Menu Close
Settings Close

Language and Page Formatting Options

Red Hat Training

A Red Hat training course is available for JBoss Enterprise Application Platform Common Criteria Certification

6.2. Audit

JBoss Enterprise Application Platform can generate audit records for access control events. Attempts to access to web resources, invocation of EJB methods, unauthorized message destinations, and regular Web Service related access control can all be logged. As the administrator you can select the level of events to audit.
The JBoss Application server generates log events at start-up time and when it is shutdown:

Example 6.1. JBoss EAP start up log events

00:30:18,876 INFO [Server] Starting JBoss (MX MicroKernel)... 
300:30:18,876 INFO [Server] Release ID: JBoss [EAP] 4.3.0.GA_CP03 (build: SVNTag=JBPAPP_4_3_0_GA_CP03 date=200810241616)
00:30:18,877 DEBUG [Server] Using config: org.jboss.system.server.ServerConfigImpl@18dfef8
00:30:18,877 DEBUG [Server] Server type: class org.jboss.system.server.ServerImpl 
00:30:18,877 DEBUG [Server] Server loaded through: org.jboss.system.server.NoAnnotationURLClassLoader 
00:30:18,877 DEBUG [Server] Boot URLs:

Example 6.2. JBoss EAP shutdown log events

2008-12-12 00:32:16,460 DEBUG [org.jboss.deployment.MainDeployer] Destroying jboss.system:service=MainDeployer 
2008-12-12 00:32:16,460 DEBUG [org.jboss.deployment.MainDeployer] Destroyed jboss.system:service=MainDeployer 
2008-12-12 00:32:16,460 DEBUG [org.jboss.system.ServiceController] removing service: jboss.system:service=MainDeployer 
2008-12-12 00:32:16,460 DEBUG [org.jboss.system.ServiceController] removing jboss.system:service=MainDeployer from server 
2008-12-12 00:32:16,460 DEBUG [org.jboss.system.ServiceController] Stopped 3 services 
2008-12-12 00:32:16,460 DEBUG [org.jboss.system.server.Server] Deleting server tmp/deploy directory 
2008-12-12 00:32:16,463 INFO  [org.jboss.system.server.Server] Shutdown complete
The audit facility is based on the integrated log4j mechanism. Log4j has three main components: loggers, appenders and layouts. These three types of components work together to enable developers to log messages according to message type and level, and to control at run-time how these messages are formatted and where they are reported.
The audit information is recorded in text files which can be reviewed using tools from the underlying operating system, such as pagers or editors.
User information (principal name) appears only in the first log that records the authentication request, and also in the ERROR log generated if the authentication is unsuccessful. Subsequent log events do not record explicitly the user executing the methods.
User information can be obtained by using the container and thread ids that are recorded in each audit log and remain during the life of the user session.
In the example below (Example 6.3, “Log output”) the first log entry informs that authentication for container 753, thread id 826541 has been requested by principal name “scott”. The second log records the execution of a method, and, although the principal name does not appear, it can be inferred by looking all logs with the same container and thread id.

Example 6.3. Log output

2008-12-12 16:04:33,753 826541 TRACE [org.jboss.ejb.plugins.SecurityInterceptor] (WorkerThread#0[]:) Authenticated  principal=scott
2008-12-12 16:04:33,753 826541 TRACE [org.jboss.ejb.plugins.SecurityInterceptor] (WorkerThread#0[]:) method=public abstract org.jboss.test.jca.securedejb.CallerIdentity org.jboss.test.jca.securedejb.CallerIdentityHome.create() throws javax.ejb.CreateException,java.rmi.RemoteException, interface=HOME, requiredRoles=[CallerIdentityUser]

6.2.1. Enabling Additional Logging

Additional logging for EJB application requests has been configured during the setup process of this guide when audit logging was configured. For more information regarding audit logging configuration refer to Section 2.5.1, “Setup Configuration”