10-6 Developing Security Providers for Oracle WebLogic Server import weblogic.management.security.audit.ContextHandlerImpl; The simple sample auditors mbean implementation. p It is needed to inherit the ContextHandlerMBeans ActiveContextHandlerEntries attribute validator that ensures that the ActiveContextHandlerEntries attribute only contains values from the SupportedContextHandlerEntries attribute. author Copyright © 1996, 2008, Oracle andor its affiliates. All rights reserved. public class SimpleSampleAuditorImpl extends ContextHandlerImpl Note: extend ContextHandlerImpl instead of AuditorImpl to inherit the ActiveContextHandlerEntries attribute validator. { Standard mbean impl constructor. throws MBeanException public SimpleSampleAuditorImplRequiredModelMBean base throws MBeanException { superbase; } } After you implement code similar to that in SimpleSampleAuditorImpl, add code to your Audit runtime provider to get the ActiveContextHandlerEntries. One possible way to do this is shown in Example 10–3 . Example 10–3 Getting Active Context Handler Entries String [] activeHandlerEntries = myMBean.getActiveContextHandlerEntries; if activeHandlerEntries = null { for int i=0; iactiveHandlerEntries.length; i++ { if activeHandlerEntries[i] = null activeHandlerEntries[i].equalsIgnoreCaseHTTP_REQUEST_ELEMENT { handlerEnabled = true; break; } } } 10.4 Do You Need to Develop a Custom Auditing Provider? The default that is, active security realm for WebLogic Server includes a WebLogic Auditing provider. The WebLogic Auditing provider records information from a number of security requests, which are determined internally by the WebLogic Security Framework. The WebLogic Auditing provider also records the event data associated with these security requests, and the outcome of the requests. The WebLogic Auditing provider makes an audit decision in its writeEvent method, based on the audit severity level it has been configured with and the audit severity contained within the AuditEvent object that is passed into the method. For more information about AuditEvent objects, see Section 12.2.1, Create an Audit Event. Auditing Providers 10-7 If there is a match, the WebLogic Auditing provider writes audit information to the DefaultAuditRecorder.log file, which is located in the WL_HOME\yourdomain\ yourserver\logs directory. Example 10–4 is an excerpt from the DefaultAuditRecorder.log file. Example 10–4 DefaultAuditRecorder.log File: Sample Output When Authentication suceeds. [SUCCESS] Audit Record Begin Feb 23, 2005 11:42:17 AM Severity=SUCCESS Event Type = Authentication Audit EventTestUserAUTHENTICATE Audit Record End When Authentication fails. [FAILURE] Audit Record Begin Feb 23, 2005 11:42:01 AM Severity=FAILURE Event Type = Authentication Audit EventTestUserAUTHENTICATE Audit Record End When Operations are invoked.[SUCCESS] When a user account is unlocked. [SUCCESS] Audit Record Begin Feb 23, 2005 11:42:17 AM Severity=SUCCESS Event Type = Authentication Audit EventTestUserUSERUNLOCKED Audit Record End When an Authorization request succeeds. [SUCCESS] Audit Record Begin Feb 23, 2005 11:42:17 AM Severity=SUCCESS Event Type = Authorization Audit Event Subject: 1 Principal = class weblogic.security.principal.WLSUserImplTestUser ONCEjnditype=jndi, application=, path={weblogic}, action=lookup Audit Record End Specifically, Example 10–4 shows the Role Manager a component in the WebLogic Security Framework that deals specifically with security roles recording an audit event to indicate that an authorized administrator has accessed a protected method in a certificate servlet. You can specify a new directory location for the DefaultAuditRecorder.log file on the command line with the following Java startup option: -Dweblogic.security.audit.auditLogDir=c:\foo The new file location will be c:\foo\yourserver\DefaultAuditRecorder.log. If you want to write audit information in addition to that which is specified by the WebLogic Security Framework, or to an output repository that is not the DefaultAuditRecorder.log that is, to a simple file with a different namelocation or to an existing database, then you need to develop a custom Auditing provider.

10.5 How to Develop a Custom Auditing Provider