SecurityAuditService

Security Audit Service

 

Author: Anil Saldhana

 

Objective

A user wants an audit trail of all security attempts at authentication and authorization. The reason for this can be due to government/corporate regulations etc.

 

JIRA Issue

http://jira.jboss.com/jira/browse/JBAS-2738

 

Availability

JBoss 5.0.0.Beta onwards

 

Information for Integrators

 

Auditing is performed at the security domain level. The reason for this is to provide different audit providers (The default audit provider is a LogAuditProvider that just logs the audit events).

 

String securityDomain = "jmx-console";
AuditContext ac = AuditManager.getAuditContext(securityDomain);
//Create an Audit Event
AuditEvent ae = new AuditEvent(auditLevel);//AuditLevel interface(ERROR,FAILURE,SUCCESS,INFO)
ae.setContextMap(cmap); //Map of key value pairs
ae.setUnderlyingException(ex); //If you want to log an exception along

//Audit the event
ac.audit(ae);

 

Configuration

 

TODO: Configuration of providers at the security domain level

 

 

Default configuration of the logging provider is done through the log4j.xml that drives JBoss logging (it is located in conf/log4j.xml)

 


   <!-- Security AUDIT Appender -->
   <appender name="AUDIT" class="org.jboss.logging.appender.DailyRollingFileAppender">
      <errorHandler class="org.jboss.logging.util.OnlyOnceErrorHandler"></errorHandler>
      <param name="File" value="${jboss.server.log.dir}/security/audit.log"/>
      <param name="Append" value="true"/>
      <param name="DatePattern" value="'.'yyyy-MM-dd"/>
      <layout class="org.apache.log4j.PatternLayout">
         <param name="ConversionPattern" value="%d %-5p [%c] (%t:%x) %m%n"/>
      </layout>
   </appender>


   <!-- Category specifically for Security Audit Provider -->
   <category name="org.jboss.security.audit.providers.LogAuditProvider">
     <priority value="TRACE" class="org.jboss.logging.XLevel"></priority>
     <appender-ref ref="AUDIT"></appender-ref>
   </category>

 

The audit log can be found in log/security/audit.log of your JBoss server configuration (eg: default)