Configure the Custom Auditing Provider Using the Administration Console

Auditing Providers 10-15 You can create instances of the MBean type by configuring your custom Auditing provider see Section 10.5.3, Configure the Custom Auditing Provider Using the Administration Console , and then use those MBean instances from a GUI, from other Java code, or from APIs. For example, you can use the WebLogic Server Administration Console to get and set attributes and invoke operations, or you can develop other Java objects that instantiate MBeans and automatically respond to information that the MBeans supply. We recommend that you back up these MBean instances.

10.5.3 Configure the Custom Auditing Provider Using the Administration Console

Configuring a custom Auditing provider means that you are adding the custom Auditing provider to your security realm, where it can be accessed by security providers requiring audit services. Configuring custom security providers is an administrative task, but it is a task that may also be performed by developers of custom security providers. This section contains information that is important for the person configuring your custom Auditing providers: ■ Section 10.5.3.1, Configuring Audit Severity

10.5.3.1 Configuring Audit Severity

During the configuration process, an Auditing providers audit severity must be set to one of the following severity levels: Note: WL_HOME\server\lib\mbeantypes is the default directory for installing MBean types. Beginning with 9.0, security providers can be loaded from ...\domaindir\lib\mbeantypes as well. However, if you want WebLogic Server to look for MBean types in additional directories, use the -Dweblogic.alternateTypesDirectory=dir command-line flag when starting your server, where dir is a comma-separated list of directory names. When you use this flag, WebLogic Server will always load MBean types from WL_ HOME\server\lib\mbeantypes first, then will look in the additional directories and load all valid archives present in those directories regardless of their extension. For example, if -Dweblogic.alternateTypesDirectory = dirX,dirY, WebLogic Server will first load MBean types from WL_ HOME\server\lib\mbeantypes, then any valid archives present in dirX and dirY. If you instruct WebLogic Server to look in additional directories for MBean types and are using the Java Security Manager, you must also update the weblogic.policy file to grant appropriate permissions for the MBean type and thus, the custom security provider. For more information, see Using Java Security to Protect WebLogic Resources in Programming Security for Oracle WebLogic Server. Note: The steps for configuring a custom Auditing provider using the WebLogic Server Administration Console are described under Configuring WebLogic Security Providers in Securing Oracle WebLogic Server. 10-16 Developing Security Providers for Oracle WebLogic Server ■ INFORMATION ■ WARNING ■ ERROR ■ SUCCESS ■ FAILURE

10.6 Security Framework Audit Events

This section describes the audit events that are posted by the WebLogic Server Security Framework. If you write a custom audit provider, it should be prepared to handle these events. The following topics are covered in this section: ■ Section 10.6.1, Passing Additional Audit Information ■ Section 10.6.2, Audit Event Interfaces and Audit Events

10.6.1 Passing Additional Audit Information

The WebLogic Security providers implement the appropriate AuditEvent interfaces and post those events to the Audit provider. The audit events that also implement the AuditContext interface can provide more information via a ContextHandler. Table 10–1 lists the weblogic.security.spi subinterfaces that extend the AuditEvent SSPI, and indicates which subinterfaces implement the AuditContext interface. Table 10–1 Audit Events Audit Event Name Interface Class Audit Event Audit Context Application Version Event weblogic.security.spi.Aud itApplicationVersionEvent Yes No Authentication Audit Event weblogic.security.spi.Aud itAtnEvent Yes No Authentication Audit Event V2 weblogic.security.spi.Aud itAtnEventV2 Yes Yes Authorization Audit Event weblogic.security.spi.Aud itAtzEvent Yes Yes CertPathBuilder Audit Event weblogic.security.spi.Aud itCertPathBuilderEvent Yes Yes CertPathValidator Audit Event weblogic.security.spi.Aud itCertPathValidatorEvent Yes Yes Configuration Audit Event weblogic.security.spi.Aud itConfigurationEvent Yes Yes Credential Mapping Audit Event weblogic.security.spi.Aud itCredentialMappingEvent Yes Yes Life Cycle Event weblogic.security.spi.Aud itLifecycleEvent Yes No Audit Management Event weblogic.security.spi.Aud itMgmtEvent Yes No