stackoom
  简体   繁体   中英

OWSAP ESAPI logging support in logback in spring boot

 原文  2019-12-20 13:01:39       java/ spring/ logback/ slf4j/ owasp

Question

Is there OWSAP ESAPI logging supported in logback for spring boot application? I did a lot of research but could not find much on this. I found out that org.owasp.esapi now supports this after this PR . But this means that I will have to do away with logback. Is there a way that I can implement OWSAP ESAPI logging using logback? We are using slf4j logger that logback provides.

I looked at logback's maven page and there has not been any major release since 2017. So I am guessing that logback does not supports OWSAP ESAPI logging. Please correct me if I am wrong. If that is the case are there any alternatives I can use?

Also according to this spring-boot does not support slf4j 1.8 and above.If that is the case are there any alternatives I can use?

2 answers

solution1
 3 ACCPTED  2020-01-30 08:00:04

I found out that org.owasp.esap actually delegates the actual logging to our existing infrastructure. So all I had to do is add the correct package and it automatically takes care of the logging via whatever config I have in logback.

Add the esapi dependency to pom.xml

<dependency>
        <groupId>org.owasp.esapi</groupId>
        <artifactId>esapi</artifactId>
        <version>2.2.0.0</version>
</dependency>

Add the ESAPI.properties file to src/main/resources/ . This file contains the config properties for the ESAPI logger. Since I was using Slf4j looger, I set ESAPI.Logger=org.owasp.esapi.logging.slf4j.Slf4JLogFactory in the file.

Now we can use the ESAPI logger for logging which internally will use the Slf4j logger. As the function definition of the ESAPI logger has an extra argument I had to update all the logger functions accordingly.

solution2
 2  2020-07-07 20:08:19

For me, the solution was:

  1. Add the next code to my pom.xml

     <dependency> <groupId>org.owasp.esapi</groupId> <artifactId>esapi</artifactId> <version>2.2.0.0</version> </dependency>

  2. Add ESAPI.properties and validation.properties files to src/main/resources/ , I took them from this post , of Vaquar Khan answer .

  3. Update the property ESAPI.Logger in the file ESAPI.properties with this code of AshwinSreekumar :

     ESAPI.Logger=org.owasp.esapi.logging.slf4j.Slf4JLogFactory

I hope it will help you, because in my case, I had to do some extra steps to make it work.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Spring boot logback not logging to file Spring boot logging problem (with logback) Spring Boot Logback logging DEBUG messages Why logback is not logging some lines with Spring Boot? spring boot, logback and logging.config property Why Java spring boot logback not logging exceptions Spring Boot Logback and Logging Specific Package Can't avoid hibernate logging SQL to console with Spring Boot and Logback Java Spring Boot Logback Configuring Logback with Spring Boot
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM