问题描述
在我当前的项目中,我正在使用Maven和Spring.我目前正在使用SLF4J记录器来记录服务.我要代替它使用OWASP-ESAPI记录器.我不想使用OWASP-ESAPI
安全性,仅想使用日志服务.有人可以通过最小的努力替换slf4j记录器来指导我如何使用OWASP-ESAPI
记录器吗?我尝试了很多Google搜索,但没有任何帮助.我将非常感谢一些链接,这些链接也可以获取有关OWASP-ESAPI
记录器的知识.
In my current project I am using Maven and Spring. I am currently using SLF4J logger for logging services. In place of that I want to use OWASP-ESAPI logger. I don't want to use OWASP-ESAPI
security, just the log services. Can anybody please guide me how to use OWASP-ESAPI
logger by replacing slf4j logger with minimum efforts ? I tried a lot of google search but nothing helps. I will really appreciate some links to gain knowledge about OWASP-ESAPI
logger as well.
推荐答案
重构代码以删除slf4j是一个可怕的解决方案,因为那样一来,您就无法将JUL,JCL,LOG4J通信捕获到一个通用的日志漏斗中.事先的反应是不好的建议.
Refactoring your code to remove slf4j is a horrific solution, because then you lose the ability to capture JUL, JCL, LOG4J traffic into a common log funnel. The prior response is bad advice.
-
您可以启用ESAPI以使用JUL日志记录,然后通过在SLF4J上使用JUL来重新捕获该日志流量并将其路由到其他日志记录器(即log4j或logback).为此,请在ESAPI.properties中:ESAPI.Logger = org.owasp.esapi.reference.JavaLogFactory
You can enable ESAPI to use JUL Logging, and then, by using JUL over SLF4J, recapture that log traffic and route to other loggers (i.e. log4j or logback).To do so, in ESAPI.properties: ESAPI.Logger=org.owasp.esapi.reference.JavaLogFactory
另一个选择是通过ESAPI Logger接口构建SLF4J记录器代理.我认为在这种情况下,您失去的功能多于获得的功能.
Another option would be to build an SLF4J logger proxy over the ESAPI Logger Interface. I think you lose more functionality than you gain in this case.
这篇关于需要OWASP-ESAPI记录器帮助的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!