Log4j寫入彈簧安全用戶名

Question

我在應用程序中使用log4j和spring-security，並且記錄器應該在每條消息中使用用戶名寫入日誌。我對這一切都很陌生，有人可以提供建議或鏈接嗎？也許有一些解決這個問題的標準方法？ 謝謝。

編輯 使用Spring框架3.1 我的彈簧security.xml文件是：

<beans:beans xmlns="http://www.springframework.org/schema/security" 
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
xsi:schemaLocation="http://www.springframework.org/schema/beans 
    http://www.springframework.org/schema/beans/spring-beans-3.0.xsd 
    http://www.springframework.org/schema/security 
    http://www.springframework.org/schema/security/spring-security-3.1.xsd"> 

    <http pattern="/favicon.ico" security="none" /> 
    <http auto-config="true"> 
      <intercept-url pattern="/**" access="ROLE_ADMIN"/> 
    </http> 

<authentication-manager> 
    <authentication-provider> 
     <user-service> 
      <user name="detect_me" password="1111" authorities="ROLE_ADMIN" /> 
     </user-service> 
    </authentication-provider> 
</authentication-manager> 

而且的log4j.xml：

<?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE log4j:configuration SYSTEM "log4j.dtd"> 
<log4j:configuration xmlns:log4j='http://jakarta.apache.org/log4j/'>  
    <appender name="stdout" class="org.apache.log4j.ConsoleAppender"> 
     <layout class="org.apache.log4j.PatternLayout"> 
      <param name="ConversionPattern" value="%d %p [%c] - %m%n" /> 
     </layout> 
    </appender> 
    <appender name="R" class="org.apache.log4j.DailyRollingFileAppender"> 
     <param name="File" value="/logs/urlbuilderweb.log"/> 
     <param name="DatePattern" value="'.'yyyy-MM-dd'.log'" /> 
     <layout class="org.apache.log4j.PatternLayout"> 
      <param name="ConversionPattern" value="%d %p %t %c - %m%n" />    
     </layout> 
    </appender> 
    <appender name="ASYNC" class="org.apache.log4j.AsyncAppender"> 
     <param name="BufferSize" value="10000"/> 
     <appender-ref ref="R"/> 
    </appender> 
    <logger name="org.springframework"> 
     <level value="WARN"/> 
    </logger> 
    <logger name="org.directwebremoting"> 
     <level value="WARN"/> 
    </logger> 
    <logger name="org.apache.http"> 
     <level value="WARN"/> 
    </logger> 
    <logger name="org.hibernate"> 
     <level value="WARN"/> 
    </logger> 
    <root> 
     <level value="INFO" /> 
     <appender-ref ref="ASYNC"/> 
    </root> 
</log4j:configuration> 

Answer 1

您可以使用NDC feature。 設置一些過濾器/攔截器（取決於您使用的顯示技術）。添加嵌套診斷上下文（例如過濾器）：

public class LogDiagnosticContextFilter implements javax.servlet.Filter { 
    @Override 
    public void init(FilterConfig filterConfig) throws ServletException { 
     // do nothing 
    } 
    @Override 
    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, 
     ServletException { 
     SecurityContext context = SecurityContextHolder.getContext(); 
     if (context != null) { 
      Authentication authentication = context.getAuthentication(); 
      if (authentication != null) { 
       NDC.push("Username=" + authentication.getName()); 
      } 
     } 
     chain.doFilter(request, response); 
     NDC.pop(); 
    } 
    @Override 
    public void destroy() { 
     // do nothing 
    } 
} 

確保春季安全過濾器鏈（web.xml）中之後執行的過濾器：

<filter-mapping> 
    <filter-name>springSecurityFilterChain</filter-name> 
    <url-pattern>/*</url-pattern> 
</filter-mapping> 
<filter-mapping> 
    <filter-name>logDiagnosticContextFilter</filter-name> 
    <url-pattern>*</url-pattern> 
</filter-mapping> 

添加X給每個感興趣的log4j圖案：

%x %d %p %t %c - %m%n 

稍後當您撥打

LOGGER.info("some text"); 

在任何地方你的代碼，你會在你的日誌