數據庫審計是指當數據庫有記錄變動時,能夠記錄數據庫的變動時間和變動人等,這樣之後出問題回溯問責也比較方便。對於審計表記錄的變動能夠兩種方式,一種是創建一張審計表專門用於記錄,另外一種是在數據庫增長字段。本文所討論的是第二種方案。git
那如何在新增、修改、刪除的時候同時增長記錄呢?若是每張表都單獨記錄,代碼就會顯得很冗餘。更好的方式應該是作切面或者事件監聽,當數據有變動時統一進行記錄。github
2 Spring Data JPA審計Spring Data JPA爲咱們提供了方便的Audit功能,經過四個註解來標記字段:web
(1) @CreatedBy: 建立人spring
(2) @CreatedDate: 建立時間sql
(3) @LastModifiedBy: 最後修改人docker
(4) @LastModifiedDate: 最後修改時間數據庫
接下來咱們來看看怎麼使用。json
經過Docker啓動PostgreSQL數據庫:app
docker run -itd \
--name pkslow-postgres \
-e POSTGRES_DB=pkslow \
-e POSTGRES_USER=pkslow \
-e POSTGRES_PASSWORD=pkslow \
-e PGDATA=/var/lib/postgresql/data/pgdata \
-p 5432:5432 \
postgres:10
引入相關依賴:curl
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-jpa</artifactId>
</dependency>
<dependency>
<groupId>org.postgresql</groupId>
<artifactId>postgresql</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
Spring Security不是必須的,這裏使用它來獲取用戶名。配置的用戶爲:
spring.security.user.name=pkslow
spring.security.user.password=123456
其實父類不是必須的,你能夠在每一個想Audit的實體類進行配置,但比較麻煩,不如建立一個父類,再讓想審計的子類都繼承它:
@MappedSuperclass
@EntityListeners(AuditingEntityListener.class)
public class Auditable<U> {
@CreatedBy
@Column(name = "created_by")
private U createdBy;
@CreatedDate
@Column(name = "created_date")
private Date createdDate;
@LastModifiedBy
@Column(name = "last_modified_by")
private U lastModifiedBy;
@LastModifiedDate
@Column(name = "last_modified_date")
private Date lastModifiedDate;
// getter
//setter
}
@MappedSuperclass可讓其它子實體類繼承相關的字段和屬性;
@EntityListeners設置監聽類,會對新增和修改進行回調處理。
有了父類以後,子類就簡單了:
@Entity
@Table(name = "pkslow_users")
public class User extends Auditable<String> {
@Id
@GeneratedValue(strategy = GenerationType.AUTO)
private Long userId;
private String name;
private String email;
private String country;
private String website;
//getter setter
}
數據老是被修改的,咱們要提供一個獲取修改人名字的接口,配置以下:
@Configuration
@EnableJpaAuditing(auditorAwareRef = "auditorProvider")
public class JpaAuditingConfiguration {
@Bean
public AuditorAware<String> auditorProvider() {
return () -> {
String username = "system";
SecurityContext context = SecurityContextHolder.getContext();
if (context != null) {
Authentication authentication = context.getAuthentication();
if (authentication != null) {
username = authentication.getName();
}
}
String result = username;
return Optional.ofNullable(result);
};
}
}
這裏配置的是經過Spring Security的Context來獲取登錄用戶的名字,固然能夠有其它方案,如獲取請求頭的某個字段等。
注意註解@EnableJpaAuditing開啓了審計功能。
咱們經過一個Controller來新增數據,看看會有什麼效果:
@RestController
@RequestMapping("/user")
public class UserController {
@Autowired
private UserRepository userRepository;
@PostMapping
public User save(@RequestBody User user) {
return userRepository.save(user);
}
}
經過curl命令來測試以下:
$ curl 'http://localhost:8088/user' -X POST \
> -H 'Content-Type: application/json' \
> -H 'Authorization:Basic cGtzbG93OjEyMzQ1Ng==' \
> -d '{
> "name":"larry",
> "email":"admin@pkslow.com",
> "country":"China",
> "website":"www.pkslow.com"
> }'
{"createdBy":"pkslow","createdDate":"2021-01-15T15:08:47.035+0000","lastModifiedBy":"pkslow","lastModifiedDate":"2021-01-15T15:08:47.035+0000","userId":7,"name":"larry","email":"admin@pkslow.com","country":"China","website":"www.pkslow.com"}
查看數據庫,已經生成了審計記錄: