5 Replies Latest reply on May 26, 2011 2:49 AM by adamw

user name injection?

jjfraney Feb 23, 2011 8:20 AM

Does envers know how to access the identity of the user whose work is causing the audit entry to be created?

This is difficult, I know, because the user identity is not a field in the audited entity.

I think envers is cool. It does history well. However, without a username on the audit table, it does not meet my expectation as an audit solution.

Thanks,

John

1. Re: user name injection?

hernanbolido Feb 23, 2011 8:34 AM (in response to jjfraney)

Hi!

You can add to revisions all metadata you need, by providing a custom RevisionEntity and an implementation of RevisionListener.

See chapter 4 of envers reference for more information. There are on the forum several posts about this implementation.

Hope it will help.

Regards. Hernán.
Actions
2. user name injection?

samyers May 20, 2011 4:47 PM (in response to hernanbolido)

Hi, the example in the envers reference manual shows how to add the username in a seam application, but what about a non-seam EE5 application? I'm using JBoss 5 EAP and jboss-envers 1.2.2.GA-hibernate-3.3; I call the JPA entity manager from my own EJBs. I thought it'd be common to add the sessioncontext username to a custom RevisionEntity, but I haven't been able to find any instructions on how to do it. Do you have any suggestions? Thanks,

-- Steve
Actions
3. Re: user name injection?

adamw May 25, 2011 9:28 AM (in response to samyers)

If it's a JEE applicaiton, you should be able to lookup the appropriate data using JNDI. In the revision listener, just do a new InitialContext().lookup(key of your component) and it should work fine.

Adam
Actions
4. Re: user name injection?

samyers May 25, 2011 1:15 PM (in response to adamw)

Maybe the problem I'm having is I don't know what JNDI key to use to look up my local EJBs. In my custom RevisionListener I've tried doing this:

InitialContext ctx = new InitialContext();
ctx.list("java:comp");

But I don't see keys for all my local EJBs, only the one that made the persistence call being audited. Also in the list of keys I get back I found "EJBContext", so I tried:

EJBContext ejbCtx = ctx.lookup("java:comp/EJBContext"); // fails

The above doesn't work and throws a naming exception. I found some mention while googling that JBoss AS 5.1 (and I assume the JBoss AS EAP 5.0GA I'm using) has a problem looking up the EJBContext via JNDI. Not sure if this is fixed in JBoss AS 6 or not.

For now I've just added a lastModifiedUser property to the entities I'm auditing, which I populate it from the service class that is persisting the entity.

Thanks for your help,

-- Steve
Actions
5. Re: user name injection?

adamw May 26, 2011 2:49 AM (in response to samyers)

Hmm I think you could lookup the security context somehow (if that's where you are storing the username), but I'm not sure about the key, I didn't use that for quite some time .

Also, you have an option to set the username on the revision entity manually, as you can get the current revision entity from the AuditReader.

Adam
Actions

Go to original post