Other option to consider is, using CacheWriter, CacheListener and passing Callback arguments....
-Anil. On Wed, Oct 25, 2017 at 10:17 AM, Dan Smith <[email protected]> wrote: > It's not the easiest solution, but you could have your clients do all of > their operations by invoking a geode Function on the server. That function > could do your audit logging and then delegate to the the actual operation > you want to do - put/get/destroy/etc. If you use > FunctionService.onRegion().withFilter(your_key) > on the client, the function will execute on a member where the key is > stored on the server so you wouldn't see much performance impact due to > using the function. You could use the AccessControl to block operations > that don't come through your function. > > -Dan > > On Tue, Oct 24, 2017 at 7:01 PM, Akihiro Kitada <[email protected]> > wrote: > >> Hello Daniel, >> >> Here is mailing list space for Apache Geode user. And also, your question >> is based on older Security Framework, which has been obsoleted with Apache >> Geode. >> >> The new security framework brought from Apache Geode based on Apache >> Shiro is totally different from older GemFire's framework. You don't need >> to implement AccessControl interface for specific authorization module any >> more. Instead, you just implement SecurityManager interface for both >> authentication and authorization implementation in your consolidated >> security manager class. >> >> Actually, you can authorize any requests based on more granular level >> with using new security framework like below. >> >> http://geode.apache.org/docs/guide/12/managing/security/impl >> ementing_authorization.html >> >> If you still want to ask questions on older security framework, you can >> ask questions on Pivotal GemFire forum or file a support ticket for Pivotal >> Support. >> >> [Pivotal GemFire forum] >> https://discuss.pivotal.io/hc/en-us/community/topics/2000532 >> 18-Pivotal-GemFire-Forum >> >> [Pivotal Support] >> https://support.pivotal.io/ >> >> Thanks. >> >> >> >> -- >> Akihiro Kitada | Staff Customer Engineer | +81 80 3716 3736 >> <+81%2080-3716-3736> >> Support.Pivotal.io <http://support.pivotal.io/> | Mon-Fri 9:00am to >> 5:30pm JST | 1-877-477-2269 <(877)%20477-2269> >> [image: support] <https://support.pivotal.io/> [image: twitter] >> <https://twitter.com/pivotal> [image: linkedin] >> <https://www.linkedin.com/company/3048967> [image: facebook] >> <https://www.facebook.com/pivotalsoftware> [image: google plus] >> <https://plus.google.com/+Pivotal> [image: youtube] >> <https://www.youtube.com/playlist?list=PLAdzTan_eSPScpj2J50ErtzR9ANSzv3kl> >> >> >> 2017-10-24 19:08 GMT+09:00 Vedamuthu, Daniel Pravin < >> [email protected]>: >> >>> Hi Team, >>> >>> >>> >>> We are trying to do some audit logging on the Gemfire server side for >>> every client operation, as per our requirement we need to log details like >>> timestamp, client name, operation/function, client system IP, payload and >>> response time. In order to do this we tried to use the Gemfire >>> Authentication and Authorization framework, we have an implementation of >>> AccessControl interface and have our log statements in the >>> authorizeOperation method for both pre and post calls, but we ran into some >>> issues and we need help to proceed further. >>> >>> >>> >>> Using this approach we are able to get most of the details, except for >>> response time, originally we planned get the response time by getting the >>> difference in time between the pre and post-calls to authorizeOperations >>> for the same operation, but turns out the post-operation call is not >>> invoked for DESTROY, PUT, etc. and based on clarification from the Pivotal >>> support we understand that the reason for this is because these operations >>> do not return any information back. >>> >>> >>> >>> We would like to know if there is any other way to log all the required >>> information for audit purposes for each client operation/call. Please let >>> me know if you need any additional information. Thanks >>> >>> >>> >>> Regards >>> >>> Daniel >>> >>> Citi >>> >>> >>> >> >> >
