5 Replies Latest reply on May 26, 2011 2:49 AM by Adam Warski

    user name injection?

    John Franey Novice

      Does envers know how to access the identity of the user whose work is causing the audit entry to be created?


      This is difficult, I know, because the user identity is not a field in the audited entity.


      I think envers is cool.  It does history well.  However, without a username on the audit table, it does not meet my expectation as an audit solution.




        • 1. Re: user name injection?
          Hernán Chanfreau Master



          You can add to revisions all metadata you need, by providing a custom RevisionEntity and an implementation of RevisionListener.


          See chapter 4 of envers reference for more information. There are on the forum several posts about this implementation.


          Hope it will help.


          Regards. Hernán.

          • 2. user name injection?
            Steve Myers Newbie

            Hi, the example in the envers reference manual shows how to add the username in a seam application, but what about a non-seam EE5 application?  I'm using JBoss 5 EAP and jboss-envers 1.2.2.GA-hibernate-3.3; I call the JPA entity manager from my own EJBs.  I thought it'd be common to add the sessioncontext username to a custom RevisionEntity, but I haven't been able to find any instructions on how to do it.  Do you have any suggestions? Thanks,


            -- Steve

            • 3. Re: user name injection?
              Adam Warski Master

              If it's a JEE applicaiton, you should be able to lookup the appropriate data using JNDI. In the revision listener, just do a new InitialContext().lookup(key of your component) and it should work fine.



              • 4. Re: user name injection?
                Steve Myers Newbie

                Maybe the problem I'm having is I don't know what JNDI key to use to look up my local EJBs.  In my custom RevisionListener I've tried doing this:


                InitialContext ctx = new InitialContext();



                But I don't see keys for all my local EJBs, only the one that made the persistence call being audited.  Also in the list of keys I get back I found "EJBContext", so I tried:


                EJBContext ejbCtx = ctx.lookup("java:comp/EJBContext");  // fails


                The above doesn't work and throws a naming exception.   I found some mention while googling that JBoss AS 5.1 (and I assume the JBoss AS EAP 5.0GA I'm using) has a problem looking up the EJBContext via JNDI.  Not sure if this is fixed in JBoss AS 6 or not. 


                For now I've just added a lastModifiedUser property to the entities I'm auditing, which I populate it from the service class that is persisting the entity. 


                Thanks for your help,


                -- Steve

                • 5. Re: user name injection?
                  Adam Warski Master

                  Hmm I think you could lookup the security context somehow (if that's where you are storing the username), but I'm not sure about the key, I didn't use that for quite some time .


                  Also, you have an option to set the username on the revision entity manually, as you can get the current revision entity from the AuditReader.