Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Warning
titleNew CAS documentation site

CAS documentation has moved over to jasig.github.io/cas, starting with CAS version 4.x. The wiki will no longer be maintained. For the most recent version of the documentation, please refer to the aforementioned link.

The following configuration provides for database-backed auditing and statistics for CAS using the Inspektr Java library. The configuration assumes there exists a bean named "dataSource" that implements javax.sql.DataSource defined somewhere in the Spring application context, e.g. deployerConfigContext.xml:

Code Block
xml
xml
titledeployerConfigContext.xml

...
  <!--
  This is a c3p0 pooled data source suitable for production environments.
  The use of some sort of connection pooling (c3p0, commons-pool) is strongly recommended
  for production use.
  -->
  <bean
    id="dataSource"
    class="com.mchange.v2.c3p0.ComboPooledDataSource"
    p:driverClass="oracle.jdbc.driver.OracleDriver"
    p:jdbcUrl="${database.url}"
    p:user="${database.user}"
    p:password="${database.password}"
    p:initialPoolSize="${database.pool.minSize}"
    p:minPoolSize="${database.pool.minSize}"
    p:maxPoolSize="${database.pool.maxSize}"
    p:maxIdleTimeExcessConnections="${database.pool.maxIdleTime}"
    p:checkoutTimeout="${database.pool.maxWait}"
    p:acquireIncrement="${database.pool.acquireIncrement}"
    p:acquireRetryAttempts="${database.pool.acquireRetryAttempts}"
    p:acquireRetryDelay="${database.pool.acquireRetryDelay}"
    p:idleConnectionTestPeriod="${database.pool.idleConnectionTestPeriod}"
    p:preferredTestQuery="select 1 from dual"
  />
...

...

Code Block
xml
xml
titleauditTrailContext.xml

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xmlns:p="http://www.springframework.org/schema/p"
       xmlns:aop="http://www.springframework.org/schema/aop"
       xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
       http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-2.5.xsd">

  <description>
  Configuration file for the Inspektr package which handles auditing and
  statistics for Java applications.
  </description>

  <aop:aspectj-autoproxy/>

  <bean id="inspektrTransactionManager"
    class="org.springframework.jdbc.datasource.DataSourceTransactionManager"
    p:dataSource-ref="dataSource"
  />

  <bean id="inspektrTransactionTemplate"
    class="org.springframework.transaction.support.TransactionTemplate"
    p:transactionManager-ref="inspektrTransactionManager"
    p:isolationLevelName="ISOLATION_READ_COMMITTED"
    p:propagationBehaviorName="PROPAGATION_REQUIRED"
    p:timeout="5"
  />

  <bean id="statisticManagementAspect" class="org.inspektr.statistics.StatisticManagementAspect">
    <constructor-arg index="0">
      <list>
        <bean class="org.inspektr.statistics.support.JdbcStatisticManager">
          <constructor-arg index="0" ref="dataSource" />
          <constructor-arg index="1" ref="inspektrTransactionTemplate" />
        </bean>
      </list>
    </constructor-arg>
    <constructor-arg index="1" value="CAS" />
  </bean>

  <bean id="auditTrailManagementAspect" class="org.inspektr.audit.AuditTrailManagementAspect">
    <constructor-arg index="0" ref="auditablePrincipalResolver" />
    <constructor-arg index="1">
      <list>
        <bean class="org.jasig.cas.audit.spi.CredentialsAsFirstParameterResourceResolver" />
        <bean class="org.jasig.cas.audit.spi.TicketAsFirstParameterResourceResolver" />
        <bean class="org.jasig.cas.audit.spi.ServiceResourceResolver" />
      </list>
    </constructor-arg>
        <constructor-arg index="2" ref="auditTrailManager">
    </constructor-arg>
    <constructor-arg index="3" value="CAS" />
   </bean>
   <bean id="auditTrailManager" class="org.inspektr.audit.support.JdbcAuditTrailManager">
      <constructor-arg index="0" ref="inspektrTransactionTemplate" />
      <property name="dataSource" ref="dataSource" />
  </bean>


  <bean id="auditablePrincipalResolver" class="org.jasig.cas.audit.spi.TicketOrCredentialBasedAuditablePrincipalResolver">
    <constructor-arg index="0" ref="ticketRegistry" />
  </bean>
</beans>
Info

This is the configuration for CAS 3.4

Code Block
xmlxml
Info
As of at least CAS 3.4.10, this is included already in the distribution as WEB-INF/spring-configuration/auditTrailContext.xml
Code Block
xml
xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xmlns:p="http://www.springframework.org/schema/p"
       xmlns:aop="http://www.springframework.org/schema/aop"
       xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
       http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.0.xsd">

  <description>
  Configuration file for the Inspektr package which handles auditing for Java applications.
  If enabled this should be modified to log audit and statistics information the same way
  your local applications do.  The default is currently to log to the console which is good
  for debugging/testing purposes.
  </description>

  <aop:aspectj-autoproxy/> 

  <bean id="auditTrailManagementAspect" class="com.github.inspektr.audit.AuditTrailManagementAspect">
    <!-- String applicationCode -->
    <constructor-arg index="0" value="CAS" />

    <!-- PrincipalResolver auditablePrincipalResolver -->
    <constructor-arg index="1" ref="auditablePrincipalResolver" />
    
    <!-- List<AuditTrailManager> auditTrailManagers -->
    <constructor-arg index="2">
      <list>
        <bean class="com.github.inspektr.audit.support.ConsoleAuditTrailManager" />
       </list> <!--
     </constructor-arg>   Uncomment following for <!-- Map<String,AuditActionResolver> auditActionResolverMap -->
    <constructor-arg index="3">
      <map>
writing logs to database via JDBC.
        See below for definition of auditManager bean.
       <entry key="AUTHENTICATION_RESOLVER" -->
        <!--  <ref local="authenticationActionResolverauditManager" />  -->
      </entry>list>
    </constructor-arg>

  <entry key="CREATE_TICKET_GRANTING_TICKET_RESOLVER">
    <!-- Map<String,AuditActionResolver> auditActionResolverMap -->
      <ref local<constructor-arg index="ticketCreationActionResolver3" />
      <map>
 </entry>
        <entry key="DESTROY_TICKET_GRANTING_TICKETAUTHENTICATION_RESOLVER">
          <bean<ref classlocal="com.github.inspektr.audit.spi.support.DefaultAuditActionResolverauthenticationActionResolver" />
        </entry>
        <entry key="GRANTCREATE_TICKET_SERVICEGRANTING_TICKET_RESOLVER">
          <ref local="ticketCreationActionResolver" />
        </entry>
        <entry key="GRANTDESTROY_PROXYTICKET_GRANTING_TICKET_RESOLVER">
          <ref<bean localclass="ticketCreationActionResolvercom.github.inspektr.audit.spi.support.DefaultAuditActionResolver" />
        </entry>
        <entry key="VALIDATEGRANT_SERVICE_TICKET_RESOLVER">
          <ref local="ticketValidationActionResolverticketCreationActionResolver" />
        </entry>

     </map>   <entry  </constructor-arg>key="GRANT_PROXY_GRANTING_TICKET_RESOLVER">
          <!-- Map<String,AuditResourceResolver> auditResourceResolverMap --<ref local="ticketCreationActionResolver" />
    <constructor-arg index="4">    </entry>
  <map>         <entry key="AUTHENTICATIONVALIDATE_SERVICE_RESOURCETICKET_RESOLVER">
          <bean<ref classlocal="org.jasig.cas.audit.spi.CredentialsAsFirstParameterResourceResolverticketValidationActionResolver" />
        </entry>
      </map>
 <entry key="CREATE_TICKET_GRANTING_TICKET_RESOURCE_RESOLVER">  </constructor-arg>
    
   <ref local="returnValueResourceResolver" />
  <!-- Map<String,AuditResourceResolver> auditResourceResolverMap -->
    <constructor-arg index="4">
      </entry><map>
        <entry key="DESTROY_TICKET_GRANTING_TICKET_AUTHENTICATION_RESOURCE_RESOLVER">
          <ref<bean localclass="ticketResourceResolverorg.jasig.cas.audit.spi.CredentialsAsFirstParameterResourceResolver" />
        </entry>
        <entry key="GRANTCREATE_TICKET_SERVICEGRANTING_TICKET_RESOURCE_RESOLVER">
          <bean<ref classlocal="org.jasig.cas.audit.spi.ServiceResourceResolver" />"returnValueResourceResolver" />
          </entry>
        <entry key="GRANTDESTROY_PROXYTICKET_GRANTING_TICKET_RESOURCE_RESOLVER">
          <ref local="returnValueResourceResolverticketResourceResolver" />
        </entry>
        <entry key="VALIDATEGRANT_SERVICE_TICKET_RESOURCE_RESOLVER">
          <ref<bean localclass="ticketResourceResolverorg.jasig.cas.audit.spi.ServiceResourceResolver" />
        </entry>
      </map>  <entry key="GRANT_PROXY_GRANTING_TICKET_RESOURCE_RESOLVER">
  </constructor-arg>   </bean>    <bean id="auditablePrincipalResolver" class="org.jasig.cas.audit.spi.TicketOrCredentialPrincipalResolver"<ref local="returnValueResourceResolver" />
      <constructor-arg index="0" ref="ticketRegistry" />  </entry>
    </bean>    <bean<entry idkey="authenticationActionResolver"VALIDATE_SERVICE_TICKET_RESOURCE_RESOLVER">
    class="com.github.inspektr.audit.spi.support.DefaultAuditActionResolver"      <ref local="ticketResourceResolver" />
    <!-- String successSuffix --> </entry>
   <constructor-arg index="0" value="_SUCCESS" </>map>
    
    <!-- String failureSuffix --></constructor-arg>
  </bean>

  <bean <constructor-arg index="1" value="_FAILEDid="auditablePrincipalResolver" class="org.jasig.cas.audit.spi.TicketOrCredentialPrincipalResolver">
      <constructor-arg index="0" ref="ticketRegistry" />
  </bean>
 

  <bean id="ticketCreationActionResolverauthenticationActionResolver"
    class="com.github.inspektr.audit.spi.support.DefaultAuditActionResolver">
    <!-- String successSuffix -->
    <constructor-arg index="0" value="_CREATEDSUCCESS" />
    
    <!-- String failureSuffix -->
    <constructor-arg index="1" value="_NOT_CREATEDFAILED" />
  </bean>
  
  <bean id="ticketValidationActionResolverticketCreationActionResolver"
    class="com.github.inspektr.audit.spi.support.DefaultAuditActionResolver">
    <!-- String successSuffix -->
    <constructor-arg index="0" value="D_CREATED" />
    
    <!-- String failureSuffix -->
    <constructor-arg index="1" value="_FAILEDNOT_CREATED" />
  </bean>
  
  <bean id="returnValueResourceResolverticketValidationActionResolver"

    class="com.github.inspektr.audit.spi.support.ReturnValueAsStringResourceResolverDefaultAuditActionResolver" />
     <!-- String successSuffix <bean id="ticketResourceResolver"-->
    <constructor-arg index="0" classvalue="org.jasig.cas.audit.spi.TicketAsFirstParameterResourceResolverD" />
</beans>

Inspektr assumes the database pointed to by the JDBC data source contains tables with the schema described at http://code.google.com/p/inspektr/wiki/DatabaseTables. The following script will create these tables with reasonable indices in Oracle; modify as needed for your database platform.

Code Block
sqlsql
titleOracle Create Table Script

CREATE TABLE "COM_AUDIT_TRAIL" (
  "AUD_USER"      VARCHAR2(100)  NOT NULL ENABLE,
  "AUD_CLIENT_IP" VARCHAR(15)    NOT NULL ENABLE,
  "AUD_SERVER_IP" VARCHAR(15)    NOT NULL ENABLE,
  "AUD_RESOURCE"  VARCHAR2(100)  NOT NULL ENABLE,
  "AUD_ACTION"    VARCHAR2(100)  NOT NULL ENABLE,
  "APPLIC_CD"     VARCHAR2(5)    NOT NULL ENABLE,
  "AUD_DATE"      TIMESTAMP      NOT NULL ENABLE
 );
ALTER TABLE "COM_AUDIT_TRAIL"
  ADD CONSTRAINT "COM_AUDIT_TRAIL_PK"
  PRIMARY KEY (
    "AUD_USER",
    "AUD_CLIENT_IP",
    "AUD_SERVER_IP",
    "AUD_RESOURCE",
    "AUD_ACTION",
    "APPLIC_CD",
    "AUD_DATE"
  ) ENABLE;

CREATE TABLE "COM_STATISTICS" (
  "STAT_SERVER_IP" VARCHAR2(15) NOT NULL ENABLE,
  "STAT_DATE" DATE NOT NULL ENABLE,
  "APPLIC_CD" VARCHAR2(5) NOT NULL ENABLE,
  "STAT_PRECISION" VARCHAR2(6) NOT NULL ENABLE,
  "STAT_COUNT" NUMBER NOT NULL ENABLE,
  "STAT_NAME" VARCHAR2(100)
);
ALTER TABLE "COM_STATISTICS"
  ADD CONSTRAINT "COM_STATISTICS_PK"
  PRIMARY KEY (
    "STAT_SERVER_IP",
    "STAT_DATE",
    "APPLIC_CD",
    "STAT_PRECISION",
    "STAT_NAME"
  ) ENABLE    
    <!-- String failureSuffix -->
    <constructor-arg index="1" value="_FAILED" />
  </bean>
  
  <bean id="returnValueResourceResolver"
     class="com.github.inspektr.audit.spi.support.ReturnValueAsStringResourceResolver" />
     
  <bean id="ticketResourceResolver"
    class="org.jasig.cas.audit.spi.TicketAsFirstParameterResourceResolver" />

  <!--
  Uncomment following beans for JDBC support.
  Assumes there is a dataSource bean that defines a valid JDBC data source.
  -->
  <!--
  <bean id="inspektrTransactionManager"
    class="org.springframework.jdbc.datasource.DataSourceTransactionManager"
    p:dataSource-ref="dataSource"
  />

  <bean id="inspektrTransactionTemplate"
    class="org.springframework.transaction.support.TransactionTemplate"
    p:transactionManager-ref="inspektrTransactionManager"
    p:isolationLevelName="ISOLATION_READ_COMMITTED"
    p:propagationBehaviorName="PROPAGATION_REQUIRED"
  />
  
  <bean id="auditManager" class="com.github.inspektr.audit.support.JdbcAuditTrailManager">
    <constructor-arg index="0" ref="inspektrTransactionTemplate" />
    <property name="dataSource" ref="dataSource" />
  </bean>
  -->
</beans>

Inspektr assumes the database pointed to by the JDBC data source contains tables with the schema described at http://code.google.com/p/inspektr/wiki/DatabaseTables. The following script will create these tables with reasonable indices in Oracle; modify as needed for your database platform.

Code Block
sql
sql
titleOracle Create Table Script
CREATE TABLE "COM_AUDIT_TRAIL" (
  "AUD_USER"      VARCHAR2(100)  NOT NULL ENABLE,
  "AUD_CLIENT_IP" VARCHAR(15)    NOT NULL ENABLE,
  "AUD_SERVER_IP" VARCHAR(15)    NOT NULL ENABLE,
  "AUD_RESOURCE"  VARCHAR2(100)  NOT NULL ENABLE,
  "AUD_ACTION"    VARCHAR2(100)  NOT NULL ENABLE,
  "APPLIC_CD"     VARCHAR2(5)    NOT NULL ENABLE,
  "AUD_DATE"      TIMESTAMP      NOT NULL ENABLE
 );
ALTER TABLE "COM_AUDIT_TRAIL"
  ADD CONSTRAINT "COM_AUDIT_TRAIL_PK"
  PRIMARY KEY (
    "AUD_USER",
    "AUD_CLIENT_IP",
    "AUD_SERVER_IP",
    "AUD_RESOURCE",
    "AUD_ACTION",
    "APPLIC_CD",
    "AUD_DATE"
  ) ENABLE;

CREATE TABLE "COM_STATISTICS" (
  "STAT_SERVER_IP" VARCHAR2(15) NOT NULL ENABLE,
  "STAT_DATE" DATE NOT NULL ENABLE,
  "APPLIC_CD" VARCHAR2(5) NOT NULL ENABLE,
  "STAT_PRECISION" VARCHAR2(6) NOT NULL ENABLE,
  "STAT_COUNT" NUMBER NOT NULL ENABLE,
  "STAT_NAME" VARCHAR2(100)
);
ALTER TABLE "COM_STATISTICS"
  ADD CONSTRAINT "COM_STATISTICS_PK"
  PRIMARY KEY (
    "STAT_SERVER_IP",
    "STAT_DATE",
    "APPLIC_CD",
    "STAT_PRECISION",
    "STAT_NAME"
  ) ENABLE;

CREATE INDEX "COM_AUDIT_TRAIL_DATE_I"
  ON "COM_AUDIT_TRAIL" ("AUD_DATE");

CREATE INDEX "COM_AUDIT_TRAIL_CLIENT_DATE_I"
  ON "COM_AUDIT_TRAIL" ("AUD_CLIENT_IP", "AUD_DATE");

CREATE INDEX "COM_AUDIT_TRAIL_USER_DATE_I"
  ON "COM_AUDIT_TRAIL" ("AUD_USER", "AUD_DATE");

CREATE INDEX "COM_AUDIT_TRAIL_ACTION_DATE_I"
  ON "COM_AUDIT_TRAIL" ("AUD_ACTION", "AUD_DATE");

CREATE INDEX "COM_AUDIT_TRAILSTATISTICS_DATE_I"
  ON "COM_AUDIT_TRAILSTATISTICS" ("AUDSTAT_DATE");

CREATE INDEX "COM_AUDITSTATISTICS_TRAILNAME_CLIENT_DATE_I"
  ON "COM_AUDIT_TRAIL" ("AUD_CLIENT_IP", "AUD_DATE");

CREATE INDEX "COM_AUDIT_TRAIL_USER_DATE_I"
  ON "COM_AUDIT_TRAIL" ("AUD_USER", "AUD_DATE");

CREATE INDEX "COM_AUDIT_TRAIL_ACTION_DATE_I"
  ON "COM_AUDIT_TRAIL" ("AUD_ACTION", "AUD_DATE");

CREATE INDEX "COM_STATISTICS_DATE_I"
  ON "COM_STATISTICS" ("STAT_DATE");

CREATE INDEX "COM_STATISTICS_NAME_DATE_I"
  ON "COM_STATISTICS" ("STAT_NAME", "STAT_DATE");
STATISTICS" ("STAT_NAME", "STAT_DATE");

Automatic Cleaning

If you're using the JdbcAuditTrailManager, you might want to automatically clean the audit log.  Here's some example code (for your auditTrailContext.xml) that cleans out entries older than 180 days.  This has been tested in CAS 3.4.10.

Code Block
languagehtml/xml
titleSnippet from auditTrailContext.xml - Automatic Audit Cleaning
<bean id="auditManager" class="com.github.inspektr.audit.support.JdbcAuditTrailManager">
  <constructor-arg index="0" ref="inspektrTransactionTemplate" />
  <property name="dataSource" ref="dataSource" />
  <property name="cleanupCriteria" ref="auditCleanupCriteria" />
</bean>
<bean id="auditCleanupCriteria"
  class="com.github.inspektr.audit.support.MaxAgeWhereClauseMatchCriteria">
  <constructor-arg index="0" value="180" />
</bean>