记录用户操作
客户希望我们“记录”用户在我们的系统上执行的“操作”:主要是创建、删除和更新。 我已经有一个记录跟踪的方面,但它在相当低的级别上工作,记录每个方法调用。 因此,如果用户单击“打开医疗文件”按钮,日志将显示:
- closePreviousFiles(“零号病人”)
- createMedicalFile(“零号病人”) --> 文件 #001
- 更改状态("#001") --> open
而期望的结果是:
- 为零号病人打开医疗文件 #001
我正在考虑使用日志语句来检测 Struts2 操作,但我想知道......还有其他方法可以做到这一点吗? 我可能会再次使用 AspectJ(或过滤器)并将逻辑保留在一个地方,以便我可以轻松配置日志,但我担心一切都会变得更难以理解(即“此操作的日志是错误的”) ...我到底应该在哪里寻找麻烦?”)。
The customer wants us to "log" the "actions" that a user performs on our system: creation, deletion and update, mostly.
I already have an aspect that logs the trace, but that works at a pretty low level logging every method call.
So if a user clicked on the button "open medical file" the log would read:
- closePreviousFiles("patient zero")
- createMedicalFile("patient zero") --> file #001
- changeStatus("#001") --> open
while the desired result is:
- opened medical file #001 for patient zero
I'm thinking of instrumenting the Struts2 actions with log statements, but I'm wondering... is there another way to do that? I might use AspectJ again (or a filter) and keep the logic in just one place, so that I might configure the log easily, but then I'm afraid everything will become harder to understand (i.e. "the log for this action is wrong... where the heck should I look for the trouble?").
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(4)
听起来您的客户想要对用户在系统中的操作进行审计跟踪。
考虑在每个操作的入口点(来自 Web 请求)使用操作上的枚举/常量启动审核条目。 如果可能的话,用用户提供的信息填充它。
在退出/最后时,在审核中指出是成功还是失败。
伪代码示例:
这里重要的是保存所有用户操作,无论成功还是失败。 此外,客户确实需要了解所有相关信息以及操作。
由于我们正在记录操作常量和数据,因此可以单独对向客户端呈现的审计进行编码。 您也获得了灵活性,因为演示字符串的更改(例如“为零号患者打开的医疗文件#001”更改为“零号患者#001 医疗文件打开)不是在执行操作时确定的,而是稍后确定的。您不需要不必重新调整审计数据。
Sounds like your client wants an audit trail of the user's actions in the system.
Consider that at each action's entry point (from the web request) to start an audit entry with an enum/constant on the action. Populate it with information user has provided if possible.
At exit/finally, indicate in the audit if it is successful or failed.
An example in pseudocode:
What is important here is that all user actions are saved, regardless of success or failure. Also, the client really really need to know all relevant information along with the action.
Since we are logging action constants and data, the presentation of the audit to the client can be seperately coded. You gain flexibility too, since a change of presentation string (eg. "opened medical file #001 for patient zero" to "patient zero #001 medical file opened) is not determined at the time of the action, but later. You don't have to remassage the audit data.
我最近对日志进行了后处理以生成摘要。 您可能需要考虑这种方法,特别是如果上述日志中的 #2 和 #3 是在不同的位置生成的,并且所需的结果需要将状态从一个地方转移到另一个地方。
I recently post-processed logs to generate summary. You may want to consider that approach, especially if #2 and #3 in the above logs are generated at different places and the desired result would require to carry around state from one place to another.
如果您正在处理医疗数据,您可能需要考虑日志记录和版本控制。 我什至会考虑使用数据库触发器来做到这一点。 我没有做过很多 Java 编程,但我已经与我们的学生信息系统团队讨论过这个问题。 他们在后端使用 Oracle 并通过其连接注册会话变量。 它们的触发器使用此会话变量来创建关键表的日志条目和版本历史(更新/删除)。 这为他们提供了审核和回滚功能。 我认为这两者对于医疗记录应用程序都会有用。
他们还使用 log4j 进行应用程序级别日志记录,但数据日志记录发生在数据库中。
If you are working with medical data you may want to consider both logging and versioning. I would even think about doing this with database triggers. I don't do a lot of Java programming, but I've discussed this very issue with our Student Information System team. They use Oracle on the backend and register a session variable with their connections. Their triggers use this session variable to create log entries and version histories (on updates/deletes) of critical tables. This gives them both auditing and rollback capabilities. I would think that both of these would be useful for a medical records application.
They also use log4j to do application level logging, but the data logging takes place in the database.
我在 Struts2 操作中做了类似的事情,我使用了“log4j”。 根据您的应用程序服务器,它可能具有允许使用消息目录的集成日志记录系统(例如:Weblogic)。
I've done similar stuff in Struts2 actions, I used "log4j". Depending on your Application Server, it might have an integrated logging system allowing the use of message catalogs (e.g.: Weblogic).