[jboss-jira] [JBoss JIRA] (AS7-6628) No audit feature for security-realm
RH Bugzilla Integration (JIRA)
jira-events at lists.jboss.org
Thu Mar 7 05:11:56 EST 2013
[ https://issues.jboss.org/browse/AS7-6628?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12759342#comment-12759342 ]
RH Bugzilla Integration commented on AS7-6628:
----------------------------------------------
Darran Lofthouse <darran.lofthouse at redhat.com> made a comment on [bug 912233|https://bugzilla.redhat.com/show_bug.cgi?id=912233]
Taking ownership of this one, it is not actually the realm that requires audit capabilities but the entry point to the server.
The reason being that as we switch to a more IDM based approach access to the backing store no longer reveals information on the successful outcome of an authentication attempt - that decision now happens at the entry point e.g. the HTTP authentication mechanism or the SASL mechanism, both of which need to be sending out some form of notification that can be logged.
Undertow already has quite a bit of this in place to cover HTTP, the SASL mechanisms require some further work so that they can emit similar notifications.
> No audit feature for security-realm
> -----------------------------------
>
> Key: AS7-6628
> URL: https://issues.jboss.org/browse/AS7-6628
> Project: Application Server 7
> Issue Type: Feature Request
> Components: Logging
> Affects Versions: 7.1.2.Final (EAP)
> Environment: EAP 6.0.x
> Reporter: Hisanobu Okuda
> Assignee: Darran Lofthouse
>
> There is no auditing feature for security-realm. Need the feature like audit provider for security-domain.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list