1- We currently have 2 kinds of audit:
- Audit on Entities: We track Creation, deletion and modification of entities and write in table changed attributes, user that perform the modif and date of the modif.
- Audit on services.
Such features includes in JBoss may be great.
2- Audit on entities is based on database trigger (problem is to get the user authenticated in JAAS, it is not the same as user authenticated on DB).
We also try an audit based on interceptor (it looks like the audit in hibernate Wiki) but audit has a great impact on performance.
Audit on services is not implemnted but it may be based on aspect.
What we see is the auditing on the CRUD activities.
But what we also would like to see who is logged in when and for how long.
Did you find a solution to audit login and logout ?
The only solution I found is to add a LoginModule in charge to audt. That's not a very good solution. I'm not sure to have logout event. User can kill the client app or the web browser without a logout.
Ideas are welcome.