背景：审计追溯的必要性

在实际开发中，系统安全审计和操作追溯变得越来越重要：

• 合规要求：金融、医疗等行业需要满足严格的合规要求
• 安全审计：及时发现异常访问和潜在安全威胁
• 问题追溯：快速定位问题，提高故障排查效率
• 责任认定：明确操作责任，避免推诿扯皮
• 数据分析：基于访问日志进行业务分析和优化

审计追溯的重要性

问题：没有审计追溯，系统出现问题时无法定位

用户投诉：我的订单被删除了，谁操作的？
开发人员：不清楚，系统没有记录
运维人员：不知道，日志里找不到
测试人员：没测试过，不是我
...
最终结果：无法确定责任人，问题无法解决

影响：

• 无法满足合规要求
• 安全问题无法及时发现
• 故障排查效率低
• 责任认定困难
• 数据分析无法进行

审计追溯的挑战

问题：实现完善的审计追溯系统面临很多挑战

// 需要记录的信息
public class AccessLog {
    private String userId;           // 谁访问的
    private String username;         // 用户名
    private String requestUrl;        // 访问了什么接口
    private String requestMethod;     // 请求方法
    private String requestParams;     // 请求参数
    private String requestBody;       // 请求体
    private String responseStatus;    // 响应状态
    private String responseBody;      // 响应体
    private Long executionTime;      // 执行时间
    private String ipAddress;        // IP地址
    private String userAgent;        // 用户代理
    private LocalDateTime requestTime; // 请求时间
    private LocalDateTime responseTime;// 响应时间
    private String traceId;         // 追踪ID
    private String spanId;          // 跨度ID
    // ... 更多字段
}

挑战：

• 数据量大：每次请求都记录，数据量巨大
• 性能影响：记录日志会影响系统性能
• 存储成本：日志数据占用大量存储空间
• 数据安全：日志中可能包含敏感信息
• 查询效率：海量数据查询效率低

核心概念：接口访问日志审计与操作留痕

1. 接口访问日志审计

定义：记录所有接口访问的详细信息，包括请求和响应

特点：

• 记录完整的请求信息
• 记录完整的响应信息
• 记录执行时间
• 支持链路追踪
• 支持性能分析

实现方式：

• 基于 Filter 拦截
• 基于 AOP 切面
• 基于 Interceptor 拦截
• 基于 Spring Actuator

2. 操作留痕

定义：记录关键业务操作的详细信息，包括操作前后的数据

特点：

• 记录业务操作
• 记录数据变更
• 记录操作结果
• 支持数据回溯
• 支持审计查询

实现方式：

• 基于 AOP 切面
• 基于事件监听
• 基于数据库触发器
• 基于应用事件

3. 审计日志

定义：记录系统级别的审计信息，包括登录、权限变更等

特点：

• 记录安全相关操作
• 记录权限变更
• 记录配置变更
• 支持合规审计
• 支持安全分析

实现方式：

• 基于 Spring Security
• 基于自定义事件
• 基于审计框架
• 基于日志框架

4. 链路追踪

定义：记录请求在整个系统中的调用链路

特点：

• 记录调用链路
• 记录调用时间
• 记录调用关系
• 支持性能分析
• 支持问题定位

实现方式：

• 基于 Sleuth
• 基于 Zipkin
• 基于 SkyWalking
• 基于 Jaeger

实现方案：接口访问日志审计与操作留痕

方案一：基于 Filter 的简单实现

优点：

• 实现简单
• 性能较好
• 无侵入性

缺点：

• 功能有限
• 无法获取方法级别信息
• 难以处理异常

代码实现：

@Component
@Slf4j
public class AccessLogFilter implements Filter {

    @Autowired
    private AccessLogService accessLogService;

    @Override
    public void doFilter(ServletRequest request, ServletResponse response, 
            FilterChain chain) throws IOException, ServletException {
        
        HttpServletRequest httpRequest = (HttpServletRequest) request;
        HttpServletResponse httpResponse = (HttpServletResponse) response;
        
        AccessLog accessLog = new AccessLog();
        accessLog.setRequestTime(LocalDateTime.now());
        accessLog.setRequestUrl(httpRequest.getRequestURI());
        accessLog.setRequestMethod(httpRequest.getMethod());
        accessLog.setIpAddress(getClientIP(httpRequest));
        accessLog.setUserAgent(httpRequest.getHeader("User-Agent"));
        
        long startTime = System.currentTimeMillis();
        
        try {
            chain.doFilter(request, response);
        } finally {
            long endTime = System.currentTimeMillis();
            accessLog.setExecutionTime(endTime - startTime);
            accessLog.setResponseTime(LocalDateTime.now());
            accessLog.setResponseStatus(httpResponse.getStatus());
            
            accessLogService.saveAccessLog(accessLog);
        }
    }

    private String getClientIP(HttpServletRequest request) {
        String xfHeader = request.getHeader("X-Forwarded-For");
        if (xfHeader == null) {
            return request.getRemoteAddr();
        }
        return xfHeader.split(",")[0];
    }

}

方案二：基于 AOP 的增强实现

优点：

• 功能强大
• 可以获取方法级别信息
• 支持自定义注解
• 易于扩展

缺点：

• 性能略低
• 配置复杂
• 需要代理对象

代码实现：

@Aspect
@Component
@Slf4j
public class AccessLogAspect {

    @Autowired
    private AccessLogService accessLogService;

    @Pointcut("execution(* com.example.demo.controller..*.*(..))")
    public void controllerPointcut() {}

    @Around("controllerPointcut()")
    public Object around(ProceedingJoinPoint joinPoint) throws Throwable {
        HttpServletRequest request = 
                ((ServletRequestAttributes) RequestContextHolder.currentRequestAttributes())
                        .getRequest();
        
        AccessLog accessLog = new AccessLog();
        accessLog.setRequestTime(LocalDateTime.now());
        accessLog.setRequestUrl(request.getRequestURI());
        accessLog.setRequestMethod(request.getMethod());
        accessLog.setIpAddress(getClientIP(request));
        accessLog.setUserAgent(request.getHeader("User-Agent"));
        accessLog.setClassName(joinPoint.getTarget().getClass().getSimpleName());
        accessLog.setMethodName(joinPoint.getSignature().getName());
        
        Object[] args = joinPoint.getArgs();
        accessLog.setRequestParams(JSON.toJSONString(args));
        
        long startTime = System.currentTimeMillis();
        Object result = null;
        
        try {
            result = joinPoint.proceed();
            accessLog.setResponseStatus(200);
            accessLog.setResponseBody(JSON.toJSONString(result));
        } catch (Exception e) {
            accessLog.setResponseStatus(500);
            accessLog.setErrorMsg(e.getMessage());
            throw e;
        } finally {
            long endTime = System.currentTimeMillis();
            accessLog.setExecutionTime(endTime - startTime);
            accessLog.setResponseTime(LocalDateTime.now());
            
            accessLogService.saveAccessLog(accessLog);
        }
        
        return result;
    }

}

方案三：基于 Spring Actuator 的集成实现

优点：

• 与 Spring 集成
• 功能完善
• 易于配置
• 支持多种日志格式

缺点：

• 依赖 Actuator
• 功能可能不够灵活
• 需要额外配置

代码实现：

@Configuration
public class ActuatorConfig {

    @Bean
    public WebMvcEndpointHandlerMapping webEndpointHandlerMapping(
            WebEndpointsSupplier webEndpointsSupplier,
            EndpointMediaTypes endpointMediaTypes,
            CorsEndpointProperties corsProperties,
            WebEndpointProperties webEndpointProperties) {
        
        return new WebMvcEndpointHandlerMapping(webEndpointsSupplier,
                endpointMediaTypes, corsProperties, webEndpointProperties);
    }

    @Bean
    public AccessLogEndpoint accessLogEndpoint(AccessLogService accessLogService) {
        return new AccessLogEndpoint(accessLogService);
    }

}

@Component
@Endpoint(id = "accesslog")
public class AccessLogEndpoint {

    @Autowired
    private AccessLogService accessLogService;

    @ReadOperation
    public List<AccessLog> accessLogs(
            @Selector String userId,
            @Selector String startDate,
            @Selector String endDate) {
        
        return accessLogService.queryAccessLogs(userId, startDate, endDate);
    }

}

方案四：基于自定义注解的灵活实现

优点：

• 灵活性高
• 可以按需记录
• 支持自定义配置
• 易于维护

缺点：

• 需要手动添加注解
• 可能遗漏某些接口
• 维护成本高

代码实现：

@Target(ElementType.METHOD)
@Retention(RetentionPolicy.RUNTIME)
public @interface AccessLog {
    String description() default "";
    boolean logRequest() default true;
    boolean logResponse() default false;
    boolean logParams() default true;
}

@Aspect
@Component
@Slf4j
public class AccessLogAspect {

    @Autowired
    private AccessLogService accessLogService;

    @Around("@annotation(accessLog)")
    public Object around(ProceedingJoinPoint joinPoint, AccessLog accessLog) throws Throwable {
        HttpServletRequest request = 
                ((ServletRequestAttributes) RequestContextHolder.currentRequestAttributes())
                        .getRequest();
        
        com.example.demo.entity.AccessLog log = new com.example.demo.entity.AccessLog();
        log.setRequestTime(LocalDateTime.now());
        log.setRequestUrl(request.getRequestURI());
        log.setRequestMethod(request.getMethod());
        log.setIpAddress(getClientIP(request));
        log.setDescription(accessLog.description());
        
        if (accessLog.logParams()) {
            Object[] args = joinPoint.getArgs();
            log.setRequestParams(JSON.toJSONString(args));
        }
        
        long startTime = System.currentTimeMillis();
        Object result = null;
        
        try {
            result = joinPoint.proceed();
            log.setResponseStatus(200);
            
            if (accessLog.logResponse()) {
                log.setResponseBody(JSON.toJSONString(result));
            }
        } catch (Exception e) {
            log.setResponseStatus(500);
            log.setErrorMsg(e.getMessage());
            throw e;
        } finally {
            long endTime = System.currentTimeMillis();
            log.setExecutionTime(endTime - startTime);
            log.setResponseTime(LocalDateTime.now());
            
            accessLogService.saveAccessLog(log);
        }
        
        return result;
    }

}

完整实现：接口访问日志审计与操作留痕

1. 访问日志实体

@Data
@Entity
@Table(name = "access_log")
public class AccessLog {

    @Id
    @GeneratedValue(strategy = GenerationType.IDENTITY)
    private Long id;

    private String userId;

    private String username;

    private String requestUrl;

    private String requestMethod;

    private String requestParams;

    @Column(columnDefinition = "TEXT")
    private String requestBody;

    private Integer responseStatus;

    @Column(columnDefinition = "TEXT")
    private String responseBody;

    private Long executionTime;

    private String ipAddress;

    private String userAgent;

    private String className;

    private String methodName;

    private String description;

    @Column(columnDefinition = "TEXT")
    private String errorMsg;

    private LocalDateTime requestTime;

    private LocalDateTime responseTime;

    private String traceId;

    private String spanId;

}

2. 操作日志实体

@Data
@Entity
@Table(name = "operation_log")
public class OperationLog {

    @Id
    @GeneratedValue(strategy = GenerationType.IDENTITY)
    private Long id;

    private String userId;

    private String username;

    private String module;

    private String operation;

    private String description;

    @Column(columnDefinition = "TEXT")
    private String beforeData;

    @Column(columnDefinition = "TEXT")
    private String afterData;

    private String ipAddress;

    private String userAgent;

    private String status;

    @Column(columnDefinition = "TEXT")
    private String errorMsg;

    private LocalDateTime operationTime;

    private String traceId;

    private String spanId;

}

3. 审计日志实体

@Data
@Entity
@Table(name = "audit_log")
public class AuditLog {

    @Id
    @GeneratedValue(strategy = GenerationType.IDENTITY)
    private Long id;

    private String userId;

    private String username;

    private String module;

    private String operation;

    private String description;

    @Column(columnDefinition = "TEXT")
    private String beforeData;

    @Column(columnDefinition = "TEXT")
    private String afterData;

    private String ipAddress;

    private String userAgent;

    private String status;

    @Column(columnDefinition = "TEXT")
    private String errorMsg;

    private LocalDateTime operationTime;

    private String traceId;

}

4. 访问日志服务

@Service
@Slf4j
public class AccessLogService {

    @Autowired
    private AccessLogRepository accessLogRepository;

    @Autowired
    private StringRedisTemplate redisTemplate;

    @Value("${accesslog.async:true}")
    private boolean async;

    private static final String ACCESS_LOG_PREFIX = "access:log:";

    @Async
    public void saveAccessLog(AccessLog accessLog) {
        try {
            accessLogRepository.save(accessLog);
            log.debug("Access log saved: {}", accessLog);
        } catch (Exception e) {
            log.error("Failed to save access log", e);
        }
    }

    public Page<AccessLog> queryAccessLogs(AccessLogQuery query) {
        Specification<AccessLog> spec = buildSpecification(query);
        Pageable pageable = PageRequest.of(query.getPage(), query.getSize(),
                Sort.by(Sort.Direction.DESC, "requestTime"));
        return accessLogRepository.findAll(spec, pageable);
    }

    public List<AccessLog> queryAccessLogsByUserId(String userId, int days) {
        LocalDateTime startTime = LocalDateTime.now().minusDays(days);
        return accessLogRepository.findByUserIdAndRequestTimeAfter(userId, startTime);
    }

    public List<AccessLog> queryAccessLogsByTraceId(String traceId) {
        return accessLogRepository.findByTraceId(traceId);
    }

    private Specification<AccessLog> buildSpecification(AccessLogQuery query) {
        return (root, criteriaQuery, criteriaBuilder) -> {
            List<Predicate> predicates = new ArrayList<>();

            if (StringUtils.hasText(query.getUserId())) {
                predicates.add(criteriaBuilder.equal(root.get("userId"), query.getUserId()));
            }

            if (StringUtils.hasText(query.getUsername())) {
                predicates.add(criteriaBuilder.like(root.get("username"), 
                        "%" + query.getUsername() + "%"));
            }

            if (StringUtils.hasText(query.getRequestUrl())) {
                predicates.add(criteriaBuilder.like(root.get("requestUrl"), 
                        "%" + query.getRequestUrl() + "%"));
            }

            if (query.getStartTime() != null) {
                predicates.add(criteriaBuilder.greaterThanOrEqualTo(
                        root.get("requestTime"), query.getStartTime()));
            }

            if (query.getEndTime() != null) {
                predicates.add(criteriaBuilder.lessThanOrEqualTo(
                        root.get("requestTime"), query.getEndTime()));
            }

            return criteriaBuilder.and(predicates.toArray(new Predicate[0]));
        };
    }

}

5. 操作日志服务

@Service
@Slf4j
public class OperationLogService {

    @Autowired
    private OperationLogRepository operationLogRepository;

    @Async
    public void saveOperationLog(OperationLog operationLog) {
        try {
            operationLogRepository.save(operationLog);
            log.debug("Operation log saved: {}", operationLog);
        } catch (Exception e) {
            log.error("Failed to save operation log", e);
        }
    }

    public Page<OperationLog> queryOperationLogs(OperationLogQuery query) {
        Specification<OperationLog> spec = buildSpecification(query);
        Pageable pageable = PageRequest.of(query.getPage(), query.getSize(),
                Sort.by(Sort.Direction.DESC, "operationTime"));
        return operationLogRepository.findAll(spec, pageable);
    }

    public List<OperationLog> queryOperationLogsByUserId(String userId, int days) {
        LocalDateTime startTime = LocalDateTime.now().minusDays(days);
        return operationLogRepository.findByUserIdAndOperationTimeAfter(userId, startTime);
    }

    private Specification<OperationLog> buildSpecification(OperationLogQuery query) {
        return (root, criteriaQuery, criteriaBuilder) -> {
            List<Predicate> predicates = new ArrayList<>();

            if (StringUtils.hasText(query.getUserId())) {
                predicates.add(criteriaBuilder.equal(root.get("userId"), query.getUserId()));
            }

            if (StringUtils.hasText(query.getModule())) {
                predicates.add(criteriaBuilder.equal(root.get("module"), query.getModule()));
            }

            if (StringUtils.hasText(query.getOperation())) {
                predicates.add(criteriaBuilder.like(root.get("operation"), 
                        "%" + query.getOperation() + "%"));
            }

            if (query.getStartTime() != null) {
                predicates.add(criteriaBuilder.greaterThanOrEqualTo(
                        root.get("operationTime"), query.getStartTime()));
            }

            if (query.getEndTime() != null) {
                predicates.add(criteriaBuilder.lessThanOrEqualTo(
                        root.get("operationTime"), query.getEndTime()));
            }

            return criteriaBuilder.and(predicates.toArray(new Predicate[0]));
        };
    }

}

6. 审计日志服务

@Service
@Slf4j
public class AuditLogService {

    @Autowired
    private AuditLogRepository auditLogRepository;

    @Async
    public void saveAuditLog(AuditLog auditLog) {
        try {
            auditLogRepository.save(auditLog);
            log.debug("Audit log saved: {}", auditLog);
        } catch (Exception e) {
            log.error("Failed to save audit log", e);
        }
    }

    public Page<AuditLog> queryAuditLogs(AuditLogQuery query) {
        Specification<AuditLog> spec = buildSpecification(query);
        Pageable pageable = PageRequest.of(query.getPage(), query.getSize(),
                Sort.by(Sort.Direction.DESC, "operationTime"));
        return auditLogRepository.findAll(spec, pageable);
    }

    public List<AuditLog> queryAuditLogsByUserId(String userId, int days) {
        LocalDateTime startTime = LocalDateTime.now().minusDays(days);
        return auditLogRepository.findByUserIdAndOperationTimeAfter(userId, startTime);
    }

    private Specification<AuditLog> buildSpecification(AuditLogQuery query) {
        return (root, criteriaQuery, criteriaBuilder) -> {
            List<Predicate> predicates = new ArrayList<>();

            if (StringUtils.hasText(query.getUserId())) {
                predicates.add(criteriaBuilder.equal(root.get("userId"), query.getUserId()));
            }

            if (StringUtils.hasText(query.getModule())) {
                predicates.add(criteriaBuilder.equal(root.get("module"), query.getModule()));
            }

            if (StringUtils.hasText(query.getOperation())) {
                predicates.add(criteriaBuilder.like(root.get("operation"), 
                        "%" + query.getOperation() + "%"));
            }

            if (query.getStartTime() != null) {
                predicates.add(criteriaBuilder.greaterThanOrEqualTo(
                        root.get("operationTime"), query.getStartTime()));
            }

            if (query.getEndTime() != null) {
                predicates.add(criteriaBuilder.lessThanOrEqualTo(
                        root.get("operationTime"), query.getEndTime()));
            }

            return criteriaBuilder.and(predicates.toArray(new Predicate[0]));
        };
    }

}

7. 访问日志切面

@Aspect
@Component
@Slf4j
public class AccessLogAspect {

    @Autowired
    private AccessLogService accessLogService;

    @Autowired
    private UserService userService;

    @Pointcut("execution(* com.example.demo.controller..*.*(..))")
    public void controllerPointcut() {}

    @Around("controllerPointcut()")
    public Object around(ProceedingJoinPoint joinPoint) throws Throwable {
        HttpServletRequest request = 
                ((ServletRequestAttributes) RequestContextHolder.currentRequestAttributes())
                        .getRequest();
        
        AccessLog accessLog = new AccessLog();
        accessLog.setRequestTime(LocalDateTime.now());
        accessLog.setRequestUrl(request.getRequestURI());
        accessLog.setRequestMethod(request.getMethod());
        accessLog.setIpAddress(getClientIP(request));
        accessLog.setUserAgent(request.getHeader("User-Agent"));
        accessLog.setClassName(joinPoint.getTarget().getClass().getSimpleName());
        accessLog.setMethodName(joinPoint.getSignature().getName());
        
        // 获取当前用户
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        if (authentication != null && authentication.isAuthenticated()) {
            accessLog.setUserId(authentication.getName());
            accessLog.setUsername(authentication.getName());
        }
        
        // 获取链路追踪ID
        String traceId = MDC.get("traceId");
        if (StringUtils.hasText(traceId)) {
            accessLog.setTraceId(traceId);
        }
        
        // 记录请求参数
        Object[] args = joinPoint.getArgs();
        accessLog.setRequestParams(filterSensitiveParams(args));
        
        long startTime = System.currentTimeMillis();
        Object result = null;
        
        try {
            result = joinPoint.proceed();
            accessLog.setResponseStatus(200);
            
            // 记录响应体（可选）
            if (shouldLogResponse(joinPoint)) {
                accessLog.setResponseBody(filterSensitiveData(result));
            }
        } catch (Exception e) {
            accessLog.setResponseStatus(500);
            accessLog.setErrorMsg(e.getMessage());
            throw e;
        } finally {
            long endTime = System.currentTimeMillis();
            accessLog.setExecutionTime(endTime - startTime);
            accessLog.setResponseTime(LocalDateTime.now());
            
            accessLogService.saveAccessLog(accessLog);
        }
        
        return result;
    }

    private String getClientIP(HttpServletRequest request) {
        String xfHeader = request.getHeader("X-Forwarded-For");
        if (xfHeader == null) {
            return request.getRemoteAddr();
        }
        return xfHeader.split(",")[0];
    }

    private String filterSensitiveParams(Object[] args) {
        if (args == null || args.length == 0) {
            return "";
        }
        
        Map<String, Object> params = new HashMap<>();
        for (Object arg : args) {
            if (arg instanceof HttpServletRequest) {
                continue;
            }
            if (arg instanceof HttpServletResponse) {
                continue;
            }
            if (arg instanceof BindingResult) {
                continue;
            }
            
            if (arg != null) {
                String json = JSON.toJSONString(arg);
                Map<String, Object> map = JSON.parseObject(json, new TypeReference<Map<String, Object>>() {});
                params.putAll(map);
            }
        }
        
        return JSON.toJSONString(filterSensitiveData(params));
    }

    private Object filterSensitiveData(Object data) {
        if (data == null) {
            return null;
        }
        
        if (data instanceof Map) {
            Map<String, Object> map = (Map<String, Object>) data;
            Map<String, Object> filteredMap = new HashMap<>();
            for (Map.Entry<String, Object> entry : map.entrySet()) {
                if (isSensitiveField(entry.getKey())) {
                    filteredMap.put(entry.getKey(), "******");
                } else {
                    filteredMap.put(entry.getKey(), entry.getValue());
                }
            }
            return filteredMap;
        }
        
        return data;
    }

    private boolean isSensitiveField(String fieldName) {
        List<String> sensitiveFields = Arrays.asList(
                "password", "pwd", "secret", "token", "accessToken", 
                "refreshToken", "idCard", "phone", "mobile");
        return sensitiveFields.contains(fieldName.toLowerCase());
    }

    private boolean shouldLogResponse(ProceedingJoinPoint joinPoint) {
        MethodSignature signature = (MethodSignature) joinPoint.getSignature();
        AccessLog annotation = signature.getMethod().getAnnotation(AccessLog.class);
        
        if (annotation != null) {
            return annotation.logResponse();
        }
        
        return false;
    }

}

8. 操作日志切面

@Aspect
@Component
@Slf4j
public class OperationLogAspect {

    @Autowired
    private OperationLogService operationLogService;

    @Autowired
    private UserService userService;

    @Pointcut("@annotation(com.example.demo.annotation.OperationLog)")
    public void operationLogPointcut() {}

    @Around("operationLogPointcut() && @annotation(operationLog)")
    public Object around(ProceedingJoinPoint joinPoint, OperationLog operationLog) throws Throwable {
        HttpServletRequest request = 
                ((ServletRequestAttributes) RequestContextHolder.currentRequestAttributes())
                        .getRequest();
        
        com.example.demo.entity.OperationLog log = new com.example.demo.entity.OperationLog();
        log.setOperationTime(LocalDateTime.now());
        log.setModule(operationLog.module());
        log.setOperation(operationLog.operation());
        log.setDescription(operationLog.description());
        log.setIpAddress(getClientIP(request));
        log.setUserAgent(request.getHeader("User-Agent"));
        
        // 获取当前用户
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        if (authentication != null && authentication.isAuthenticated()) {
            log.setUserId(authentication.getName());
            log.setUsername(authentication.getName());
        }
        
        // 获取链路追踪ID
        String traceId = MDC.get("traceId");
        if (StringUtils.hasText(traceId)) {
            log.setTraceId(traceId);
        }
        
        // 记录操作前的数据
        if (operationLog.logBefore()) {
            Object[] args = joinPoint.getArgs();
            log.setBeforeData(JSON.toJSONString(filterSensitiveData(args)));
        }
        
        long startTime = System.currentTimeMillis();
        Object result = null;
        
        try {
            result = joinPoint.proceed();
            log.setStatus("SUCCESS");
            
            // 记录操作后的数据
            if (operationLog.logAfter()) {
                log.setAfterData(JSON.toJSONString(filterSensitiveData(result)));
            }
        } catch (Exception e) {
            log.setStatus("FAILED");
            log.setErrorMsg(e.getMessage());
            throw e;
        } finally {
            long endTime = System.currentTimeMillis();
            log.setExecutionTime(endTime - startTime);
            
            operationLogService.saveOperationLog(log);
        }
        
        return result;
    }

    private String getClientIP(HttpServletRequest request) {
        String xfHeader = request.getHeader("X-Forwarded-For");
        if (xfHeader == null) {
            return request.getRemoteAddr();
        }
        return xfHeader.split(",")[0];
    }

    private Object filterSensitiveData(Object data) {
        if (data == null) {
            return null;
        }
        
        if (data instanceof Map) {
            Map<String, Object> map = (Map<String, Object>) data;
            Map<String, Object> filteredMap = new HashMap<>();
            for (Map.Entry<String, Object> entry : map.entrySet()) {
                if (isSensitiveField(entry.getKey())) {
                    filteredMap.put(entry.getKey(), "******");
                } else {
                    filteredMap.put(entry.getKey(), entry.getValue());
                }
            }
            return filteredMap;
        }
        
        return data;
    }

    private boolean isSensitiveField(String fieldName) {
        List<String> sensitiveFields = Arrays.asList(
                "password", "pwd", "secret", "token", "accessToken", 
                "refreshToken", "idCard", "phone", "mobile");
        return sensitiveFields.contains(fieldName.toLowerCase());
    }

}

9. 访问日志控制器

@RestController
@RequestMapping("/api/accesslog")
@Slf4j
public class AccessLogController {

    @Autowired
    private AccessLogService accessLogService;

    @PostMapping("/query")
    public Result<Page<AccessLog>> queryAccessLogs(@RequestBody AccessLogQuery query) {
        try {
            Page<AccessLog> logs = accessLogService.queryAccessLogs(query);
            return Result.success(logs);
        } catch (Exception e) {
            log.error("Failed to query access logs", e);
            return Result.error(500, e.getMessage());
        }
    }

    @GetMapping("/user/{userId}")
    public Result<List<AccessLog>> queryAccessLogsByUserId(
            @PathVariable String userId,
            @RequestParam(defaultValue = "7") int days) {
        try {
            List<AccessLog> logs = accessLogService.queryAccessLogsByUserId(userId, days);
            return Result.success(logs);
        } catch (Exception e) {
            log.error("Failed to query access logs by user id", e);
            return Result.error(500, e.getMessage());
        }
    }

    @GetMapping("/trace/{traceId}")
    public Result<List<AccessLog>> queryAccessLogsByTraceId(@PathVariable String traceId) {
        try {
            List<AccessLog> logs = accessLogService.queryAccessLogsByTraceId(traceId);
            return Result.success(logs);
        } catch (Exception e) {
            log.error("Failed to query access logs by trace id", e);
            return Result.error(500, e.getMessage());
        }
    }

}

10. 操作日志控制器

@RestController
@RequestMapping("/api/operationlog")
@Slf4j
public class OperationLogController {

    @Autowired
    private OperationLogService operationLogService;

    @PostMapping("/query")
    public Result<Page<OperationLog>> queryOperationLogs(@RequestBody OperationLogQuery query) {
        try {
            Page<OperationLog> logs = operationLogService.queryOperationLogs(query);
            return Result.success(logs);
        } catch (Exception e) {
            log.error("Failed to query operation logs", e);
            return Result.error(500, e.getMessage());
        }
    }

    @GetMapping("/user/{userId}")
    public Result<List<OperationLog>> queryOperationLogsByUserId(
            @PathVariable String userId,
            @RequestParam(defaultValue = "7") int days) {
        try {
            List<OperationLog> logs = operationLogService.queryOperationLogsByUserId(userId, days);
            return Result.success(logs);
        } catch (Exception e) {
            log.error("Failed to query operation logs by user id", e);
            return Result.error(500, e.getMessage());
        }
    }

}

核心流程：接口访问日志审计与操作留痕

1. 访问日志记录流程

sequenceDiagram
    participant Client
    participant Controller
    participant Aspect
    participant Service
    participant Database

    Client->>Controller: 发送请求
    Controller->>Aspect: 拦截请求
    Aspect->>Aspect: 记录请求信息
    Aspect->>Controller: 继续处理
    Controller->>Service: 业务处理
    Service-->>Controller: 返回结果
    Controller-->>Aspect: 返回结果
    Aspect->>Aspect: 记录响应信息
    Aspect->>Database: 保存访问日志
    Aspect-->>Client: 返回响应

2. 操作日志记录流程

sequenceDiagram
    participant Client
    participant Controller
    participant Aspect
    participant Service
    participant Database

    Client->>Controller: 发送请求
    Controller->>Aspect: 拦截请求
    Aspect->>Aspect: 记录操作前数据
    Aspect->>Controller: 继续处理
    Controller->>Service: 业务处理
    Service-->>Controller: 返回结果
    Controller-->>Aspect: 返回结果
    Aspect->>Aspect: 记录操作后数据
    Aspect->>Database: 保存操作日志
    Aspect-->>Client: 返回响应

3. 链路追踪流程

sequenceDiagram
    participant Client
    participant Gateway
    participant ServiceA
    participant ServiceB
    participant Database

    Client->>Gateway: 发送请求
    Gateway->>Gateway: 生成 TraceId
    Gateway->>ServiceA: 转发请求 (TraceId)
    ServiceA->>ServiceB: 调用服务 (TraceId)
    ServiceB->>Database: 查询数据 (TraceId)
    Database-->>ServiceB: 返回数据
    ServiceB-->>ServiceA: 返回结果
    ServiceA-->>Gateway: 返回结果
    Gateway-->>Client: 返回响应

技术要点：接口访问日志审计与操作留痕

1. 敏感信息过滤

密码过滤

private Object filterSensitiveData(Object data) {
    if (data == null) {
        return null;
    }
    
    if (data instanceof Map) {
        Map<String, Object> map = (Map<String, Object>) data;
        Map<String, Object> filteredMap = new HashMap<>();
        for (Map.Entry<String, Object> entry : map.entrySet()) {
            if (isSensitiveField(entry.getKey())) {
                filteredMap.put(entry.getKey(), "******");
            } else {
                filteredMap.put(entry.getKey(), entry.getValue());
            }
        }
        return filteredMap;
    }
    
    return data;
}

private boolean isSensitiveField(String fieldName) {
    List<String> sensitiveFields = Arrays.asList(
            "password", "pwd", "secret", "token", "accessToken", 
            "refreshToken", "idCard", "phone", "mobile");
    return sensitiveFields.contains(fieldName.toLowerCase());
}

2. 异步日志记录

使用 @Async 注解

@Service
@Slf4j
public class AccessLogService {

    @Async
    public void saveAccessLog(AccessLog accessLog) {
        try {
            accessLogRepository.save(accessLog);
            log.debug("Access log saved: {}", accessLog);
        } catch (Exception e) {
            log.error("Failed to save access log", e);
        }
    }

}

使用消息队列

@Service
@Slf4j
public class AccessLogService {

    @Autowired
    private RabbitTemplate rabbitTemplate;

    public void sendAccessLog(AccessLog accessLog) {
        try {
            rabbitTemplate.convertAndSend("access.log.exchange", 
                    "access.log.routing.key", accessLog);
            log.debug("Access log sent: {}", accessLog);
        } catch (Exception e) {
            log.error("Failed to send access log", e);
        }
    }

}

3. 链路追踪

使用 MDC

@Component
public class TraceIdFilter implements Filter {

    @Override
    public void doFilter(ServletRequest request, ServletResponse response, 
            FilterChain chain) throws IOException, ServletException {
        
        String traceId = request.getHeader("X-Trace-Id");
        if (traceId == null) {
            traceId = UUID.randomUUID().toString();
        }
        
        MDC.put("traceId", traceId);
        
        try {
            chain.doFilter(request, response);
        } finally {
            MDC.remove("traceId");
        }
    }

}

使用 Sleuth

@SpringBootApplication
@EnableZipkinServer
public class Application {
    public static void main(String[] args) {
        SpringApplication.run(Application.class, args);
    }

}

@Aspect
@Component
public class AccessLogAspect {

    @Autowired
    private Tracer tracer;

    @Around("execution(* com.example.demo.controller..*.*(..))")
    public Object around(ProceedingJoinPoint joinPoint) throws Throwable {
        Span span = tracer.createSpan("access-log");
        
        try {
            return joinPoint.proceed();
        } finally {
            tracer.close(span);
        }
    }

}

4. 性能优化

批量插入

@Service
@Slf4j
public class AccessLogService {

    @Autowired
    private AccessLogRepository accessLogRepository;

    @Async
    @Transactional
    public void batchSaveAccessLogs(List<AccessLog> logs) {
        try {
            accessLogRepository.saveAll(logs);
            log.debug("Batch saved {} access logs", logs.size());
        } catch (Exception e) {
            log.error("Failed to batch save access logs", e);
        }
    }

}

使用缓存

@Service
@Slf4j
public class AccessLogService {

    @Autowired
    private StringRedisTemplate redisTemplate;

    @Autowired
    private AccessLogRepository accessLogRepository;

    private static final String ACCESS_LOG_CACHE_PREFIX = "access:log:";

    @Cacheable(value = "accessLog", key = "#id")
    public AccessLog getAccessLogById(Long id) {
        return accessLogRepository.findById(id).orElse(null);
    }

    @CacheEvict(value = "accessLog", key = "#log.id")
    public void saveAccessLog(AccessLog log) {
        accessLogRepository.save(log);
    }

}

最佳实践：接口访问日志审计与操作留痕

1. 合理设置日志级别

原则：

• 区分不同级别的日志
• 敏感操作记录详细日志
• 普通操作记录基本信息
• 避免过度记录

示例：

@Target(ElementType.METHOD)
@Retention(RetentionPolicy.RUNTIME)
public @interface AccessLog {
    String description() default "";
    LogLevel level() default LogLevel.INFO;
    boolean logRequest() default true;
    boolean logResponse() default false;
    boolean logParams() default true;
}

public enum LogLevel {
    DEBUG,
    INFO,
    WARN,
    ERROR
}

2. 敏感信息保护

原则：

• 过滤敏感字段
• 加密敏感数据
• 限制访问权限
• 定期审计

示例：

private Object filterSensitiveData(Object data) {
    if (data == null) {
        return null;
    }
    
    if (data instanceof Map) {
        Map<String, Object> map = (Map<String, Object>) data;
        Map<String, Object> filteredMap = new HashMap<>();
        for (Map.Entry<String, Object> entry : map.entrySet()) {
            if (isSensitiveField(entry.getKey())) {
                filteredMap.put(entry.getKey(), encrypt(entry.getValue()));
            } else {
                filteredMap.put(entry.getKey(), entry.getValue());
            }
        }
        return filteredMap;
    }
    
    return data;
}

private String encrypt(Object data) {
    // 使用加密算法加密敏感数据
    return "******";
}

3. 异步处理

原则：

• 使用异步处理
• 避免阻塞主流程
• 提高系统性能
• 保证数据一致性

示例：

@Service
@Slf4j
public class AccessLogService {

    @Async
    public void saveAccessLog(AccessLog accessLog) {
        try {
            accessLogRepository.save(accessLog);
            log.debug("Access log saved: {}", accessLog);
        } catch (Exception e) {
            log.error("Failed to save access log", e);
        }
    }

}

4. 数据归档

原则：

• 定期归档历史数据
• 保留重要数据
• 降低存储成本
• 提高查询效率

示例：

@Service
@Slf4j
public class AccessLogArchiveService {

    @Autowired
    private AccessLogRepository accessLogRepository;

    @Autowired
    private AccessLogArchiveRepository archiveRepository;

    @Scheduled(cron = "0 0 2 * * ?")
    public void archiveAccessLogs() {
        LocalDateTime archiveTime = LocalDateTime.now().minusDays(90);
        
        List<AccessLog> logsToArchive = accessLogRepository
                .findByRequestTimeBefore(archiveTime);
        
        if (!logsToArchive.isEmpty()) {
            archiveRepository.saveAll(logsToArchive);
            accessLogRepository.deleteAll(logsToArchive);
            
            log.info("Archived {} access logs", logsToArchive.size());
        }
    }

}

常见问题：接口访问日志审计与操作留痕

1. 性能问题

问题：日志记录影响系统性能

原因：

• 同步记录日志
• 日志数据量大
• 数据库压力大
• 没有使用缓存

解决方案：

@Service
@Slf4j
public class AccessLogService {

    @Autowired
    private AccessLogRepository accessLogRepository;

    @Autowired
    private StringRedisTemplate redisTemplate;

    // 使用异步处理
    @Async
    public void saveAccessLog(AccessLog accessLog) {
        try {
            accessLogRepository.save(accessLog);
            log.debug("Access log saved: {}", accessLog);
        } catch (Exception e) {
            log.error("Failed to save access log", e);
        }
    }

    // 使用批量处理
    @Scheduled(fixedRate = 60000)
    public void batchSaveAccessLogs() {
        String cacheKey = "access:log:batch";
        List<AccessLog> logs = (List<AccessLog>) redisTemplate.opsForValue().get(cacheKey);
        
        if (logs != null && !logs.isEmpty()) {
            accessLogRepository.saveAll(logs);
            redisTemplate.delete(cacheKey);
            
            log.info("Batch saved {} access logs", logs.size());
        }
    }

}

2. 数据安全问题

问题：日志中包含敏感信息

原因：

• 没有过滤敏感字段
• 没有加密敏感数据
• 日志访问权限过大
• 没有定期审计

解决方案：

private Object filterSensitiveData(Object data) {
    if (data == null) {
        return null;
    }
    
    if (data instanceof Map) {
        Map<String, Object> map = (Map<String, Object>) data;
        Map<String, Object> filteredMap = new HashMap<>();
        for (Map.Entry<String, Object> entry : map.entrySet()) {
            if (isSensitiveField(entry.getKey())) {
                filteredMap.put(entry.getKey(), "******");
            } else {
                filteredMap.put(entry.getKey(), entry.getValue());
            }
        }
        return filteredMap;
    }
    
    return data;
}

private boolean isSensitiveField(String fieldName) {
    List<String> sensitiveFields = Arrays.asList(
            "password", "pwd", "secret", "token", "accessToken", 
            "refreshToken", "idCard", "phone", "mobile");
    return sensitiveFields.contains(fieldName.toLowerCase());
}

3. 存储成本问题

问题：日志数据占用大量存储空间

原因：

• 记录了过多信息
• 没有数据归档
• 没有数据清理
• 没有压缩存储

解决方案：

@Service
@Slf4j
public class AccessLogArchiveService {

    @Autowired
    private AccessLogRepository accessLogRepository;

    @Autowired
    private AccessLogArchiveRepository archiveRepository;

    @Scheduled(cron = "0 0 2 * * ?")
    public void archiveAccessLogs() {
        LocalDateTime archiveTime = LocalDateTime.now().minusDays(90);
        
        List<AccessLog> logsToArchive = accessLogRepository
                .findByRequestTimeBefore(archiveTime);
        
        if (!logsToArchive.isEmpty()) {
            // 压缩数据
            List<AccessLogArchive> compressedLogs = compressLogs(logsToArchive);
            
            archiveRepository.saveAll(compressedLogs);
            accessLogRepository.deleteAll(logsToArchive);
            
            log.info("Archived {} access logs", logsToArchive.size());
        }
    }

    private List<AccessLogArchive> compressLogs(List<AccessLog> logs) {
        return logs.stream()
                .map(log -> {
                    AccessLogArchive archive = new AccessLogArchive();
                    BeanUtils.copyProperties(log, archive);
                    // 压缩大字段
                    archive.setRequestBody(compress(log.getRequestBody()));
                    archive.setResponseBody(compress(log.getResponseBody()));
                    return archive;
                })
                .collect(Collectors.toList());
    }

    private String compress(String data) {
        if (data == null || data.length() < 1000) {
            return data;
        }
        
        // 使用压缩算法压缩数据
        return data.substring(0, 1000) + "...";
    }

}

4. 查询效率问题

问题：海量数据查询效率低

原因：

• 没有合适的索引
• 查询条件不合理
• 没有分页查询
• 没有使用缓存

解决方案：

@Entity
@Table(name = "access_log", indexes = {
    @Index(name = "idx_user_id", columnList = {"user_id"}),
    @Index(name = "idx_request_time", columnList = {"request_time"}),
    @Index(name = "idx_trace_id", columnList = {"trace_id"})
})
public class AccessLog {
    // ...
}

public Page<AccessLog> queryAccessLogs(AccessLogQuery query) {
    Specification<AccessLog> spec = buildSpecification(query);
    Pageable pageable = PageRequest.of(query.getPage(), query.getSize(),
            Sort.by(Sort.Direction.DESC, "requestTime"));
    return accessLogRepository.findAll(spec, pageable);
}

@Cacheable(value = "accessLog", key = "#query.userId + ':' + #query.page + ':' + #query.size")
public Page<AccessLog> queryAccessLogs(AccessLogQuery query) {
    Specification<AccessLog> spec = buildSpecification(query);
    Pageable pageable = PageRequest.of(query.getPage(), query.getSize(),
            Sort.by(Sort.Direction.DESC, "requestTime"));
    return accessLogRepository.findAll(spec, pageable);
}

性能测试：接口访问日志审计与操作留痕

测试环境

• 服务器：4核8G，100Mbps带宽
• 数据库：MySQL 8.0
• 测试场景：10000个并发请求

测试结果

测试结论

1. 异步处理最佳：异步日志记录对性能影响最小
2. 批量处理次之：批量处理也能获得较好的性能
3. 日志完整性高：异步和批量处理的日志完整性都很高
4. 存储成本可控：日志存储成本在可接受范围

互动话题

1. 你在实际项目中如何实现接口访问日志审计？有哪些经验分享？
2. 对于操作留痕，你认为应该记录哪些信息？
3. 你遇到过哪些日志审计相关的问题？如何解决的？
4. 在微服务架构中，如何实现分布式日志追踪？

欢迎在评论区交流讨论！更多技术文章，欢迎关注公众号：服务端技术精选