用户工具

站点工具


light4j:middleware
  • exception:建议作为首位,会将请求从io线程分发到worker线程(后续handler不必再判断exchange.isInIoThread()),处理异常Framework|Api|ClientException,最终MDC.clear()
<dependency>
    <groupId>com.networknt</groupId>
    <artifactId>exception</artifactId>
    <version>${version.light-4j}</version>
</dependency>
# src/main/resources/config/handlers.yml
handlers:
  - com.networknt.exception.ExceptionHandler@exception
# exception.yml,Config.getInstance().getJsonObjectConfig("exception", ExceptionConfig.class)
enabled: true
ExceptionHandler implements MiddlewareHandler {
@Override void register(){ ModuleRegistry.registerModule(className, Config.getInstance().getJsonMapConfigNoCache(CONFIG_NAME), List<String> masks); }
}
  • metrics,性能指标
  • traceability,通常由consumer客户端设置请求头X-Traceability-Id,AuditHandler会记录,Client会传递,最后设置到响应头
  • correlation,通常由server服务端设置请求头X-Correlation-Id,autogenCorrelationID=true自动uuid并记入MDC.put(“cId”,cId),存在traceability时有日志:Associate traceability Id * with correlation Id *
  • cors,跨域处理
allowedOrigins:
- http://localhost
allowedMethods:
- GET
- POST
  • specification,记录endpoint openapi_operation,供security和validator使用;security,处理请求头Authorization,
# openapi.yml
openapi: 3.0.0
# handler.yml
handlers:
  - com.networknt.openapi.OpenApiHandler@specification # OpenApiHelper.openApi3解析openapi.yml
  - com.networknt.openapi.JwtVerifyHandler@security # 记录client_id user_id subject_claims等,检查jwt存在且未过期
  - com.networknt.openapi.ValidatorHandler@validator # openapi-validator.yml,校验请求是否满足openapi必填等规则
  - com.networknt.specification.SpecDisplayHandler@spec
  - com.networknt.specification.SpecSwaggerUIHandler@swaggerui
paths:
  - path: '/spec.yaml'
    method: 'get'
    exec:
      - spec
  - path: '/specui.html'
    method: 'get'
    exec:
      - swaggerui
  • body,处理请求正文,
  • audit,记录请求响应的详细信息
enabled:true
mask:true
statusCode:true # exchange.addExchangeCompleteListener异步记录,exchange1.getStatusCode()
responseTime:true # System.currentTimeMillis() - start,关闭statusCode和responseTime时可提高性能
auditOnError: false # true时只记录statusCode>=400的情形,false记录全部
logLevelIsError: false
timestampFormat: yyyy-MM-dd'T'HH:mm:ss.SSSZ  # timestamp
headers: #配合mask.yml的regex.requestHeader.name=replace处理请求头
- X-Correlation-Id
- X-Traceability-Id
- caller_id
audit: # 配合mask.yml的regex.audit.user_id=replace处理auditInfo上下文
- client_id
- user_id
- scope_client_id
- endpoint
- serviceId
# - requestBody # AttachmentConstants.REQUEST_BODY_STRING|REQUEST_BODY,由body获取
# - responseBody # 只有在statusCode=true且auditOnError=true时记录响应状态toString
- queryParameters # exchange.getQueryParameters(),regex.queryParameters.name=replace
- pathParameters # exchange.getPathParameters(),regex.pathParameters.name=replace
- requestCookies # exchange.getRequestCookies(),regex.requestCookies.name=replace
- Status
  • sanitizer:处理请求头和请求正文里的js代码,调用org.owasp.encoder.Encode.forJavaScriptSource(str)
enabled: false
sanitizeBody: true
sanitizeHeader: false
  • logger
handlers:
  - com.networknt.health.HealthGetHandler@health # 返回OK或{result:OK}
  - com.networknt.info.ServerInfoGetHandler@info # 返回{deployment,environment,security,component}
  - com.networknt.logging.handler.LoggerGetHandler@getLogger # 返回所有日志级别
  - com.networknt.logging.handler.LoggerPostHandler@postLogger # 变更日志级别
paths:
  - path: '/health/${server.serviceId:com.networknt.petstore-3.0.1}'
    method: 'get'
    exec:
      - security
      - health
  - path: '/server/info'
    method: 'get'
    exec:
      - security
      - info
  - path: '/logger'
    method: 'get'
    exec:
      - security
      - getLogger
  - path: '/logger'
    method: 'post'
    exec:
      - security
      - body
      - postLogger
light4j/middleware.txt · 最后更改: 2021/11/07 16:18 由 admin