Spring AOP + custom annotation + Spel expression to achieve audit log

1 Introduction

• Audit diary is to record user's operation record
• Realize custom audit log annotation based on AOP dynamic proxy, and support Spel expression analysis

2- realize

2-1 Log storage entity class

@Data
@Builder
@ToString
public class AuditingLog {
    
    

    private String userId;  // 用户id

    private String userNickname; //用户昵称

    private String operationInfo; //操作信息

    private String interfaceName; // 调用的接口方法名

    private String applicationName; // 调用的服务名

    private LocalDateTime createTime; //操作时间
}

2-2 Custom audit log annotation

@Documented
@Retention(RetentionPolicy.RUNTIME)
@Target({
    
    ElementType.TYPE, ElementType.METHOD})
public @interface AuditLog {
    
    
    String logInfo(); //日志信息
}

2-3 AOP aspect of log annotation

@Aspect
@Component
public class AuditLogAOP {
    
    

   	@Value("${spring.application.name}")
    private String applicationName; //从配置文件获得服务名

    // spel表达式解析器
    private SpelExpressionParser spelExpressionParser = new SpelExpressionParser();

    // 参数名发现器
    private DefaultParameterNameDiscoverer parameterNameDiscoverer = new DefaultParameterNameDiscoverer();

    @Before(value = "@annotation(enableAuditLog) || @within(enableAuditLog)")
    public void getAutiLogInfo(JoinPoint joinPoint, AuditLog enableAuditLog){
    
    

        MethodSignature signature = (MethodSignature) joinPoint.getSignature();
        if (enableAuditLog == null) {
    
    
            enableAuditLog = signature.getMethod().getAnnotation(AuditLog.class);
        }

		// 构建日志存储对象
        AuditingLog auditlog = AuditingLog.builder().applicationName(applicationName).createTime(LocalDateTime.now()).build();

		auditlog.setUserId(xxx);  // 从上下文获取当前操作的用户信息
	    auditlog.setUserNickname(xx);
        
	// 设置操作的接口方法名        
	auditlog.setInterfaceName(signature.getDeclaringTypeName()+"."+signature.getName());

		// 获得日志注解上自定义的日志信息
        String logInfo = enableAuditLog.logInfo();

		// Spel表达式解析日志信息
        // 获得方法参数名数组
        String[] parameterNames = parameterNameDiscoverer.getParameterNames(signature.getMethod());
        if (parameterNames != null && parameterNames.length > 0){
    
    
            EvaluationContext context = new StandardEvaluationContext();

            //获取方法参数值
            Object[] args = joinPoint.getArgs();
            for (int i = 0; i < args.length; i++) {
    
    
                context.setVariable(parameterNames[i],args[i]); // 替换spel里的变量值为实际值， 比如 #user -->  user对象
            }

            // 解析出实际的日志信息
            String opeationInfo = spelExpressionParser.parseExpression(logInfo).getValue(context).toString();
            auditlog.setOperationInfo(opeationInfo);
        }

        // 打印日志信息
        log.info(auditlog.toString());

        //TODO 这时可以将日志信息auditlog进行异步存储,比如写入到文件通过logstash增量的同步到Elasticsearch或者DB

    }
}

2-4 Enable audit log function

• In distributed projects, logs are generally extracted out for public calls, so in order to facilitate the injection of audit log functions, you can write corresponding Enable annotations

@Target(ElementType.TYPE)
@Retention(RetentionPolicy.RUNTIME)
@Import({
    
    AuditLogAOP.class}) // 注入AOP切面到容器
public @interface EnableAuditLog {
    
    

}

3 use

3-1 Enable audit log function

• Turn on the audit log function in the entry class of the service to use the audit log function

such as

@SpringBootApplication
@EnableDiscoveryClient
@EnableAuditLog //开启审计日志
public class UmsAdminApplication {
    
    
    public static void main(String[] args) {
    
    
        SpringApplication.run(UmsAdminApplication.class,args);
    }
}

3-2 Use on the interface

such as:

 	@AuditLog(logInfo = "'新增管理员:'+ #user.username")
    @PostMapping
    public String addUser(@RequestBody User user){
    
    
    
        return null;
    }

Reward

If you find the article useful, you can encourage the author