-
Notifications
You must be signed in to change notification settings - Fork 35
Security Markers
Markers are a feature of the SLF4J API that allow developers to enrich log statements with customizable attributes. The OWASP Security Logging API provides a standard set of markers to tag log statements with security-related events. Markers can be used for automatic filtering and Masking of log statements at output time.
The SecurityMarkers class provides the following security-related markers:
- SECURITY_SUCCESS - Used to indicate that a security check was successful (e.g. a successful login)
- SECURITY_FAILURE - Used to indicate that a security check failed (e.g. user access denied)
- SECURITY_AUDIT - Used to record security events for audit (e.g. account accesses, new user registration, etc)
In addition, the following information classification labels are provided:
- RESTRICTED
- CONFIDENTIAL
- SECRET
- TOP_SECRET
For completeness, the API includes following non-security markers, though in practice many developers will probably ignore tagging of non-security events:
- EVENT_SUCCESS - A non-security event that succeeded
- EVENT_FAILURE - A non-security event that failed
Markers are added to log statements by providing them as additional parameters to the standard log methods:
//a normal log statement
log.debug("some normal event");
//a security event
log.info(SecurityMarkers.SECURITY_AUDIT, "user {} logged out", username);
You can also add multiple markers:
Marker multi = SecurityMarkers.getMarker(SecurityMarkers.SECURITY_SUCCESS, SecurityMarkers.CONFIDENTIAL);
log.info(multi, "Transfer {} from {} to {}", amount, fromAccount, toAccount);