AOP aspect of log annotation
@Aspect
@Component
public class AuditLogAOP {
@Value("${spring.application.name}")
private String applicationName; //从配置文件获得服务名
// spel表达式解析器
private SpelExpressionParser spelExpressionParser = new SpelExpressionParser();
// 参数名发现器
private DefaultParameterNameDiscoverer parameterNameDiscoverer = new DefaultParameterNameDiscoverer();
@Before(value = "@annotation(enableAuditLog) || @within(enableAuditLog)")
public void getAutiLogInfo(JoinPoint joinPoint, AuditLog enableAuditLog){
MethodSignature signature = (MethodSignature) joinPoint.getSignature();
if (enableAuditLog == null) {
enableAuditLog = signature.getMethod().getAnnotation(AuditLog.class);
}
// 构建日志存储对象
AuditingLog auditlog = AuditingLog.builder().applicationName(applicationName).createTime(LocalDateTime.now()).build();
auditlog.setUserId(xxx); // 从上下文获取当前操作的用户信息
auditlog.setUserNickname(xx);
// 设置操作的接口方法名
auditlog.setInterfaceName(signature.getDeclaringTypeName()+"."+signature.getName());
// 获得日志注解上自定义的日志信息
String logInfo = enableAuditLog.logInfo();
// Spel表达式解析日志信息
// 获得方法参数名数组
String[] parameterNames = parameterNameDiscoverer.getParameterNames(signature.getMethod());
if (parameterNames != null && parameterNames.length > 0){
EvaluationContext context = new StandardEvaluationContext();
//获取方法参数值
Object[] args = joinPoint.getArgs();
for (int i = 0; i < args.length; i++) {
context.setVariable(parameterNames[i],args[i]); // 替换spel里的变量值为实际值, 比如 #user --> user对象
}
// 解析出实际的日志信息
String opeationInfo = spelExpressionParser.parseExpression(logInfo).getValue(context).toString();
auditlog.setOperationInfo(opeationInfo);
}
// 打印日志信息
log.info(auditlog.toString());
//TODO 这时可以将日志信息auditlog进行异步存储,比如写入到文件通过logstash增量的同步到Elasticsearch或者DB
}
}
2-4 Enable audit log function
- In distributed projects, logs are generally extracted out for public calls, so in order to facilitate the injection of audit log functions, you can write corresponding Enable annotations
@Target(ElementType.TYPE)
@Retention(RetentionPolicy.RUNTIME)
@Import({
AuditLogAOP.class}) // 注入AOP切面到容器
public @interface EnableAuditLog {
}
3 use
3-1 Enable audit log function
- Turn on the audit log function in the entry class of the service to use the audit log function
such as
@SpringBootApplication
@EnableDiscoveryClient
@EnableAuditLog //开启审计日志
public class UmsAdminApplication {
public static void main(String[] args) {
SpringApplication.run(UmsAdminApplication.class,args);
}
}
3-2 Use on the interface
such as:
@AuditLog(logInfo = "'新增管理员:'+ #user.username")
@PostMapping
public String addUser(@RequestBody User user){
return null;
}