LCGYL Hub

主题

Security Audit Plugin

对应模块: io.gitee.lcgyl:lcgyl-security-audit-plugin

安全审计日志插件,自动记录关键操作行为,满足合规性要求。

✨ 特性

  • 全自动记录 - 自动拦截敏感操作
  • 上下文感知 - 自动捕获当前用户、IP、时间
  • 灵活存储 - 支持 DB, ES, 文件等多种存储后端
  • 差分记录 - 支持记录数据修改前后的差异

🚀 快速开始

依赖引入

gradle
implementation 'io.gitee.lcgyl:lcgyl-security-audit-plugin:2.2.0'

配置

yaml
lcgyl:
  security:
    audit:
      enabled: true
      storage: database  # database, elasticsearch, file
      async: true        # 异步写入,不影响主业务性能
      include-request-body: true
      include-response-body: false

声明式审计

java
@RestController
@RequestMapping("/api/users")
public class UserController {
    
    // 基础审计
    @AuditLog(action = "创建用户", resource = "USER")
    @PostMapping
    public User createUser(@RequestBody CreateUserRequest request) {
        return userService.create(request);
    }
    
    // 详细审计:记录参数和返回值
    @AuditLog(
        action = "更新用户", 
        resource = "USER",
        recordParams = true,
        recordResult = true
    )
    @PutMapping("/{id}")
    public User updateUser(@PathVariable String id, @RequestBody UpdateUserRequest request) {
        return userService.update(id, request);
    }
    
    // 差分审计:记录修改前后的差异
    @AuditLog(action = "修改密码", resource = "USER", diff = true)
    @PostMapping("/{id}/password")
    public void changePassword(@PathVariable String id, @RequestBody PasswordRequest request) {
        userService.changePassword(id, request);
    }
    
    // 敏感操作:高危标记
    @AuditLog(action = "删除用户", resource = "USER", level = AuditLevel.HIGH)
    @DeleteMapping("/{id}")
    public void deleteUser(@PathVariable String id) {
        userService.delete(id);
    }
}

编程式审计

java
@Service
public class PaymentService {
    
    @Inject
    private AuditLogger auditLogger;
    
    public void processPayment(PaymentRequest request) {
        // 记录审计开始
        AuditContext ctx = auditLogger.start("支付处理", "PAYMENT")
            .param("orderId", request.getOrderId())
            .param("amount", request.getAmount());
        
        try {
            // 执行支付逻辑
            PaymentResult result = doPayment(request);
            
            // 记录成功
            ctx.success().result(result).commit();
        } catch (Exception e) {
            // 记录失败
            ctx.fail(e.getMessage()).commit();
            throw e;
        }
    }
}

审计日志查询

java
@Service
public class AuditQueryService {
    
    @Inject
    private AuditLogRepository auditLogRepo;
    
    public Page<AuditLog> queryLogs(AuditLogQuery query) {
        return auditLogRepo.findByCondition(
            query.getUserId(),
            query.getAction(),
            query.getResource(),
            query.getStartTime(),
            query.getEndTime(),
            query.getPageable()
        );
    }
    
    // 统计用户操作
    public List<UserOperationStats> getUserOperationStats(String userId, LocalDate date) {
        return auditLogRepo.countByUserAndDate(userId, date);
    }
}

自定义存储

java
@Component
public class ElasticsearchAuditStorage implements AuditStorage {
    
    @Inject
    private ElasticsearchClient esClient;
    
    @Override
    public void save(AuditLog log) {
        esClient.index(i -> i
            .index("audit-logs-" + log.getDate())
            .document(log)
        );
    }
    
    @Override
    public Page<AuditLog> query(AuditLogQuery query) {
        // ES 查询实现
    }
}

Released under the Apache License 2.0

Copyright © 2025 LCGYL Framework