[jboss-dev-forums] [PicketBox Development] - JBoss AS7 Security Auditing

[Anil Saldhana]

Anil Saldhana [http://community.jboss.org/people/anil.saldhana] created the document:

"JBoss AS7 Security Auditing"

To view the document, visit: http://community.jboss.org/docs/DOC-17277

--------------------------------------------------------------
*WARN*:  This article is work in progress. Please do not complain until this WARN exists.  :) 
h2. 
h2. Configure the Domain Model Logging Subsystem


<subsystem xmlns="urn:jboss:domain:logging:1.1">
            <console-handler name="CONSOLE" autoflush="true">
                <level name="INFO"/>
                <formatter>
                    <pattern-formatter pattern="%d{HH:mm:ss,SSS} %-5p [%c] (%t) %s%E%n"/>
                </formatter>
            </console-handler>
            <periodic-rotating-file-handler name="FILE" autoflush="true">
                <level name="INFO"/>
                <formatter>
                    <pattern-formatter pattern="%d{HH:mm:ss,SSS} %-5p [%c] (%t) %s%E%n"/>
                </formatter>
                <file relative-to="jboss.server.log.dir" path="server.log"/>
                <suffix value=".yyyy-MM-dd"/>
                <append value="true"/>
            </periodic-rotating-file-handler>
            <periodic-rotating-file-handler name="AUDIT" autoflush="true">
                <level name="TRACE"/>
                <formatter>
                    <pattern-formatter pattern="%d{HH:mm:ss,SSS} %-5p [%c] (%t) %s%E%n"/>
                </formatter>
                <file relative-to="jboss.server.log.dir" path="audit.log"/>
                <suffix value=".yyyy-MM-dd"/>
                <append value="true"/>
            </periodic-rotating-file-handler>
            <logger category="com.arjuna">
                <level name="WARN"/>
            </logger>
            <logger category="org.apache.tomcat.util.modeler">
                <level name="WARN"/>
            </logger>
            <logger category="sun.rmi">
                <level name="WARN"/>
            </logger>
            
           <logger category="org.jboss.security.audit.providers.LogAuditProvider">
                <level name="TRACE"/>
                <handlers>
                    <handler name="AUDIT"/>
                </handlers>
            </logger>
            <root-logger>
                <level name="INFO"/>
                <handlers>
                    <handler name="CONSOLE"/>
                    <handler name="FILE"/>
                </handlers>
            </root-logger>
        </subsystem>


The key changes to the logging subsystem are:
* A new logger category for "org.jboss.security.audit.providers.LogAuditProvider"  is defined.
* A periodic rotating file handler called "AUDIT" is defined.

h2. Web Applications

By default, the web container will send security events during authentication/authorization to the PicketBox audit framework. The audit framework has controls to check whether the audit in logging settings has been enabled. If auditing settings are enabled, then audit log is written.

To disable auditing in your web applications, please configure your jboss-web.xml for your web archive. This is TBD.
--------------------------------------------------------------

Comment by going to Community
[http://community.jboss.org/docs/DOC-17277]

Create a new document in PicketBox Development at Community
[http://community.jboss.org/choose-container!input.jspa?contentType=102&containerType=14&container=2088]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/jboss-dev-forums/attachments/20111014/7b9cd347/attachment.html