Our web application currently creates a transaction using an XA datasource, and uses it for the fullfilment of the web request, committing or rolling back as appropriate. In some cases, the decision to commit or roll back is under the control of the client.

Everything works fine, but now we have a requirement to audit read requests. The audit records are to be written to the same (Oracle) database as the source of the data.

Clearly, the audit must commit, even if the read request transaction is rolled-back, since the data could be extracted before the rollback is performed.

What is the correct method of ensuring that the audit transaction is independent of the overall transaction? Can I obtain a connection from the datasource that isn't enlisted in the transaction? Can I delist a connection? Should I obtain the connection for the audit from a separate data source?

Thanks for any pointers you can give.