将审核添加到现有应用程序的良好模式或框架?

发布于 2024-07-05 23:58:43 字数 1560 浏览 8 评论 0原文

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(6

简单 2024-07-12 23:58:43

也许您应该看看Audit4j,它提供业务功能审核并具有多个配置选项。
另一个框架是 JaVers ,它更多地侧重于审核持久层上的低级修改,这可能更符合您的情况。

这两个框架都提供了超出普通 AOP/拦截器的特定于审计的功能。

Maybe you should have a look at Audit4j that provides auditing of business functionality and has several options for configuration.
Another framework is JaVers that focues more on auditing low-level modification on persistence layer, which might match your case a bit better.

Both framework provide audit-specific functionalities that goes beyond plain AOP/Interceptors.

廻憶裏菂餘溫 2024-07-12 23:58:43

现在我倾向于使用 Spring AOP(使用“@AspectJ”样式)来为暴露于 Web 层的业务操作提供建议。

Right now I'm leaning towards using Spring AOP (using the "@AspectJ" style) to advise the business operations that are exposed to the web layer.

请止步禁区 2024-07-12 23:58:43

我将在这里稍微反其道而行之,建议您考虑一个较低层的解决方案。 我们的应用程序具有类似的架构,并且对于审计,我们使用了数据库级审计触发器来跟踪 RDBMS 内的操作。 这可以按照您喜欢的细粒度或粗粒度来完成,您只需识别要跟踪的实体即可。

现在,这不是一个纯粹意识形态的解决方案;而是一个解决方案。 它涉及将逻辑放入数据库中,这些逻辑可以说应该保留在业务层中,我不能否认这个视图有价值,但在我们的例子中,我们有许多独立的应用程序与数据模型交互,其中一些是用 C 编写的,有些是脚本应用程序,有些是 J2EE 应用程序,所有这些应用程序都必须经过一致的审核。

请注意,J2EE 方面可能还需要完成一些 AOP 工作; 任何更新数据库的方法都可能需要完成一些额外的工作来告诉数据库哪个用户正在执行该工作。 我们使用数据库会话变量来做到这一点,但当然还有其他解决方案。

I'm going to go a bit against the grain here and suggest that you look at a lower-tier solution. We have a similar architecture in our application, and for our auditing we've gone with database-level audit triggers that track operations within the RDBMS. This can be done as fine- or coarse-grained as you like, you just have to identify the entities you'd like to track.

Now, this isn't an ideologically pure solution; it involves putting logic in the database that is arguably supposed to remain in the business tier, and I can't deny that this view has value, but in our case we have many independent application interacting with the data model, some written in C, some scripted, and others J2EE apps, and all of them have to be audited consistently.

There's possibly still some AOP work to be done here on the J2EE side, mind you; any method that updates the database at all may have to have some additional work done to tell the database which user is doing the work. We use database session variables to do this, but there are other solutions, of course.

花想c 2024-07-12 23:58:43

我刚刚了解了一个名为 Spring Data JPA 的新 Spring 项目,它提供了 基于 AOP 的审核功能。 目前还没有正式发布,但值得关注。

I've just learned about a new Spring project called Spring Data JPA that offers an AOP-based auditing feature. It's not GA yet, but it bears keeping an eye on.

清风挽心 2024-07-12 23:58:43

尝试一个面向方面编程框架。

来自维基百科“面向方面的编程(AOP)是一种编程范例,它通过允许分离横切关注点来增加模块化性”。

Try an Aspect Oriented programming framework.

From Wikipedia "Aspect-oriented programming (AOP) is a programming paradigm that increases modularity by allowing the separation of cross-cutting concerns".

╰◇生如夏花灿烂 2024-07-12 23:58:43

对于所有 EJB,您可以使用 EJB 3.0 拦截器(这类似于 Servlet 过滤器)和另一个类似的 Spring 拦截器(不熟悉 spring)
由于您使用的是 EJB 以及 Spring,因此可能无法覆盖整个事务。 另一种方法是使用前端控制器,但这需要在客户端进行一些修改。 另一种方法是使用 Servlet Filter,但这意味着在表示层中实现域逻辑。

在这种情况下我会推荐前端控制器。

For all EJBs you can use EJB 3.0 Interceptors (This is something similar to Servlet filter) and another similar interceptor for Spring (not familiar with spring)
As you are using EJBs as well as Spring that may not cover the whole transactions. Another approach could be using a Front Controller however that requires some modification in the client side. Yet another approach could be using a Servlet Filter however that means implementing the domain logic in the presentation layer.

I would recommend the Front Controller in this case.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文