users@glassfish.java.net

Help with auditing remote EJBs GF 3.1.2

From: <forums_at_java.net>
Date: Fri, 2 Nov 2012 07:26:36 -0500 (CDT)

Hello, Here's my situation. I'm currently running on Glassfish 3.1.2.x. I
have a remote EJB running which is accessed via many other Glassfish
containers. I'm attempting to audit WHO is accessing the various methods on
the EJB - but I cannot alter the interface to explicity pass in the caller
info (ie, the server and application calling the ejb). I do have the ability
to alter the client and the EJB implementation as long as the method
signatures don't change. So I attempted to try using Security as a method of
doing this. That works, but I need to maintain a list of users (which in my
case, are actually applications) in the security realm - otherwise I get a
CORBA PERMISSION exception. If I set the security principle and don't enable
security, all caller access to the EJB is as the default ANONYMOUS user.
Basically the calling application would use it's own identity for a username
if this worked. I've also investigated the custom AuditModule functionality -
but a similar problem. So my question is, can this be done in any fashion in
Glassfish at all or am I stuck with changing the interface and explicitly
adding the audit info? So for example, if I have a method call "sayHello" -
in that method I'd like to know what component (running on different
clusters) called it: Cluster1.serverA.application1 ---> logs "sayHello by
Cluster1.serverA.application1" Cluster3.serverB.application5 ---> logs
"sayHello by Cluster3.serverB.application5" Cluster1.serverC.application22
---> logs "sayHello by Cluster1.serverC.application22" Is there any way I can
access this information via a proprietary class or something? Any help would
be greatly appreciated.

--
[Message sent by forum member 'csiemback']
View Post: http://forums.java.net/node/891934