From 61caa7966b2e5f288ee6d18beaf41b58f6ad8453 Mon Sep 17 00:00:00 2001
From: RuoYi <yzz_ivy@163.com>
Date: Mon, 20 Feb 2023 16:25:40 +0800
Subject: [PATCH] 日志注解支持排除指定的请求参数
---
ruoyi-framework/src/main/java/com/ruoyi/framework/aspectj/LogAspect.java | 53 ++++++++++++++++++++++++++++++++++++++++++-----------
1 files changed, 42 insertions(+), 11 deletions(-)
diff --git a/ruoyi-framework/src/main/java/com/ruoyi/framework/aspectj/LogAspect.java b/ruoyi-framework/src/main/java/com/ruoyi/framework/aspectj/LogAspect.java
index 3eb4806..3413877 100644
--- a/ruoyi-framework/src/main/java/com/ruoyi/framework/aspectj/LogAspect.java
+++ b/ruoyi-framework/src/main/java/com/ruoyi/framework/aspectj/LogAspect.java
@@ -4,25 +4,28 @@
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import org.apache.commons.lang3.ArrayUtils;
import org.aspectj.lang.JoinPoint;
import org.aspectj.lang.annotation.AfterReturning;
import org.aspectj.lang.annotation.AfterThrowing;
import org.aspectj.lang.annotation.Aspect;
+import org.aspectj.lang.annotation.Before;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import org.springframework.core.NamedThreadLocal;
import org.springframework.stereotype.Component;
import org.springframework.validation.BindingResult;
import org.springframework.web.multipart.MultipartFile;
-import org.springframework.web.servlet.HandlerMapping;
import com.alibaba.fastjson2.JSON;
import com.ruoyi.common.annotation.Log;
import com.ruoyi.common.core.domain.model.LoginUser;
import com.ruoyi.common.enums.BusinessStatus;
import com.ruoyi.common.enums.HttpMethod;
+import com.ruoyi.common.filter.PropertyPreExcludeFilter;
+import com.ruoyi.common.utils.SecurityUtils;
import com.ruoyi.common.utils.ServletUtils;
import com.ruoyi.common.utils.StringUtils;
import com.ruoyi.common.utils.ip.IpUtils;
-import com.ruoyi.common.utils.SecurityUtils;
import com.ruoyi.framework.manager.AsyncManager;
import com.ruoyi.framework.manager.factory.AsyncFactory;
import com.ruoyi.system.domain.SysOperLog;
@@ -37,6 +40,21 @@
public class LogAspect
{
private static final Logger log = LoggerFactory.getLogger(LogAspect.class);
+
+ /** 排除敏感属性字段 */
+ public static final String[] EXCLUDE_PROPERTIES = { "password", "oldPassword", "newPassword", "confirmPassword" };
+
+ /** 计算操作消耗时间 */
+ private static final ThreadLocal<Long> TIME_THREADLOCAL = new NamedThreadLocal<Long>("Cost Time");
+
+ /**
+ * 处理请求前执行
+ */
+ @Before(value = "@annotation(controllerLog)")
+ public void boBefore(JoinPoint joinPoint, Log controllerLog)
+ {
+ TIME_THREADLOCAL.set(System.currentTimeMillis());
+ }
/**
* 处理完请求后执行
@@ -74,7 +92,7 @@
// 请求的地址
String ip = IpUtils.getIpAddr(ServletUtils.getRequest());
operLog.setOperIp(ip);
- operLog.setOperUrl(ServletUtils.getRequest().getRequestURI());
+ operLog.setOperUrl(StringUtils.substring(ServletUtils.getRequest().getRequestURI(), 0, 255));
if (loginUser != null)
{
operLog.setOperName(loginUser.getUsername());
@@ -93,15 +111,20 @@
operLog.setRequestMethod(ServletUtils.getRequest().getMethod());
// 处理设置注解上的参数
getControllerMethodDescription(joinPoint, controllerLog, operLog, jsonResult);
+ // 设置消耗时间
+ operLog.setCostTime(System.currentTimeMillis() - TIME_THREADLOCAL.get());
// 保存数据库
AsyncManager.me().execute(AsyncFactory.recordOper(operLog));
}
catch (Exception exp)
{
// 记录本地异常日志
- log.error("==前置通知异常==");
log.error("异常信息:{}", exp.getMessage());
exp.printStackTrace();
+ }
+ finally
+ {
+ TIME_THREADLOCAL.remove();
}
}
@@ -124,7 +147,7 @@
if (log.isSaveRequestData())
{
// 获取参数的信息,传入到数据库中。
- setRequestValue(joinPoint, operLog);
+ setRequestValue(joinPoint, operLog, log.excludeParamNames());
}
// 是否需要保存response,参数和值
if (log.isSaveResponseData() && StringUtils.isNotNull(jsonResult))
@@ -139,25 +162,25 @@
* @param operLog 操作日志
* @throws Exception 异常
*/
- private void setRequestValue(JoinPoint joinPoint, SysOperLog operLog) throws Exception
+ private void setRequestValue(JoinPoint joinPoint, SysOperLog operLog, String[] excludeParamNames) throws Exception
{
String requestMethod = operLog.getRequestMethod();
if (HttpMethod.PUT.name().equals(requestMethod) || HttpMethod.POST.name().equals(requestMethod))
{
- String params = argsArrayToString(joinPoint.getArgs());
+ String params = argsArrayToString(joinPoint.getArgs(), excludeParamNames);
operLog.setOperParam(StringUtils.substring(params, 0, 2000));
}
else
{
- Map<?, ?> paramsMap = (Map<?, ?>) ServletUtils.getRequest().getAttribute(HandlerMapping.URI_TEMPLATE_VARIABLES_ATTRIBUTE);
- operLog.setOperParam(StringUtils.substring(paramsMap.toString(), 0, 2000));
+ Map<?, ?> paramsMap = ServletUtils.getParamMap(ServletUtils.getRequest());
+ operLog.setOperParam(StringUtils.substring(JSON.toJSONString(paramsMap, excludePropertyPreFilter(excludeParamNames)), 0, 2000));
}
}
/**
* 参数拼装
*/
- private String argsArrayToString(Object[] paramsArray)
+ private String argsArrayToString(Object[] paramsArray, String[] excludeParamNames)
{
String params = "";
if (paramsArray != null && paramsArray.length > 0)
@@ -168,7 +191,7 @@
{
try
{
- Object jsonObj = JSON.toJSON(o);
+ String jsonObj = JSON.toJSONString(o, excludePropertyPreFilter(excludeParamNames));
params += jsonObj.toString() + " ";
}
catch (Exception e)
@@ -181,6 +204,14 @@
}
/**
+ * 忽略敏感属性
+ */
+ public PropertyPreExcludeFilter excludePropertyPreFilter(String[] excludeParamNames)
+ {
+ return new PropertyPreExcludeFilter().addExcludes(ArrayUtils.addAll(EXCLUDE_PROPERTIES, excludeParamNames));
+ }
+
+ /**
* 判断是否需要过滤的对象。
*
* @param o 对象信息。
--
Gitblit v1.9.2