Marvin is right: if you just want audit information on CAS, then check out
Inspektr. However, we found that this was a larger need across all of our Java
applications. Since we use Log4J as does CAS, I developed a solution based
around Log4J's MDC ability. For those who don't know, MDC is a storage of
information available to any logger at the time a message is logged. I created
a servlet request listener that will store pertinent about the user (IP,
username, etc) in the MDC and then configure the Log4J properties file to use
pattern layout that retrieves the MDC data (%x{key}).
The benefit of this approach is that the data you need is collected without
burdening the developers with annotations, manual accumulation, or having the
data available at the location of where you need to log. Since Log4J is the
logging framework we adopted, it has worked out really well so much so that we
have JDBC wrappers that accumulate JDBC information such as success, duration,
SQL, prepared values, transaction and connection information, etc.
My recommendation is to look at the bigger picture of auditing your Java
applications and work out some kind of plan. If CAS is the only one you have
or lack expertise to get something going right now, I suggest going with
Inspektr. If you want to make the initial investment now, then talk with me
and I can see what I can do to help.
A-
--
Andrew Feller, Analyst
LSU University Information Services
200 Frey Computing Services Center
Baton Rouge, LA 70803
Office: 225.578.3737
Fax: 225.578.6400
-----Original Message-----
From: Marvin Addison [mailto:[email protected]]
Sent: Fri 7/10/2009 3:43 PM
To: [email protected]
Subject: Re: [cas-user] log ipaddress
> I need to include ip-address of the client in log messages in class
> CentralAuthenticationServiceImpl. How to do that?
See
http://www.ja-sig.org/wiki/display/CASUM/Auditing+and+Statistics+Via+Inspektr.
The COM_AUDIT_TRAIL table, which tracks both authentication and
service ticket validation attempts, contains an AUD_CLIENT_IP column
containing the source IP address. We use this and it works well for
auditing purposes.
M
--
You are currently subscribed to [email protected] as: [email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
