4 Replies Latest reply on Feb 6, 2007 5:13 AM by jc7442

Audit Facilities

anil.saldhana Jan 24, 2006 8:38 AM

Questions:

1. What types of IT auditing capabilities that you want to see provided by JBoss security layer?

2. What do you use currently for audits in your environment?

============
My Blog: http://anil-identity.blogspot.com

1. Re: Audit Facilities

jc7442 Feb 15, 2006 5:12 AM (in response to anil.saldhana)

1- We currently have 2 kinds of audit:
- Audit on Entities: We track Creation, deletion and modification of entities and write in table changed attributes, user that perform the modif and date of the modif.
- Audit on services.
Such features includes in JBoss may be great.

2- Audit on entities is based on database trigger (problem is to get the user authenticated in JAAS, it is not the same as user authenticated on DB).
We also try an audit based on interceptor (it looks like the audit in hibernate Wiki) but audit has a great impact on performance.
Audit on services is not implemnted but it may be based on aspect.
Actions
2. Re: Audit Facilities

joris77 May 10, 2006 11:55 AM (in response to anil.saldhana)

What we see is the auditing on the CRUD activities.

But what we also would like to see who is logged in when and for how long.

Joris Wijlens
Actions
3. Re: Audit Facilities

jc7442 Feb 5, 2007 3:52 PM (in response to anil.saldhana)

Did you find a solution to audit login and logout ?

The only solution I found is to add a LoginModule in charge to audt. That's not a very good solution. I'm not sure to have logout event. User can kill the client app or the web browser without a logout.

Ideas are welcome.
Actions
4. Re: Audit Facilities

jc7442 Feb 6, 2007 5:13 AM (in response to anil.saldhana)

It looks like a security audit service will be included in JBoss 5;
http://wiki.jboss.org/wiki/Wiki.jsp?page=SecurityAuditService
Actions

Go to original post