在Java日志中处理敏感信息时,脱敏是一个重要的步骤,以确保不会泄露用户的隐私数据。以下是一些常见的脱敏方法和实现方式:
你可以使用正则表达式来匹配敏感信息并进行替换。
import java.util.regex.Matcher;
import java.util.regex.Pattern;
public class SensitiveDataMasker {
public static String maskSensitiveData(String input) {
// 匹配身份证号
Pattern idCardPattern = Pattern.compile("\\d{17}[0-9Xx]");
Matcher idCardMatcher = idCardPattern.matcher(input);
input = idCardMatcher.replaceAll("***-****-****-****");
// 匹配手机号
Pattern phonePattern = Pattern.compile("\\d{3}\\d{4}\\d{4}");
Matcher phoneMatcher = phonePattern.matcher(input);
input = phoneMatcher.replaceAll("***-***-****");
// 匹配邮箱
Pattern emailPattern = Pattern.compile("[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}");
Matcher emailMatcher = emailPattern.matcher(input);
input = emailMatcher.replaceAll("***@***.***");
return input;
}
public static void main(String[] args) {
String logMessage = "User ID: 123456789012345678, Phone: 13800138000, Email: user@example.com";
String maskedLogMessage = maskSensitiveData(logMessage);
System.out.println(maskedLogMessage);
}
}
一些日志框架(如Logback和Log4j2)提供了内置的脱敏功能。
在logback.xml
中配置脱敏:
<configuration>
<appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
<encoder>
<pattern>%d{yyyy-MM-dd HH:mm:ss} %-5level %logger{36} - %msg%n</pattern>
<charset>UTF-8</charset>
</encoder>
</appender>
<logger name="com.example" level="DEBUG">
<appender-ref ref="STDOUT"/>
<appender-ref ref="STDOUT_MASKED"/>
</logger>
<appender name="STDOUT_MASKED" class="ch.qos.logback.core.ConsoleAppender">
<encoder>
<pattern>%d{yyyy-MM-dd HH:mm:ss} %-5level %logger{36} - %msg%n</pattern>
<charset>UTF-8</charset>
<encoder class="net.logstash.logback.encoder.LogstashEncoder">
<customFields>{"application":"my-app"}</customFields>
<providers>
<timestamp/>
<version/>
<loggerName/>
<threadName/>
<logLevel/>
<message/>
<stackTrace/>
</providers>
</encoder>
</encoder>
</appender>
</configuration>
在log4j2.xml
中配置脱敏:
<Configuration status="WARN">
<Appenders>
<Console name="Console" target="SYSTEM_OUT">
<PatternLayout pattern="%d{yyyy-MM-dd HH:mm:ss} %-5level %logger{36} - %msg%n"/>
</Console>
<Console name="ConsoleMasked" target="SYSTEM_OUT">
<PatternLayout pattern="%d{yyyy-MM-dd HH:mm:ss} %-5level %logger{36} - %msg%n"/>
<Encoder class="net.logstash.logback.encoder.LogstashEncoder">
<customFields>{"application":"my-app"}</customFields>
<providers>
<timestamp/>
<version/>
<loggerName/>
<threadName/>
<logLevel/>
<message/>
<stackTrace/>
</providers>
</Encoder>
</Console>
</Appenders>
<Loggers>
<Logger name="com.example" level="debug" additivity="false">
<AppenderRef ref="Console"/>
<AppenderRef ref="ConsoleMasked"/>
</Logger>
<Root level="error">
<AppenderRef ref="Console"/>
</Root>
</Loggers>
</Configuration>
有一些第三方库可以帮助你更方便地进行脱敏处理,例如logstash-logback-encoder
和log4j2-logstash-layout
。
在pom.xml
中添加依赖:
<dependency>
<groupId>net.logstash.logback</groupId>
<artifactId>logstash-logback-encoder</artifactId>
<version>6.6</version>
</dependency>
然后在logback.xml
中配置:
<configuration>
<appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
<encoder class="net.logstash.logback.encoder.LogstashEncoder">
<customFields>{"application":"my-app"}</customFields>
<providers>
<timestamp/>
<version/>
<loggerName/>
<threadName/>
<logLevel/>
<message/>
<stackTrace/>
</providers>
</encoder>
</appender>
<root level="debug">
<appender-ref ref="STDOUT"/>
</root>
</configuration>
在pom.xml
中添加依赖:
<dependency>
<groupId>org.apache.logging.log4j</groupId>
<artifactId>log4j-core</artifactId>
<version>2.14.1</version>
</dependency>
<dependency>
<groupId>org.apache.logging.log4j</groupId>
<artifactId>log4j-api</artifactId>
<version>2.14.1</version>
</dependency>
<dependency>
<groupId>org.apache.logging.log4j</groupId>
<artifactId>log4j-layout-template-json</artifactId>
<version>2.14.1</version>
</dependency>
然后在log4j2.xml
中配置:
<Configuration status="WARN">
<Appenders>
<Console name="Console" target="SYSTEM_OUT">
<JsonLayout compact="true" eventEol="true">
<KeyValuePair key="application" value="my-app"/>
<KeyValuePair key="timestamp" value="%d{yyyy-MM-dd HH:mm:ss}"/>
<KeyValuePair key="level" value="%level"/>
<KeyValuePair key="logger" value="%logger"/>
<KeyValuePair key="thread" value="%thread"/>
<KeyValuePair key="message" value="%msg"/>
<KeyValuePair key="stackTrace" value="%ex{full}"/>
</JsonLayout>
</Console>
</Appenders>
<Loggers>
<Root level="debug">
<AppenderRef ref="Console"/>
</Root>
</Loggers>
</Configuration>
通过这些方法,你可以在Java日志中有效地处理敏感信息,确保不会泄露用户的隐私数据。