Ever wanted to know who changed what in your WLS domain?
One very helpful tool, specially in environments where the administration is carried on by a team, the Auditing Provider, can log every operating requests made to the domain.
It has a cost though: the auditing logs tend to grow very fast, since the default Auditing Provider logs pretty much every action taken on the domain.
The official docs explain how the Auditing provider works and how to configure the defaul Auditing Provider: Auditing Providers
But to most customers, a simple "who/when/what" combination of configuration changes is enough.
Fortunately for us, WLS provides a Security Service Provider Interface which we can implement and a ManagedBean Generator tool to create an MBean to configure our provider in the AdminConsole.
So, if you're interested in develop your custom Audit Provider to log only the information you need, read on...
Note 1: All the required classes and a complete Eclipse project (including an ant build to perform the required tasks: compile, package, deploy, etc) is included to make things easier (yes, I'm lazy).
Note 2: This work was based on the official docs, Auditing Providers, and another blog with great and detailed material that was essencial to get this done: How to Develop Weblogic Custom Audit Provider
1. Download the Eclipse Project (I used Eclipse Indigo with Oracle WebLogic Server Tools plugin installed): Eclipse Project
2. Import the project into your workspace.
You might need to resolve some classpath references and project facets.
You need to have those jars in your build path: WL_HOME/server/lib/weblogic.jar and WL_HOME/server/lib/wls-api.jar
The Project uses Oracle Weblogic Server 11gR1 Patchset 2 as Runtime.
3. Edit the build.xml and set the global properties according to you environment.
The build.xml should have enough comments explaining all the properties and target's utilization.
4. Edit the SimpleSampleAuditor.xml to add/remove properties of your MBean.
This Mbean will initiate and set/get the properties for you Custom Provider.
Some of the MBean properties are required and some is user defined.
Here you can define any property that you might want to use in your Provider Implementation and can be configured at runtime in AdminConsole.
I have already added in this example LogFileName, Enabled, LogSizeLimit and MaxNumberLogFiles.
If you want to remove them and add other properties remember to update the SimpleSampleAuditProviderImpl.java code.
5. Generate the MBean with the definition you created in the SimpleSampleAuditor.xml.
For this purpose, I included a target defined in the build.xml, updateMBean. Use this target everytime you make changes to your MBean definition to update the MBean stub in your project.
6. Implement your Custom Provider login in SimpleSampleAuditProviderImpl.java.
The methods you want to imnplement are initialize(), shutdown() and writeEvent().
The Auditing Process uses Channels, Events and Contexts to audit information of the several WLS subsystems.
In my case, I just want to log configuration changes made to the domain and ignore everything else.
So, I just have to worry about the events related to ConfigurationEvents: AuditCreateConfigurationEvent, AuditDeleteConfigurationEvent and AuditSetAttributeConfigurationEvent, despite of the channel or Context they originated from.
7. Package and deploy
Once you have your MBean and SimpleSampleAuditProviderImpl all set, it's time to package and deploy the Custom Auditor.
Considering you have all the build.xml properties correctly set, run the target createCustomProvider and it will compile and package the required classes into a jar file, defined in your build.xml.
To deploy, just run deploy target.
By deploy, we mean to copy the jar file to BEA_HOME/wlserver_10.3/server/lib/mbeantypes folder.
8. Edit your server's classpath
The last step is to add the jar file to your server's classpath. Edit your server startup script to add the reference to your Auditor jar.
9. Startup the server and Create your new provider.
Go to AdminConsole - Security Realms - myrealm - Providers - Auditing.
Click "New" and give your provider a name.
Select Type: SimpleSampleAuditor
Click OK.
10. Configure your provider
Click on the provider you've just created.
Go to Provider Specific tab.
There you can see the properties you've defined in you SimpleSampleAuditor.xml. You can change the default values there, to anything you like.
Depending on your implementation, you might want to restart the server to meke the changes effective.
11. Check if it works.
Make any configuration change, let's say, create a cluster.
Go to your Auditor log to see the information it captured.
This is a basic starting point to create more complex Auditing providers and you can extend this simple example to your needs.
I hope it helps to keep track of who changed what in your environment.
Cheers!
Hello Dude,
ReplyDeleteWebLogic server implements the Java security service methods according to the standard and adds extensions that handle many details of application behavior automatically, without requiring additional programming. Thanks for sharing it......