This is a Spring Boot library project that provides comprehensive auditing capabilities for HTTP requests and responses in a Spring Boot application. It automatically audits inbound requests and responses to application controllers, as well as outbound requests and responses sent via clients. The audit data, including request/response payloads, headers, and metadata, is persisted in an SQL database.
The primary purpose of this project is to enable auditing and logging of interactions with third-party systems, ensuring transparency and traceability of external communications. By integrating this library into a Spring Boot application, developers can easily audit and monitor all incoming and outgoing HTTP traffic, facilitating debugging, compliance, and security analysis.
- Automatic auditing of inbound HTTP requests and responses.
- Automatic auditing of outbound HTTP requests and responses via
RestTemplateorFeignclients. - Persistence of audit data, including payloads, headers, and metadata, in an SQL database.
- Seamless integration with the Spring Boot ecosystem.
- Facilitates debugging, compliance, and security analysis in distributed applications.
To install the Auditor library in your Spring Boot application, add the following dependency to your pom.xml:
<dependency>
<groupId>io.github.tkaczenko.auditor</groupId>
<artifactId>auditor.starter</artifactId>
<version>${version}</version>
</dependency>Or in build.gradle:
implementation 'io.github.tkaczenko.auditor:auditor.starter:${version}'Or in build.gradle.kts:
implementation("io.github.tkaczenko.auditor:auditor.starter:${version}")Once the dependency is added, the library could automatically start auditing HTTP requests and responses. Configuration options are available to customize the auditing behavior, such as specifying which endpoints to audit, and more.
Usage of the annotations below is not required. Reason being, all the required configurations are auto-configurable and are placed in the artifacts.
@EnableHttpAuditingThis annotation enables all available configurations.
@EnableInboundAuditingThis annotation enables auditing of inbound HTTP requests and responses to your application's controllers.
@EnableOutboundAuditingThis annotation enables auditing of outbound HTTP requests and responses sent via RestTemplate or Feign clients.
@EnableScheduledCleanupThis annotation enables scheduled cleanup of audit data from the database based on the configured cron expression or fixed delay.
You can use one or more of these annotations depending on your requirements. For example, to enable all auditing features, you can add the following to your main application class:
@EnableHttpAuditing
public class YourApplication {
// ...
}or
@EnableInboundAuditing
@EnableOutboundAuditing
@EnableScheduledCleanup
@SpringBootApplication
public class YourApplication {
// ...
}Configuration properties for the Auditor library can be added to your application.properties file:
auditor.extendable-from-mdc=true
auditor.scheduling.cron="0 0 * * * ?"
auditor.scheduling.fixed-delay=3600000or application.yml:
auditor:
extendable-from-mdc: true
scheduling:
cron: "0 0 * * * ?"
fixed-delay: 3600000There are several modules in Auditor. Here is a quick overview:
The demo module is a Spring Boot application that demonstrates the usage of the Auditor library. It includes integration tests to verify the functionality of the auditing features for both inbound and outbound HTTP requests and responses. The demo application serves as a reference implementation and can be used as a starting point for integrating the Auditor library into your own Spring Boot projects.
The auditor.starter module provides automatic configuration scanning and leverages Spring Boot principles.
The auditor.core module is the main library providing persistence of audit data, including payloads, headers, and metadata, in an SQL database. It defines the core entities and repositories for storing and retrieving audit records.
The inbound module provides automatic auditing of inbound HTTP requests and responses to the application's controllers. It leverages Spring's request interceptor mechanism to capture incoming requests and responses, and persists the audit data using the core module.
The auditor.outbound module provides automatic auditing of outbound HTTP requests and responses within the RestTemplate client. It intercepts outgoing requests and responses using Spring's ClientHttpRequestInterceptor, and persists the audit data using the core module.
The auditor.outbound.feign module provides automatic auditing of outbound HTTP requests and responses within the Feign client. It leverages Feign's logger to capture outgoing requests and responses, and persists the audit data using the core module.
The auditor.cleanup module provides scheduled cleanup of audit data from the database based on the configured cron expression or fixed delay. It leverages the ShedLock library to ensure that only one instance of the cleanup job runs at a time, preventing data corruption or race conditions in a clustered environment. The cleanup module is responsible for deleting audit records older than a specified retention period, freeing up disk space and maintaining optimal database performance.
- Java
- Kotlin
- Gradle
- Spring Boot
- Spring MVC
- Spring Data JPA
- H2 Database
- ShedLock
This project is licensed under the MIT License. See the LICENSE file for details.
Contributions are welcome! Please see the CONTRIBUTING file for guidelines on how to contribute to this project.
For any inquiries or support, please contact [email protected].