Sun Java System Application Server Enterprise Edition 8.2 Developer's Guide

Pluggable Audit Module Support

Audit modules collect and store information on incoming requests (servlets, EJB components) and outgoing responses. You can create a custom audit module. This section covers the following topics:

Configuring an Audit Module

To configure an audit module, you can perform one of the following tasks:

To specify an audit module using the Administration Console, open the Security component under the relevant configuration, and select the Audit Modules component. For details, see the Sun Java System Application Server Enterprise Edition 8.2 Administration Guide.
You can use the asadmin create-audit-module command to configure an audit module. For details, see the Sun Java System Application Server Enterprise Edition 8.2 Reference Manual.

The AuditModule Class

You can create a custom audit module by implementing a class that extends com.sun.appserv.security.AuditModule. The AuditModule class provides default “no-op” implementations for each of the following methods, which your custom class can override.

public void init(Properties props)

This method is invoked during server startup when the audit module is initially loaded. The props argument contains the properties defined for this module in domain.xml. The module can do any initialization it needs in this method. If the method returns without throwing an exception, the Application Server assumes the module realm is ready to service audit requests. If an exception is thrown the module is disabled.

public void authentication(String user, String realm, boolean success)

This method is invoked when an authentication request has been processed by a realm for the given user. The success flag indicates whether the authorization was granted or denied.

public void webInvocation(String user, HttpServletRequest req, String type, 
boolean success)

This method is invoked when a web container call has been processed by authorization. The success flag indicates whether the authorization was granted or denied. The req object is the standard HttpServletRequest object for this request. The type string is one of hasUserDataPermission or hasResourcePermission (see JSR-115).

public void ejbInvocation(String user, String ejb, String method, boolean 
success)

This method is invoked when an EJB container call has been processed by authorization. The success flag indicates whether the authorization was granted or denied. The ejb and method strings describe the EJB component and its method that is being invoked.