Hi,
Most of the time in production environments it is desired to have the audit logging. Which contains the information and activities logged by the logged in user inside the audit.log. Enabling the “audit.log” logging is little different in JBoss AS7 compared to JBoss AS6, as there has been a lots of changes in the XML files. So now we can define the audit.log logging details and audit log appenders inside the “/home/userone/jboss-as-7.0.1.Final/standalone/configuration/standalone.xml” file.

Another great thing which we will discuss here is to disable the audit.log logging for certain applications deployed on our JBoss. As many times it is required to disable the audit logging for some of the application deployed on the Same JBoss whereas we want to enable audit logging for some of the applications, Which can be done by the “jboss-web.xml” application deployment descriptor.

In this demo we will use an application which uses the FormBased Authentication technique to authenticate the valid users. The Code of this Application can be found in the following link: “http://middlewaremagic.com/jboss/?p=230” as the application need not to be changed so you can use/develop the same application which is mentioned in the above link by following till Step10). Once the application is developed as mentioned in above link then in your JBoss AS7 we will need to make the following changes.

NOTE: Looks like there are still some work is required on JBoss AS7 related to audit logging.

Step1). Make sure that you have specified the settings inside the security subsystem for your Web Application inside the “jboss-as-7.0.1.Final/standalone/configuration/standalone.xml” file as following:

        <subsystem xmlns="urn:jboss:domain:security:1.0">
            <security-domains>
                <security-domain name="other" cache-type="default">
                    <authentication>
                        <login-module code="Disabled" flag="required"/>
                    </authentication>
                </security-domain>

                <!-- Added the following settings for our application security -->
                <!-- The properties files mentioned below are placed inside my application "WEB-INF/classes" directory-->
                <security-domain name="FormBasedAuthWebAppPolicy" cache-type="default">
                    <authentication>
                        <login-module code="UsersRoles" flag="required">
                            <module-option name="usersProperties" value="formbasedWebApp-users.properties"/>
                            <module-option name="rolesProperties" value="formbasedWebApp-roles.properties"/>
                        </login-module>
                    </authentication>
                </security-domain>

            </security-domains>
        </subsystem>

Step2). Make sure that we have create “AUDIT” appender inside the “jboss-as-7.0.1.Final/standalone/configuration/standalone.xml” file along with the security related category settings as following:

        <subsystem xmlns="urn:jboss:domain:logging:1.1">
            <console-handler name="CONSOLE" autoflush="true">
                <level name="INFO"/>
                <formatter>
                    <pattern-formatter pattern="%d{HH:mm:ss,SSS} %-5p [%c] (%t) %s%E%n"/>
                </formatter>
            </console-handler>
            <periodic-rotating-file-handler name="FILE" autoflush="true">
                <level name="INFO"/>
                <formatter>
                    <pattern-formatter pattern="%d{HH:mm:ss,SSS} %-5p [%c] (%t) %s%E%n"/>
                </formatter>
                <file relative-to="jboss.server.log.dir" path="server.log"/>
                <suffix value=".yyyy-MM-dd"/>
                <append value="true"/>
            </periodic-rotating-file-handler>

            <!-- Added the below part of settings related to Audit.log and the category which we want to see in audit.log-->
            <periodic-rotating-file-handler name="AUDIT" autoflush="true">
                <level name="TRACE"/>
                <formatter>
                    <pattern-formatter pattern="%d{HH:mm:ss,SSS} %-5p [%c] (%t) %s%E%n"/>
                </formatter>
                <file relative-to="jboss.server.log.dir" path="audit.log"/>
                <suffix value=".yyyy-MM-dd"/>
                <append value="true"/>
            </periodic-rotating-file-handler>
            <logger category="org.jboss.security">
                <level name="TRACE"/>
                <handlers>
                    <handler name="AUDIT"/>
                </handlers>
            </logger>
            <!--Above part is added in this file related to audit.log logging -->

            <logger category="com.arjuna">
                <level name="WARN"/>
            </logger>
            <logger category="org.apache.tomcat.util.modeler">
                <level name="WARN"/>
            </logger>
            <logger category="sun.rmi">
                <level name="WARN"/>
            </logger>
            <root-logger>
                <level name="INFO"/>
                <handlers>
                    <handler name="CONSOLE"/>
                    <handler name="FILE"/>
                </handlers>
            </root-logger>
        </subsystem>

Step3). Now deploy your application (application code is mentioned till step10 in the link: http://middlewaremagic.com/jboss/?p=230) and start the JBoss AS7 server from “/home/userone/jboss-as-7.0.1.Final/bin” directory as following:

./standalone.sh

Step4). Now  access the application. Enter the credentials (TestUserOne/TestPassword) and then check the “/jboss-as-7.0.1.Final/standalone/log/audit.log” is populated with the following kind of information or not :

11:43:14,183 TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] (http-localhost-127.0.0.1-8080-1) Properties file=vfs:/home/userone/jboss-as-7.0.1.Final/standalone/deployments/FormBasedAuthWebApp.war/WEB-INF/classes/formbasedWebApp-roles.properties, defaults=null
11:43:14,183 TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] (http-localhost-127.0.0.1-8080-1) Loaded properties, users=[TestUserOne]
11:43:14,183 TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] (http-localhost-127.0.0.1-8080-1) login
11:43:14,183 TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] (http-localhost-127.0.0.1-8080-1) User 'TestUserOne' authenticated, loginOk=true
11:43:14,184 TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] (http-localhost-127.0.0.1-8080-1) commit, loginOk=true
11:43:14,184 TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] (http-localhost-127.0.0.1-8080-1) Checking user: TestUserOne, roles string: TestRole
11:43:14,184 TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] (http-localhost-127.0.0.1-8080-1) Adding to Roles: TestRole
11:43:14,184 TRACE [org.jboss.security.authentication.JBossCachedAuthenticationManager] (http-localhost-127.0.0.1-8080-1) defaultLogin, lc=javax.security.auth.login.LoginContext@18924b12, subject=Subject(746493784).principals=org.jboss.security.SimplePrincipal@1183343791(TestUserOne)org.jboss.security.SimpleGroup@613040470(CallerPrincipal(members:TestUserOne))org.jboss.security.SimpleGroup@613040470(Roles(members:TestRole))
11:43:14,184 TRACE [org.jboss.security.authentication.JBossCachedAuthenticationManager] (http-localhost-127.0.0.1-8080-1) updateCache, inputSubject=Subject(746493784).principals=org.jboss.security.SimplePrincipal@1183343791(TestUserOne)org.jboss.security.SimpleGroup@613040470(CallerPrincipal(members:TestUserOne))org.jboss.security.SimpleGroup@613040470(Roles(members:TestRole)), cacheSubject=Subject(721561914).principals=org.jboss.security.SimplePrincipal@1183343791(TestUserOne)org.jboss.security.SimpleGroup@613040470(CallerPrincipal(members:TestUserOne))org.jboss.security.SimpleGroup@613040470(Roles(members:TestRole))
11:43:14,184 TRACE [org.jboss.security.authentication.JBossCachedAuthenticationManager] (http-localhost-127.0.0.1-8080-1) Inserted cache info: org.jboss.security.authentication.JBossCachedAuthenticationManager$DomainInfo@1ae0b4e5
11:43:14,185 TRACE [org.jboss.security.authentication.JBossCachedAuthenticationManager] (http-localhost-127.0.0.1-8080-1) End isValid, true

.
.
.
NOTE: Additionally you can DISABLE the auditing for your selected application as well (If you don’t want auditing for that particular application) by placing the following kind of “WEB-INF/jboss-web.xml” file inside it:

<?xml version="1.0" encoding="UTF-8"?>
<jboss-web>
   <security-domain>MySecurityDomain</security-domain>
   <disable-audit>true</disable-audit>
</jboss-web>

.
.
Thanks
Middleware Magic Team

If you enjoyed this post, please consider leaving a comment or subscribing to the RSS feed to have future articles delivered to your feed reader.