问题描述
以下登录设置是否安全且是一种很好的做法?
Is the following logback setup safe and good practice.
我有多个WAR(已部署WebSphere 8.5.5),希望它们共享一个logback.xml
I have Multiple WARs (deployed WebSphere 8.5.5) and want them to share a single logback.xml
-Dlogback.configurationFile=/opt/logback.xml -Dlogback.ContextSelector=JNDI
logback.xml使用 SiftingAppender 与 JNDIBasedContextDiscriminator WAR拥有自己的日志文件.
The logback.xml uses a SiftingAppender with JNDIBasedContextDiscriminator so each WAR gets its own log file.
<appender name="SIFT" class="ch.qos.logback.classic.sift.SiftingAppender">
<discriminator class="ch.qos.logback.classic.sift.JNDIBasedContextDiscriminator">
<defaultValue>unknown</defaultValue>
</discriminator>
<sift>
<appender name="FILE-${contextName}" class="ch.qos.logback.core.FileAppender">
<file>/var/log/${contextName}.log</file>
<encoder>
<pattern>%-50(%level %logger{35}) cn=%contextName - %msg%n</pattern>
</encoder>
</appender>
</sift>
</appender>
每个WAR web.xml将具有contextName:
<env-entry>
<description>JNDI logging context for this app</description>
<env-entry-name>logback/context-name</env-entry-name>
<env-entry-type>java.lang.String</env-entry-type>
<env-entry-value>ContextNameWebAppA</env-entry-value>
</env-entry>
推荐答案
我不知道使用Jndi鉴别符是安全还是好的做法,但是这似乎是Logback解决此问题的方式: http://logback.qos.ch/manual/loggingSeparation.html
它们表明,将其添加到您的配置中可以使性能更好:
I don't know if using the Jndi discriminator is safe or a good practice, butit seems to be the way Logback solves this issue : http://logback.qos.ch/manual/loggingSeparation.html
They indicate that the performance can be better in adding this to your configuration :
<filter>
<filter-name>LoggerContextFilter</filter-name>
<filter-class>ch.qos.logback.classic.selector.servlet.LoggerContextFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>LoggerContextFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
另一方面,我可以分享我正在尝试做的事情,以避免设置系统属性logback.ContextSelector=JNDI.
On an other hand, I can share what I'm trying to do to avoid setting the system properties logback.ContextSelector=JNDI.
我改用MDCBasedDiscriminator,它将获得用MDC.put(key,value)定义的区分值.
MDC映射可用作线程局部变量,因此必须为Web服务器启动的每个线程设置它.
对于此初始化,我在其他过滤器之前使用了javax.servlet.Filter,此过滤器会将正确的值放在MDC中.
I use instead the MDCBasedDiscriminator which will get the discriminating value defined with MDC.put(key,value).
The MDC map is available as a thread local variable, so it must be set for every thread initiated by the web server.
For this initialisation I used a javax.servlet.Filter placed before other filters, this filter will put the correct value in MDC.
我认为这并不比您做的更好,但是它是JNDI属性的替代方法,问题在于关闭日志位于unknown.log中.
I don't think this is better than what you did, but it's an alternative to the JNDI property, the problem is that the shutting down log are in the unknown.log.
以下是一些代码:
public class WarLoggingFilter implements Filter {
private static final String WAR_NAME_ATTRIBUTE = "WAR_NAME";
private String warName;
@Override
public void init(final FilterConfig filterConfig) throws ServletException {
warName = filterConfig.getInitParameter(WAR_NAME_ATTRIBUTE);
}
@Override
public void doFilter(final ServletRequest request, final ServletResponse response, final FilterChain chain)
throws IOException, ServletException {
insertIntoMDC(warName);
chain.doFilter(request, response);
}
private void clearMDC() {
MDC.remove(WAR_NAME_ATTRIBUTE);
}
private static void insertIntoMDC(final String warName) {
MDC.put(WAR_NAME_ATTRIBUTE, warName);
}
@Override
public void destroy() {
clearMDC();
}
/**
* Register this filter in the servlet context. Adds the necessary init
* parameter.
*
* @param warName
* @param servletContext
*/
public static void registerMe(final String warName, final ServletContext servletContext) {
// MDC for the startup thread
insertIntoMDC(warName);
// MCD for next threads
final Dynamic addFilter = servletContext.addFilter(warName, WarLoggingFilter.class);
addFilter.setInitParameter(WarLoggingFilter.WAR_NAME_ATTRIBUTE, warName);
addFilter.addMappingForUrlPatterns(null, false, "/*");
}
}
和登录文件:
<appender name="SIFT" class="ch.qos.logback.classic.sift.SiftingAppender">
<discriminator class="ch.qos.logback.classic.sift.MDCBasedDiscriminator">
<key>WAR_NAME</key>
<defaultValue>unknown</defaultValue>
</discriminator>
<sift>
<appender name="FILE-${WAR_NAME}" class="ch.qos.logback.core.FileAppender">
<file>/tmp/${WAR_NAME}.log</file>
<encoder>
<pattern>%date{ISO8601} %-5level %logger{30}\(%line\) - %message%n</pattern>
</encoder>
</appender>
</sift>
</appender>
例如,注册可以在spring安全初始化程序中:
And the registration can be for example in a spring security initializer :
public class MySecurityWebApplicationInitializer extends AbstractSecurityWebApplicationInitializer {
/**
* Invoked before the springSecurityFilterChain is added.
*
* @param servletContext
* the {@link ServletContext}
*/
@Override
protected void beforeSpringSecurityFilterChain(final ServletContext servletContext) {
// Tell logback to log this web app events in a separate file
WarLoggingFilter.registerMe("my_webapp", servletContext);
}
这篇关于多个WAR共享相同的logback.xml的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!