Versions Compared

Old Version 12

changes.mady.by.user Colm O hEigeartaigh

Saved on

compared with

New Version 13

changes.mady.by.user Andrei Shakirin

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Auto logging for existing CXF endpoints and clients in Apache Karaf

To use the message logging in karaf it needs to be installed as a feature. It can then be activated for all endpoints using a config.

Code Block
languagebash
titleLogging feature in karaf
feature:repo-add cxf 3.1.0
feature:install cxf-features-logging
config:property-set -p org.apache.cxf.features.logging enabled true

Any CXF endpoints installed after the logging feature will automatically be enhanced with the message logging feature.

By default then all SOAP and Rest calls will be logged using slf4j. So the logging data will be processed by pax logging and by default end up in your karaf log.

A log entry looks like this:

Code Block
languagebash
titleSample Log entry
2015-06-08 16:35:54,068 | INFO  | qtp1189348109-73 | REQ_IN                           | 90 - org.apache.cxf.cxf-rt-features-logging - 3.1.0 | <soap:Envelope 
xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><ns2:addPerson xmlns:ns2="http://model.personservice.cxf.karaf.tutorial.lr.net/" 
xmlns:ns3="http://person.jms2rest.camel.karaf.tutorial.lr.net"><arg0><id>3</id><name>Test2</name><url></url></arg0></ns2:addPerson></soap:Body></soap:Envelope>

This does not look very informative. You only see that it is an incoming request (REQ_IN) and the SOAP message in the log message. The logging feature provides a lot more information though. To leverage these the pax logging config can be changed to show the relevant MDC values.

Karaf decanter support to write into elastic search

Many people use elastic search for their logging. Fortunately you do not have to write a special LogSender for this purpose. The standard CXF logging feature will already work.

It works like this:

  • CXF sends the messages as slf4j events which are processed by pax logging
  • Karaf Decanter LogCollector attaches to pax logging and sends all log events into the karaf message bus (EventAdmin topics)
  • Karaf Decanter ElasticSearchAppender sends the log events to a configurable elastic search instance

As Decanter also provides features for a local elastic search and kibana instance you are ready to go in just minutes.

Code Block
languagebash
titleInstalling Decanter for CXF Logging
feature:repo-add mvn:org.apache.karaf.decanter/apache-karaf-decanter/3.0.0-SNAPSHOT/xml/features
feature:install decanter-collector-log decanter-appender-elasticsearch elasticsearch kibana


After that open a browser at http://localhost:8181/kibana. When decanter is released kibana will be fully set up. At the moment you have to add the logstash dashboard and change the index name to [karaf-]YYYY.MM.DD.

Then you should see your cxf messages like this:

Kibana easily allows to filter for specific services and correlate requests and responses.

This is just a preview of decanter. I will do a more detailed post when the first release is out.


Masking security sensitive data in logging

Version 3.4.0 provides an option to mask security relevant information in logging.

LoggingFeature has two new methods:

  • addSensitiveElementNames(final Set<String> sensitiveElements); Configures names of sensitive XML and JSON elements, values to be masked.
  • addSensitiveProtocolHeaderNames(final Set<String> sensitiveProtocolHeaders); Configures names of sensitive protocol headers, values to be masked.

After configuring these settings appropriate elements in XML and JSON and http protocol headers will be masked on server and client sides:

Code Block
titleConfiguration logging feature
...
        LoggingFeature loggingFeature = new LoggingFeature();
        loggingFeature.addSensitiveElementNames(new HashSet<>(Arrays.asList("password")));
        loggingFeature.addSensitiveProtocolHeaderNames(new HashSet<>(Arrays.asList("Server", "Accept", "Date")));
        loggingFeature.setPrettyLogging(true);
...


Code Block
titleClient out
2020-07-26 11:20:30,339 INFO  org.apache.cxf.services.CustomerServiceAPI.REQ_OUT - REQ_OUT
    Address: http://localhost:9000/customerservice/customers/
    HttpMethod: POST
    Content-Type: application/json
    ExchangeId: 84a5ca97-d31a-484b-933b-91621e45c867
    Headers: {Accept=XXX, Content-Type=application/json}
    Payload: {"id":1,"name":"test","password": "XXX"}


Code Block
titleClient in
2020-07-26 11:20:30,722 INFO  org.apache.cxf.services.CustomerServiceAPI.RESP_IN - RESP_IN
    Address: http://localhost:9000/customerservice/customers/
    Content-Type: application/json
    ResponseCode: 200
    ExchangeId: 84a5ca97-d31a-484b-933b-91621e45c867
    Headers: {transfer-encoding=chunked, Server=XXX, content-type=application/json, Date=XXX}
    Payload: {"id":124,"name":"test","password": "XXX"}


Code Block
titleServer in
2020-07-26 11:20:30,674 INFO  org.apache.cxf.services.CustomerService.REQ_IN - REQ_IN
    Address: http://localhost:9000/customerservice/customers/
    HttpMethod: POST
    Content-Type: application/json
    ExchangeId: 809a134c-dcfd-4c50-bb7d-281cc12bd18d
    Headers: {Accept=XXX, Cache-Control=no-cache, User-Agent=Apache-CXF/3.4.0-SNAPSHOT, connection=keep-alive, content-type=application/json, Host=localhost:9000, Pragma=no-cache, Content-Length=42}
    Payload: {"id":1,"name":"test","password": "XXX"}


Code Block
titleServer out
2020-07-26 11:20:30,716 INFO  org.apache.cxf.services.CustomerService.RESP_OUT - RESP_OUT
    Address: http://localhost:9000/customerservice/customers/
    Content-Type: application/json
    ResponseCode: 200
    ExchangeId: 809a134c-dcfd-4c50-bb7d-281cc12bd18d
    Headers: {Date=XXX, Content-Type=application/json}
    Payload: {"id":124,"name":"test","password": "XXX"}