Summary: Auditing of authentication and operations
OverviewGigaSpaces provides the ability to audit the authentication requests and operations performed on a secured service. It facilitates the logging mechanism to declare the audit log file, and the level of auditing. The level can be dynamically modified using the java.util.logging JMX Extensions. This allows an easy extension for custom auditing.
ConfigurationThe configurations should be placed in the logging configuration file <GigaSpaces root>/config/gs_logging.properties. # gs_logging.properties
com.gigaspaces.security.audit.enabled = true
com.gigaspaces.security.audit.level = SEVERE
com.gigaspaces.security.audit.handler = com.gigaspaces.security.audit.AuditHandler
This configuration can also be supplied using system properties. -Dcom.gigaspaces.security.audit.enabled=true -Dcom.gigaspaces.security.audit.level=SEVERE ...
The defaults of these configurations are:
The AuditHandler is a declarable extension to the default GigaSpaces logging Handler (see GigaSpaces Logging). As such, it accepts properties that configure the handler - amongst others are the logging message formatter and the filename-pattern. # gs_logging.properties ... com.gigaspaces.security.audit.handler = com.gigaspaces.security.audit.AuditHandler # Properties configuring the audit-handler: com.gigaspaces.security.audit.AuditHandler.formatter = com.gigaspaces.logger.GSSimpleFormatter com.gigaspaces.security.audit.AuditHandler.filename-pattern = {homedir}/logs/gigaspaces-security-audit-{service}-{host}-{pid}.log Audit Levels
Sample OutputA sample output snapshot with audit level set to FINE. 2009-09-13 17:43:04,609 INFO - Authentication successful; for user [gs] from host [lab/127.1.1.1]; session-id [-639278424] 2009-09-13 17:43:09,453 FINE - Access granted; user [gs] at host [lab/127.1.1.1] has [Write] privileges for class [com.eg.Pojo]; session-id [-639278424] 2009-09-13 17:44:24,937 WARNING - Access denied; user [gs] at host [lab/127.1.1.1] lacks [Take] privileges for class [com.eg.Pojo]; session-id [-639278424] Custom AuditingThe java.util.logging.Handler accepts a java.util.logging.LogRecord for logging. An AuditLogRecord is supplied by the security layer containing the AuditDetails. Instead of logging into a file, a custom Handler can capture all the log activity for auditing. By default the java.util.logging.LogRecord.getMessage() of AuditLogRecord contains the audit message (as shown in the sample output above). |
![]() |
GigaSpaces.com - Legal Notice - 3rd Party Licenses - Site Map - API Docs - Forum - Downloads - Blog - White Papers - Contact Tech Writing - Gen. by Atlassian Confluence |