How to replace LogAuditProvider
justincranford May 23, 2011 8:02 PMHow can I replace or override LogAuditProvider in JBoss? I want to store security audit records in a central database, not in log files spread out between different JBoss instances.
How can I configure this in JBoss 6.0?
I came across a JBoss 5 post by Anil saying it is possible to override LogAuditProvider, or use the DB appender in Log4j. I prefer the override approach, to avoid the unnecessary overhead of Log4j, and to have more control over the data (i.e. extract, transform, load, and filter).
I tried to add <audit> to my login-config.xml but it is ignored. I was hoping Anil's PicketBox examples using conf/audit.conf in a stand-alone JUnit test would work the same way with JBoss' login-config.xml, but it does not work. Please help!
*** The <audit> entry in my login-config.xml is ignored. Is there an alternative to turn on for WEB and EJB ***
<policy>
<application-policy name="JustinCranfordSecurityDomain">
<authentication>
<login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="sufficient">
<module-option name="dsJndiName">java:/MsSqlDS</module-option>
<module-option name="principalsQuery">SELECT password FROM actor WHERE name=?</module-option>
<module-option name="rolesQuery">SELECT r.name,'Roles' FROM actor a,role r WHERE r.id=a.roleid AND a.name=?</module-option>
<module-option name="hashAlgorithm">MD5</module-option>
<module-option name="hashEncoding">base64</module-option>
<module-option name="unauthenticatedIdentity">unauthenticated</module-option>
</login-module>
<login-module code="org.jboss.security.auth.spi.DatabaseCertLoginModule" flag="required">
<module-option name="securityDomain">java:/jaas/JustinCranfordSecurityDomain</module-option>
<module-option name="dsJndiName">java:/MsSqlDS</module-option>
<module-option name="principalsQuery">SELECT password FROM actor WHERE dname=?</module-option>
<module-option name="rolesQuery">SELECT r.name,'Roles' FROM actor a,role r WHERE r.id=a.roleid AND a.dname=?</module-option>
<module-option name="hashAlgorithm">MD5</module-option>
<module-option name="hashEncoding">base64</module-option>
<module-option name="unauthenticatedIdentity">unauthenticated</module-option>
</login-module>
<login-module code="org.jboss.security.ClientLoginModule" flag="required"></login-module>
<audit>
<provider-module code="com.mycom.security.MyAuditProvider"/>
</audit>
</authentication>
</application-policy>
</policy>