以下登录设置是否安全且是一种很好的做法?
Is the following logback setup safe and good practice.
我有多个WAR(已部署WebSphere 8.5.5),希望它们共享一个logback.xml
I have Multiple WARs (deployed WebSphere 8.5.5) and want them to share a single logback.xml
-Dlogback.configurationFile=/opt/logback.xml -Dlogback.ContextSelector=JNDI
logback.xml使用 SiftingAppender 与 JNDIBasedContextDiscriminator WAR拥有自己的日志文件.
The logback.xml uses a SiftingAppender with JNDIBasedContextDiscriminator so each WAR gets its own log file.
<appender name="SIFT" class="ch.qos.logback.classic.sift.SiftingAppender"> <discriminator class="ch.qos.logback.classic.sift.JNDIBasedContextDiscriminator"> <defaultValue>unknown</defaultValue> </discriminator> <sift> <appender name="FILE-${contextName}" class="ch.qos.logback.core.FileAppender"> <file>/var/log/${contextName}.log</file> <encoder> <pattern>%-50(%level %logger{35}) cn=%contextName - %msg%n</pattern> </encoder> </appender> </sift> </appender>每个WAR web.xml将具有contextName:
<env-entry> <description>JNDI logging context for this app</description> <env-entry-name>logback/context-name</env-entry-name> <env-entry-type>java.lang.String</env-entry-type> <env-entry-value>ContextNameWebAppA</env-entry-value> </env-entry>推荐答案
我不知道使用Jndi鉴别符是安全还是好的做法,但是 这似乎是Logback解决此问题的方式: logback.qos.ch/manual/loggingSeparation.html 它们表明,将其添加到您的配置中可以使性能更好:
I don't know if using the Jndi discriminator is safe or a good practice, but it seems to be the way Logback solves this issue : logback.qos.ch/manual/loggingSeparation.html They indicate that the performance can be better in adding this to your configuration :
<filter> <filter-name>LoggerContextFilter</filter-name> <filter-class>ch.qos.logback.classic.selector.servlet.LoggerContextFilter</filter-class> </filter> <filter-mapping> <filter-name>LoggerContextFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>另一方面,我可以分享我正在尝试做的事情,以避免设置系统属性logback.ContextSelector=JNDI.
On an other hand, I can share what I'm trying to do to avoid setting the system properties logback.ContextSelector=JNDI.
我改用MDCBasedDiscriminator,它将获得用MDC.put(key,value)定义的区分值. MDC映射可用作线程局部变量,因此必须为Web服务器启动的每个线程设置它. 对于此初始化,我在其他过滤器之前使用了javax.servlet.Filter,此过滤器会将正确的值放在MDC中.
I use instead the MDCBasedDiscriminator which will get the discriminating value defined with MDC.put(key,value). The MDC map is available as a thread local variable, so it must be set for every thread initiated by the web server. For this initialisation I used a javax.servlet.Filter placed before other filters, this filter will put the correct value in MDC.
我认为这并不比您做的更好,但是它是JNDI属性的替代方法,问题在于关闭日志位于unknown.log中.
I don't think this is better than what you did, but it's an alternative to the JNDI property, the problem is that the shutting down log are in the unknown.log.
以下是一些代码:
public class WarLoggingFilter implements Filter { private static final String WAR_NAME_ATTRIBUTE = "WAR_NAME"; private String warName; @Override public void init(final FilterConfig filterConfig) throws ServletException { warName = filterConfig.getInitParameter(WAR_NAME_ATTRIBUTE); } @Override public void doFilter(final ServletRequest request, final ServletResponse response, final FilterChain chain) throws IOException, ServletException { insertIntoMDC(warName); chain.doFilter(request, response); } private void clearMDC() { MDC.remove(WAR_NAME_ATTRIBUTE); } private static void insertIntoMDC(final String warName) { MDC.put(WAR_NAME_ATTRIBUTE, warName); } @Override public void destroy() { clearMDC(); } /** * Register this filter in the servlet context. Adds the necessary init * parameter. * * @param warName * @param servletContext */ public static void registerMe(final String warName, final ServletContext servletContext) { // MDC for the startup thread insertIntoMDC(warName); // MCD for next threads final Dynamic addFilter = servletContext.addFilter(warName, WarLoggingFilter.class); addFilter.setInitParameter(WarLoggingFilter.WAR_NAME_ATTRIBUTE, warName); addFilter.addMappingForUrlPatterns(null, false, "/*"); } }和登录文件:
<appender name="SIFT" class="ch.qos.logback.classic.sift.SiftingAppender"> <discriminator class="ch.qos.logback.classic.sift.MDCBasedDiscriminator"> <key>WAR_NAME</key> <defaultValue>unknown</defaultValue> </discriminator> <sift> <appender name="FILE-${WAR_NAME}" class="ch.qos.logback.core.FileAppender"> <file>/tmp/${WAR_NAME}.log</file> <encoder> <pattern>%date{ISO8601} %-5level %logger{30}\(%line\) - %message%n</pattern> </encoder> </appender> </sift> </appender>例如,注册可以在spring安全初始化程序中:
And the registration can be for example in a spring security initializer :
public class MySecurityWebApplicationInitializer extends AbstractSecurityWebApplicationInitializer { /** * Invoked before the springSecurityFilterChain is added. * * @param servletContext * the {@link ServletContext} */ @Override protected void beforeSpringSecurityFilterChain(final ServletContext servletContext) { // Tell logback to log this web app events in a separate file WarLoggingFilter.registerMe("my_webapp", servletContext); }更多推荐
多个WAR共享相同的logback.xml
发布评论