Version 3

    Security Audit Service


    Author: Anil Saldhana

    Latest Article


    A user wants an audit trail of all security attempts at authentication and authorization. The reason for this can be due to government/corporate regulations etc.


    JIRA Issue



    JBoss 5.0.0.Beta onwards


    Information for Integrators


    Auditing is performed at the security domain level. The reason for this is to provide different audit providers (The default audit provider is a LogAuditProvider that just logs the audit events).


    String securityDomain = "jmx-console";
    AuditContext ac = AuditManager.getAuditContext(securityDomain);
    //Create an Audit Event
    AuditEvent ae = new AuditEvent(auditLevel);//AuditLevel interface(ERROR,FAILURE,SUCCESS,INFO)
    ae.setContextMap(cmap); //Map of key value pairs
    ae.setUnderlyingException(ex); //If you want to log an exception along
    //Audit the event




    TODO: Configuration of providers at the security domain level



    Default configuration of the logging provider is done through the log4j.xml that drives JBoss logging (it is located in conf/log4j.xml)


       <!-- Security AUDIT Appender -->
       <appender name="AUDIT" class="org.jboss.logging.appender.DailyRollingFileAppender">
          <errorHandler class="org.jboss.logging.util.OnlyOnceErrorHandler"></errorHandler>
          <param name="File" value="${jboss.server.log.dir}/security/audit.log"/>
          <param name="Append" value="true"/>
          <param name="DatePattern" value="'.'yyyy-MM-dd"/>
          <layout class="org.apache.log4j.PatternLayout">
             <param name="ConversionPattern" value="%d %-5p [%c] (%t:%x) %m%n"/>
       <!-- Category specifically for Security Audit Provider -->
       <category name="">
         <priority value="TRACE" class="org.jboss.logging.XLevel"></priority>
         <appender-ref ref="AUDIT"></appender-ref>


    The audit log can be found in log/security/audit.log of your JBoss server configuration (eg: default)