Custom Logback Desensitization Component (slf4j + logback) – Usage and Configuration Guide

When writing logs, many developers need to mask sensitive data; this article presents two common approaches: using the conversionRule tag with MessageConverter , or creating a custom utility class that performs desensitization at log time.

The first method requires code changes and violates the open‑closed principle, while the second intrudes on the original log parameters, potentially affecting log integrity.

Custom Desensitization Component (slf4j + logback)

A project with extensive log statements can adopt this component to achieve desensitization with minimal code changes—only three configuration steps are needed.

Step 1: Add Maven Dependency

<dependency>
    <groupId>pers.liuchengyin</groupId>
    <artifactId>logback-desensitization</artifactId>
    <version>1.0.0</version>
</dependency>

Step 2: Replace Appender Classes in logback.xml

// Original class
ch.qos.logback.core.ConsoleAppender
// Replacement class
pers.liuchengyin.logbackadvice.LcyConsoleAppender

Similar replacements are provided for RollingFileAppender and FileAppender using LcyRollingFileAppender and LcyFileAppender respectively.

Step 3: Add Desensitization Configuration File ( logback-desensitize.yml )

# Log desensitization
log-desensitize:
  ignore: true   # case‑insensitive matching
  open: true     # enable desensitization
  pattern:
    email: "@>(4,7)"   # mask 4‑7 characters before '@'
    qqemail: "@<(1,3)" # mask 1‑3 characters after '@'
    name: 1,1
    password: password
  patterns:
    - key: identity,idcard
      custom:
        - defaultRegex: identity
          position: 9,13
        - defaultRegex: other
          position: 9,10
    - key: phone,cellphone,mobile
      custom:
        - defaultRegex: phone
          position: 4,7
        - customRegex: "^0[0-9]{2,3}-[0-9]{7,8}"
          position: "-<(1,4)"
        - customRegex: "^[0-9]{7,8}"
          position: 3,5
        - defaultRegex: other
          position: 1,3
    - key: localMobile
      custom:
        customRegex: "^0[0-9]{2,3}-[0-9]{7,8}"
        position: 1,3

The configuration supports eight basic types, their wrappers, Map , List , POJOs, JSON strings, and provides matching rules using key:value pairs, delimiter symbols, or custom regular expressions.

Examples of key‑value rules: phone:4,7 masks the 4‑7th digits of a phone number. Original data 13610357861 becomes 136****7861 .

Symbol‑based rules use @>(4,7) to mask characters before the '@' sign, or @<(1,3) to mask after it. Double quotes and parentheses must be retained.

Custom regex rules allow flexible patterns, e.g., masking a Chinese landline number with "^0[0-9]{2,3}-[0-9]{7,8}" and specifying the mask range.

The component also includes built‑in patterns for phone numbers, identity cards, emails, and a generic other fallback, as well as a password rule for full masking.

Jar Installation into Local Maven Repository

mvn install:install-file -DgroupId=pers.liuchengyin -DartifactId=logback-desensitization -Dversion=1.0.0 -Dpackaging=jar -Dfile=logback-desensitization-1.0.0.jar

Command arguments define the groupId, artifactId, version, packaging, and the local JAR file path.

For further details, the source code and Maven repository are available at:

GitHub repository

Project homepage

The article concludes with promotional messages encouraging readers to share the post and join the author’s technical community.