This is a community that may be useful to you
One-to-one communication/interview brochure/resume optimization/job search questions, welcome to join the “Yudao Rapid Development Platform” Knowledge Planet. The following is some information provided by Planet:
“Project Practice (Video)”: Learn from books, “practice” from past events
“Internet High Frequency Interview Questions”: Studying with your resume, spring blossoms
“Architecture x System Design”: Overcoming difficulties and mastering high-frequency interview scenario questions
“Advancing Java Learning Guide”: systematic learning, the mainstream technology stack of the Internet
“Must-read Java Source Code Column”: Know what it is and why it is so
This is an open source project that may be useful to you
Domestic Star is a 100,000+ open source project. The front-end includes management backend + WeChat applet, and the back-end supports monomer and microservice architecture.
Functions cover RBAC permissions, SaaS multi-tenancy, data permissions, mall, payment, workflow, large-screen reports, WeChat public account, etc.:
Boot address: https://gitee.com/zhijiantianya/ruoyi-vue-pro
Cloud address: https://gitee.com/zhijiantianya/yudao-cloud
Video tutorial: https://doc.iocoder.cn
Source: medium.com
-
introduce
-
Step 1: Create a Custom Log Appender
-
Step 2: Configure Log4j
-
Step 3: Include Log4j
-
Step 4: Test Log Masking
-
in conclusion
Introduction
We can mask sensitive data in a Spring Boot application’s log4j logs by implementing a custom log appender and using regular expressions to identify and mask sensitive information. The following are specific methods in practice:
Backend management system + user applet implemented based on Spring Boot + MyBatis Plus + Vue & Element, supporting RBAC dynamic permissions, multi-tenancy, data permissions, workflow, three-party login, payment, SMS, mall and other functions
Project address: https://github.com/YunaiV/ruoyi-vue-pro
Video tutorial: https://doc.iocoder.cn/video/
Step 1: Create a custom log Appender
Create a class that extends the AppenderSkeleton
provided by log4j. This custom appender will intercept log messages before they are written to the log and apply the necessary masking.
import org.apache.log4j.AppenderSkeleton; import org.apache.log4j.spi.LoggingEvent; public class MaskingAppender extends AppenderSkeleton { @Override protected void append(LoggingEvent loggingEvent) { String message = loggingEvent.getMessage().toString(); String maskedMessage = maskSensitiveData(message); loggingEvent.setMessage(maskedMessage); super.append(loggingEvent); } @Override public void close() { // Cleanup resources, if any } @Override public boolean requiresLayout() { return false; } private String maskSensitiveData(String message) { // Implement your logic to mask sensitive data using regular expressions // For demonstration purposes, let's assume we want to mask credit card numbers return message.replaceAll("\d{4}-\d{4}-\d{4}-\d{4}", "*** *-****-****-****"); } }
An appender in log4j is responsible for writing log messages to various outputs. By extending the AppenderSkeleton
class, we create a custom appender that can modify log messages before writing them to the log.
Regular expressions (regex) are powerful patterns for pattern matching and manipulating strings. In the maskSensitiveData()
method, we use regex to identify and replace sensitive data. In the example we use the pattern \d{4}-\d{4}-\d{4}-\d{4}
to match Credit card number in the format “xxxx-xxxx
” and replace it with “-
“.
append() method
log4j calls this method when it is ready to add a log message. In the MaskingAppender
class, we override this method to intercept the log message, use the maskSensitiveData()
method to apply masking to the sensitive data, and then pass the modified message to the super class’s append()
method.
Backend management system + user applet implemented based on Spring Cloud Alibaba + Gateway + Nacos + RocketMQ + Vue & Element, supporting RBAC dynamic permissions, multi-tenancy, data permissions, workflow, three-party login, payment, SMS, mall and other functions
Project address: https://github.com/YunaiV/yudao-cloud
Video tutorial: https://doc.iocoder.cn/video/
Step 2: Configure Log4j
In the configuration file of the Spring Boot application, we need to configure log4j to use the custom Appender. We also need to specify the log level and other settings as per your requirements. Here is an example of configuring log4j using application.properties:
# Log4j configuration log4j.rootLogger=INFO, maskedAppender log4j.appender.maskedAppender=com.example.MaskingAppender log4j.appender.maskedAppender.layout=org.apache.log4j.PatternLayout log4j.appender.maskedAppender.layout.ConversionPattern=%d [%t] %-5p %c - %m%n
Step 3: Include Log4j
Make sure you have the necessary log4j dependencies in your Spring Boot application’s build file (for example, Maven’s pom.xml):
<!-- log4j dependencies --> <dependencies> <dependency> <groupId>log4j</groupId> <artifactId>log4j</artifactId> <version>1.2.17</version> </dependency> </dependencies>
Step 4: Test log blocking
Now, when we log messages using log4j in Spring Boot application, sensitive data will be automatically masked. For example:
import org.apache.log4j.Logger; public class SomeService { private static final Logger logger = Logger.getLogger(SomeService.class); public void processSensitiveData(String data) { logger.info("Processing sensitive data: " + data); // Sensitive data will be masked in the logs } }
In application code, you can use the Logger provided by log4j to log messages. In this example, we use logger.info()
to log a message. Log messages containing sensitive data are passed as string concatenation. MaskingAppender intercepts this message and applies the mask before writing it to the log.
In the above example, if the data parameter contains a credit card number like “1234-5678-9012-3456
“, then it will be masked in the log output as “Processing sensitive data :--
”
Conclusion
By following these steps and concepts, you can effectively mask sensitive data in your Spring Boot application’s log4j logs. Remember to adapt the masking logic in the maskSensitiveData()
method to your specific needs and sensitive data patterns.
Welcome to join my knowledge planet and comprehensively improve your technical capabilities.
To join, “Long press” or “Scan” the QR code below:
Planet’s content includes: project practice, interviews and recruitment, source code analysis, and learning routes.
If the article is helpful, please read it and forward it. Thank you for your support (*^__^*)