Covering J2EE Security and WebLogic Topics

Auditing Context Information in WebLogic 9

In WebLogic 8.1, the default audit provider came with two configuration settings:

  • Audit severity
  • Log rotation time

No muss, no fuss.

Even with this minimal configurability you still get most of what you need in the log file. (See my other recent post on WebLogic auditing for more things you can do.)

In WebLogic 9, however, BEA added the ability to selectively capture context information which accompanies certain events. Most of this information was available in 8.1 but you needed to write a custom audit provider to access it.

But in WebLogic 9, you can now choose from the following types of context information to include in the audit log:

  • servlet.HttpServletRequest
  • servlet.HttpServletResponse
  • wli.Message
  • channel.Port
  • channel.PublicPort
  • channel.RemotePort
  • channel.Protocol
  • channel.Address
  • channel.RemoteAddress
  • channel.ChannelName
  • channel.Secure
  • channel.PublicAddress
  • ejb20.Parameter
  • wsee.SOAPMessage
  • entitlement.EAuxiliaryID
  • security.ChainPrevailidatedBySSL
  • xml.SecurityToken
  • xml.SecurityTokenAssertion
  • webservice.Integrity
  • saml.SSLClientCertificateChain
  • saml.MessageSignerCertificate
  • saml.subject.ConfirmationMethod
  • saml.subject.dom.KeyInfo
  • jmx.OldAttributeValue
  • jmx.ObjectName
  • jmx.ShortName
  • jmx.Parameters
  • jmx.Signature
  • jmx.AuditProtectedArgInfo

    For example, if you choose to log the HttpServletRequest context information, you’ll see most of the data from that object in your log file. This means you’ll see header information, paths, cookies, etc.

    So, if you want to fatten up your audit log file, add some context!