Configure the Domain Model Logging Subsystem
<subsystem xmlns="urn:jboss:domain:logging:1.1"> <console-handler name="CONSOLE" autoflush="true"> <level name="INFO"/> <formatter> <pattern-formatter pattern="%d{HH:mm:ss,SSS} %-5p [%c] (%t) %s%E%n"/> </formatter> </console-handler> <periodic-rotating-file-handler name="FILE" autoflush="true"> <level name="INFO"/> <formatter> <pattern-formatter pattern="%d{HH:mm:ss,SSS} %-5p [%c] (%t) %s%E%n"/> </formatter> <file relative-to="jboss.server.log.dir" path="server.log"/> <suffix value=".yyyy-MM-dd"/> <append value="true"/> </periodic-rotating-file-handler> <periodic-rotating-file-handler name="AUDIT" autoflush="true"> <level name="TRACE"/> <formatter> <pattern-formatter pattern="%d{HH:mm:ss,SSS} %-5p [%c] (%t) %s%E%n"/> </formatter> <file relative-to="jboss.server.log.dir" path="audit.log"/> <suffix value=".yyyy-MM-dd"/> <append value="true"/> </periodic-rotating-file-handler> <logger category="org.jboss.security.audit"> <level name="TRACE"/> <handlers> <handler name="AUDIT"/> </handlers> </logger> <logger category="com.arjuna"> <level name="WARN"/> </logger> <logger category="org.apache.tomcat.util.modeler"> <level name="WARN"/> </logger> <logger category="sun.rmi"> <level name="WARN"/> </logger> <root-logger> <level name="INFO"/> <handlers> <handler name="CONSOLE"/> <handler name="FILE"/> </handlers> </root-logger> </subsystem>
The key changes to the logging subsystem are:
- A new logger category for "org.jboss.security.audit" is defined.
- A periodic rotating file handler called "AUDIT" is defined.
To crate audit.log one can you following CLI commands:
/subsystem=logging/periodic-rotating-file-handler=AUDIT/:add(suffix=.yyyy-MM-dd,formatter=%d{HH:mm:ss,SSS} %-5p [%c] (%t) %s%E%n,level=TRACE,file={"relative-to" => "jboss.server.log.dir","path" => "audit.log"}) /subsystem=logging/logger=org.jboss.security.audit/:add(level=TRACE,category=org.jboss.security.audit,handlers=["AUDIT"])
Web Applications
To enable auditing in your web applications, please configure your jboss-web.xml for your web archive. The <disable-audit> flag should be set to false.
<?xml version="1.0" encoding="UTF-8"?> <jboss-web> <security-domain>form-auth</security-domain> <disable-audit>false</disable-audit> </jboss-web>
Quick Testing
- Attached is the form-auth.war. Deploy it in standalone/deployments
- Make the standalone/configuration/standalone.xml changes to the logging subsystem as defined above.
- Start JBoss AS7
- Access http://localhost:8080/form-auth/ (User: anil Password: anil)
- If things are working, you should see audit.log under standalone/log
1:32:27,751 TRACE [org.jboss.security.audit.providers.LogAuditProvider] (http--127.0.0.1-8080-1) [Success]principal=GenericPrincipal[anil(user,)];
Note: You will need the following security domain added to standalone.xml
<security-domain name="form-auth" cache-type="default"> <authentication> <login-module code="UsersRoles" flag="required"> <module-option name="usersProperties" value="users.properties"/> <module-option name="rolesProperties" value="roles.properties"/> </login-module> </authentication> </security-domain>
Comments