- Java 双重比较
- java - 比较器与 Apache BeanComparator
- Objective-C 完成 block 导致额外的方法调用?
- database - RESTful URI 是否应该公开数据库主键?
我有一个非常小的 Java 程序,它能够使用 apache-commons-net 库通过 SSL(不是 SFTP)或 FTPS 执行 FTP。我写这个程序的原因是客户端机器是 AIX 5.3,它不支持 FTP over SSL (OOTB),而 FTP 主机运行 FileZilla 服务器,只启用 FTP over SSL。该程序运行良好,没有任何问题,但它生成的日志量很大。我的问题是 - 有没有办法控制日志记录的数量?
(再次注意- 该程序完全符合我的极简要求)
下面是我的代码片段
import java.io.*;
import java.text.MessageFormat;
import java.util.logging.Logger;
import org.apache.commons.
.....
....
....
try {
int reply;
logger.info("# Invoking Trust Manager");
client.setTrustManager(TrustManagerUtils.getAcceptAllTrustManager());
//client.setTrustManager(TrustManagerUtils.getValidateServerCertificateTrustManager());
logger.info("# Connect Call");
client.connect(server, port);
client.login(username, password);
logger.info("# Login Success");
client.setFileType(FTP.ASCII_FILE_TYPE);
client.execPBSZ(0); // Set protection buffer size
client.execPROT("P"); // Set data channel protection to private
client.enterLocalPassiveMode();
logger.info(MessageFormat.format("Connected to {0} .", server));
reply = client.getReplyCode();
if (!FTPReply.isPositiveCompletion(reply)) {
client.disconnect();
logger.severe("FTP server refused connection.");
System.exit(1);
}
if (flag.equals("-d")) { //Dir mode
if (args.length == 7){
renameFile = args[6]; //copy rename token
}
//We will get the file listing and stream the output to create files
logger.info("# Invoked Directory mode");
client.changeWorkingDirectory(remoteFile);
FTPFile[] ftpFiles;
ftpFiles = client.listFiles(remoteFile);
if (ftpFiles != null && ftpFiles.length > 0) {
for (FTPFile file : ftpFiles) {
if (!file.isFile()) {
continue;
}
InputStream fin = client.retrieveFileStream(remoteFile + "/" + file.getName());
if (fin == null) {
logger.severe(MessageFormat.format("could not retrieve file: {0}", file.getName()));
continue;
}
// write the inputStream to a FileOutputStream
OutputStream out = new FileOutputStream(new File(localFile + "/"+ renameFile + file.getName()));
int read = 0;
byte[] bytes = new byte[1024];
while ((read = fin.read(bytes)) != -1) {
out.write(bytes, 0, read);
}
fin.close();
out.flush();
out.close();
fin = null;
client.completePendingCommand();
}
}
}
if (flag.equals("-f")) { //File mode
//Transfer a single file
logger.info("# Invoked File mode");
client.listFiles();
boolean retrieved = client.retrieveFile(remoteFile, new FileOutputStream(localFile));
if (retrieved) {
logger.info("# File copied.");
}
}
} catch (Exception e) {
if (client.isConnected()) {
try {
client.disconnect();
} catch (IOException ex) {
ex.printStackTrace();
}
}
logger.severe("!! Could not connect to server.!! Please retry!");
e.printStackTrace();
} finally {
client.disconnect();
logger.info("# FTP Client disconnected");
System.exit(0);
}
传输一个文件生成的日志如下-
Jul 20, 2012 5:00:08 AM com.mff.ftps.FTPSSLTool main
INFO: Connecting to IP: 216.153.173.246 on Port: 00890
Jul 20, 2012 5:00:09 AM com.mff.ftps.FTPSSLTool main
INFO: # Initiating SSL connection
Jul 20, 2012 5:00:09 AM com.mff.ftps.FTPSSLTool main
INFO: # Invoking Trust Manager
Jul 20, 2012 5:00:09 AM com.mff.ftps.FTPSSLTool main
INFO: # Connect Call
IBMJSSEProvider2 Build-Level: -20110513
keyStore is: /usr/java6_64/jre/lib/security/cacerts
keyStore type is: jks
keyStore provider is:
init keystore
SSLContextImpl: Using X509ExtendedKeyManager com.ibm.jsse2.xc
SSLContextImpl: Using X509TrustManager org.apache.commons.net.util.TrustManagerUtils$TrustManager
Installed Providers =
IBMJSSE2
IBMJCE
IBMJGSSProvider
IBMCertPath
IBMSASL
IBMXMLCRYPTO
IBMXMLEnc
Policy
IBMSPNEGO
JsseJCE: Using SecureRandom from provider IBMJCE version 1.2
trigger seeding of SecureRandom
done seeding SecureRandom
IBMJSSE2 to send SCSV Cipher Suite on initial ClientHello
JsseJCE: Using cipher AES/CBC/NoPadding from provider TBD via init
IBMJSSE2 will allow RFC 5746 renegotiation per com.ibm.jsse2.renegotiate set to none or default
IBMJSSE2 will not require renegotiation indicator during initial handshake per com.ibm.jsse2.renegotiation.indicator set to OPTIONAL or default taken
IBMJSSE2 will not perform identity checking against the peer cert check during renegotiation per com.ibm.jsse2.renegotiation.peer.cert.check set to OFF or default
JsseJCE: Using MessageDigest MD5 from provider IBMJCE version 1.2
JsseJCE: Using MessageDigest SHA from provider IBMJCE version 1.2
JsseJCE: Using MessageDigest MD5 from provider IBMJCE version 1.2
JsseJCE: Using MessageDigest SHA from provider IBMJCE version 1.2
%% No cached client session
*** ClientHello, SSLv3
RandomCookie: GMT: 1342778411 bytes = { 246, 135, 47, 123, 204, 170, 94, 224, 76, 244, 28, 242, 63, 243, 124, 13, 93, 156, 170, 88, 91, 79, 89, 55, 157, 135, 214, 250 }
Session ID: {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_AES_128_CBC_SHA, SSL_DHE_RSA_WITH_AES_128_CBC_SHA, SSL_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_RC4_128_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_RSA_FIPS_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, SSL_RENEGO_PROTECTION_REQUEST]
Compression Methods: { 0 }
***
main, WRITE: SSLv3 Handshake, length = 81
main, READ: SSLv3 Handshake, length = 74
*** ServerHello, SSLv3
RandomCookie: GMT: 1342778410 bytes = { 142, 39, 57, 18, 38, 123, 184, 245, 24, 29, 238, 158, 68, 17, 226, 210, 53, 31, 36, 225, 52, 166, 78, 116, 251, 98, 122, 4 }
Session ID: {143, 221, 201, 170, 184, 190, 241, 94, 223, 253, 199, 199, 50, 161, 233, 224, 88, 78, 82, 162, 13, 222, 236, 56, 215, 253, 101, 12, 39, 45, 126, 203}
Cipher Suite: SSL_RSA_WITH_RC4_128_MD5
Compression Method: 0
***
Server did not supply RI Extension - com.ibm.jsse2.extended.renegotiation.indicator=optional or default - processing will continue
%% Created: [Session-1, SSL_RSA_WITH_RC4_128_MD5]
** SSL_RSA_WITH_RC4_128_MD5
main, READ: SSLv3 Handshake, length = 1361
*** Certificate chain
chain [0] = [
[
Version: V3
Subject: CN=ftps.thillsecure.com, OU=Terms of use at www.verisign.com/rpa (c)05, OU=Thill Logistics, O=TCFC LLC, L=Neenah, ST=Wisconsin, C=US
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: IBMJCE RSA Public Key:
modulus:134055911103149706293270567805752446004906288958857850
public exponent:
65537
Validity: [From: Sun Dec 04 18:00:00 CST 2011,
To: Wed Dec 12 17:59:59 CST 2012]
Issuer: CN=VeriSign Class 3 Secure Server CA - G3, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
SerialNumber: [168622087069244624687861365106323602194]
....
....
....
Hundreds and hundreds of more lines
我将 java.utils.logging.Logger
用于我自己的日志记录目的,但是日志行被 apache-commons 生成的大量日志行混淆了-net
库方法本身。
所以再次 - 问题是 - “有没有办法控制 apache-commons-net
库本身的日志记录行为?我可以使用的任何方法或需要设置的任何标志??”
更新:
我终于控制了日志记录(特别感谢 Flavio)。我所要做的就是在我的代码中包含 System.setProperty("javax.net.debug", "false");
。我最初将其设置为 System.setProperty("javax.net.debug", "ssl");
以启用调试级别日志记录。现在日志更短更精确。同样明显的是,日志毕竟不是来自 commons-net 库,而是来自 javax.net
。日志要短得多,看起来像下面这样-
Jul 30, 2012 9:03:16 AM com.mff.ftps.FTPSSLTool main
INFO: Connecting to IP: xxx.xxx.xxx.xxx on Port: 890
Jul 30, 2012 9:03:16 AM com.mff.ftps.FTPSSLTool main
INFO: # Initiating SSL connection
Jul 30, 2012 9:03:16 AM com.mff.ftps.FTPSSLTool main
INFO: # Invoking Trust Manager
Jul 30, 2012 9:03:16 AM com.mff.ftps.FTPSSLTool main
INFO: # Connect Call
220 GlobalSCAPE Secure FTP Server
USER XXXXXXX
331 Password required for XXXXXXX.
PASS XXXXXXXXX
230 Login OK. Proceed.
Jul 30, 2012 9:03:22 AM com.mff.ftps.FTPSSLTool main
INFO: # Login Success
TYPE A
200 Type set to A.
PBSZ 0
200 PBSZ Command OK. Protection buffer size set to 0.
PROT P
200 PROT Command OK. Using Private data connection
Jul 30, 2012 9:03:24 AM com.mff.ftps.FTPSSLTool main
INFO: Connected to xxx.xxx.xxx.xxx .
CWD /Data/Inv
Jul 30, 2012 9:03:24 AM com.mff.ftps.FTPSSLTool main
INFO: # Invoked Directory mode
250 Folder changed to "/Data/Inv".
SYST
215 UNIX Type: L8
PASV
227 Entering Passive Mode (216,153,173,246,109,220).
LIST /Data/Inv
150 Opening ASCII mode data connection for file list.
226 Transfer complete. 1430 bytes transferred. 1278 Bps.
Jul 30, 2012 9:03:30 AM com.mff.ftps.FTPSSLTool main
INFO: # FTP Client disconnected
最佳答案
我认为您找错地方了;这些消息不是来自 apache commons net 库。
我认为它们来自您在第一行中提到的 IBMJSSEProvider2
。根据这个link ,您应该能够通过不设置系统属性javax.net.debug 来禁用它们,或者使用os400.stdout 和重定向它们os400.stderr 属性。
关于java - Apache-commons-net 库 (Java) 的受控日志记录,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/11586524/
为什么 React 提示受控/不受控输入? value一开始就设置为this.state.text,this.state.text在constructor中设置code> 到 ''。 import R
我在 SCM 工作,使用各种工具(Subversion、Clearcase、TFS、Perforce)和技术(主要是 .NET、Java)。在我开始工作之前,正常的业务顺序是创建一个受控分支。 我将受
我想在单击“恢复默认值”按钮时恢复所有输入字段和总计的默认值,但它不起作用。在我到目前为止的代码中,所有元素都包含在网格中。 我提到的SO问题: 将所有元素包装在表单或 div 中并调用 reset(
我一直在努力以编程方式打开/关闭 React-Select 组件,同时仍然保留选择元素的正常单击功能。 我需要通过 JavaScript 以编程方式打开选择,我使用 menuIsOpen 属性来工作。
我这里有一个具体案例,我需要一些安全建议。基本上我的问题是“如果我控制数据库中的内容(没有用户提交的数据),以 HTML(通过 AJAX)返回数据库查询的结果是否存在安全问题?” 这是正在发生的过程:
我是一名优秀的程序员,十分优秀!