作者 | 邮箱 | 时间 |
---|---|---|
潘顾昌 | [email protected] | 2020/03/20 |
在hzero选配页面下载该服务:http://hzero.saas.hand-china.com/hzeroStart/
注意修改启动类
package com.pigic;
import org.hzero.autoconfigure.monitor.EnableHZeroMonitor;
import org.hzero.core.jackson.annotation.EnableObjectMapper;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.cloud.client.discovery.EnableDiscoveryClient;
import io.choerodon.resource.annoation.EnableChoerodonResourceServer;
@EnableObjectMapper
@EnableHZeroMonitor
@EnableDiscoveryClient
@SpringBootApplication
public class HzeroMonitorApplication {
public static void main(String[] args) {
SpringApplication.run(HzeroMonitorApplication.class, args);
}
}
创建启动脚本
#!/usr/bin/env bash
echo ">>> git pull"
# 拉取代码
git pull
echo ">>> mvn clean package"
# 打包
mvn clean package
echo ">>> cd target"
# 进入target目录
cd target
JAR=hzero-monitor.jar
# 管理端口
MPORT=8261
echo ">>> kill -9 $(jps -ml | grep $JAR | awk '{print $1}')"
# 关闭原有的服务端口
kill -9 $(jps -ml | grep $JAR | awk '{print $1}')
echo ">>> kill -9 $(lsof -n -P -t -i:$MPORT)"
# 关闭原有的监控端口
kill -9 $(lsof -t -sTCP:LISTEN -i:$MPORT)
# 重命名
mv app.jar $JAR
echo ">>> nohup java -jar -Xms512m -Xmx1024m $JAR >app.log &"
# 构建
BUILD_ID=dontKillMe nohup java -jar -Xms512m -Xmx1024m $JAR >app.log &
在服务器通过SSH方式拉取服务
[root@choerodon src]# git clone ssh://[email protected]:2222/root/hzero-monitor.git
正克隆到 'hzero-monitor'...
remote: Enumerating objects: 34, done.
remote: Counting objects: 100% (34/34), done.
remote: Compressing objects: 100% (27/27), done.
remote: Total 34 (delta 0), reused 0 (delta 0)
接收对象中: 100% (34/34), 15.33 KiB | 0 bytes/s, done.
[root@choerodon src]# cd hzero-monitor/
[root@choerodon hzero-monitor]# ls
charts init-database.sh pom.xml README.md run.sh src
[root@choerodon hzero-monitor]# chmod 777 run.sh
[root@choerodon hzero-monitor]# ls
charts init-database.sh pom.xml README.md run.sh src
[root@choerodon hzero-monitor]# ./run.sh
至此审计服务可以正常使用
配置jenkins CI/CD部署代码
添加依赖
<dependency>
<groupId>org.hzero.bootgroupId>
<artifactId>hzero-boot-monitorartifactId>
<version>1.1.0.RELEASEversion>
dependency>
在服务中添加如下配置来开启操作审计
# application.yml
hzero:
audit:
operation:
enable: true # 全局开关,默认 false
api-audit:
enable: true # API 审计开关,默认 true,如果全局开关关闭,此值无效
annotation-audit:
enable: true # 注解审计(在Bean的方法上添加@OperationalAudit)开关,默认 true,如果全局开关关闭,此值无效
服务:待审计的服务
审计接口: 待审计的服务下对应的接口
操作内容: 记录操作内容信息,可以在此记录操作人、请求参数、相应参数等所需的信息,可以根据实际需求来进行配置,支持SPEL表达式。例如:‘User[’+#_userDetails.getRealName()+’]查询数据’。
@OperationalAudit
参数说明
content
String
package.class#method
_userDetail
_result
auditArg
boolean
auditResult
boolean
auditData
boolean
args
String[]
result
String
代码示例
@OperationalAudit(content = "'User['+#_userDetails.getRealName()+']查询证件管理列表'")
@ApiOperation(value = "证件管理列表")
@Permission(level = ResourceLevel.ORGANIZATION)
@GetMapping
public ResponseEntity<Page<Cards>> list(Cards cards, @ApiIgnore @SortDefault(value = Cards.FIELD_CARD_ID,
direction = Sort.Direction.DESC) PageRequest pageRequest) {
Page<Cards> list = cardsRepository.pageAndSortOption(pageRequest, cards);
return Results.success(list);
}
实体注册
hzero:
platform:
regist-entity:
# 开启实体类的注册
enable: true
开启数据审计
hzero:
audit:
operation:
enable: true
annotation-audit:
enable: true
data:
enable: true
覆盖源码类
/*
* 修改实体类扫描
* @date: 2020/3/21
* @author: 潘顾昌
* @version: 0.0.1
* @copyright Copyright (c) 2019, Hand
*/
package org.hzero.boot.platform.entity.autoconfigure;
import org.hzero.boot.platform.entity.feign.EntityRegistFeignClient;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.cloud.openfeign.EnableFeignClients;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.task.AsyncTaskExecutor;
import org.springframework.scheduling.annotation.EnableAsync;
import org.springframework.scheduling.concurrent.ThreadPoolTaskExecutor;
@Configuration
@EnableAsync
@ComponentScan({"org.hzero.boot.platform.entity"})
@EnableFeignClients(
basePackageClasses = {EntityRegistFeignClient.class}
)
@EnableConfigurationProperties({EntityRegistProperties.class})
@EntityRegistScan(
basePackages = {"org.hzero/**/entity/**","bjja.hzero/**/entity/**"}
)
public class EntityRegistAutoConfiguration {
public EntityRegistAutoConfiguration() {
}
@Bean
@Qualifier("entityRegistAsyncTaskExecutor")
public AsyncTaskExecutor entityRegistAsyncTaskExecutor() {
ThreadPoolTaskExecutor executor = new ThreadPoolTaskExecutor();
executor.setThreadNamePrefix("entityRegistAsyncTaskExecutor");
executor.setMaxPoolSize(3);
executor.setCorePoolSize(2);
return executor;
}
}
org.hzero.boot.monitor.audit.op.OperationalAuditAspect
org.hzero.boot.monitor.audit.op.component.sender.FeignOperationalAuditSender
org.hzero.monitor.api.controller.v1.AuditOpLogController
支持的变量
核心解析代码
public OperationalAudit build() {
SpelExpressionParser parser = new SpelExpressionParser();
StandardEvaluationContext context = new StandardEvaluationContext();
if (this.args != null) {
context.setVariables(this.args);
}
context.setVariable("_result", this.result);
context.setVariable("_userDetails", this.customUserDetails);
this.operationalAudit.content = StringUtils.limited(String.valueOf(parser.parseExpression(this.operationalAudit.content).getValue(context)), 480);
if (this.operationalAudit.auditArgs) {
if (this.argExpressions != null && this.argExpressions.length > 0) {
Map<String, Object> resultArgs = new HashMap(this.argExpressions.length);
int i = 0;
for(int argExpressionsLength = this.argExpressions.length; i < argExpressionsLength; ++i) {
resultArgs.put("arg" + i, parser.parseExpression(this.argExpressions[i]).getValue(context));
}
this.operationalAudit.args = ObjectMapperHelper.writeValueAsString(resultArgs);
} else if (!CollectionUtils.isEmpty(this.args)) {
this.operationalAudit.args = ObjectMapperHelper.writeValueAsString(this.args);
}
}
if (this.operationalAudit.auditResult) {
if (StringUtils.hasText(this.resultExpression)) {
this.operationalAudit.result = String.valueOf(parser.parseExpression(this.resultExpression).getValue(context));
} else if (this.result != null) {
if (this.result instanceof ResponseEntity) {
this.result = ((ResponseEntity)this.result).getBody();
}
if (this.result != null) {
this.operationalAudit.result = ObjectMapperHelper.writeValueAsString(this.result);
this.operationalAudit.failed = this.result instanceof Throwable;
}
}
}
return this.operationalAudit;
}
实体注册源码分析
是否启用禁用,默认禁用
调用平台服务相关接口
可以自定义接口继承org.hzero.boot.data.change.handler.DataChangeBaseHandler
doProcess: 数据改变时如何处理
doCommit: 数据改变提交的时候如何处理