Recording Access Audit Events in JMS
Important
This procedure is an example of how to record access audit events with a JMS audit event handler configured to use the ActiveMQ message broker. This example is not tested on all configurations, and can be more or less relevant to your configuration.
For information about configuring the JMS event handler, see "JmsAuditEventHandler".
Before you start, prepare IG as described in Getting Started Guide.
Add ActiveMQ client dependencies to IG:
Download the following .jar files from :
geronimo-j2ee-management_1.1_spec-1.0.1.jar
hawtbuf-1.11.jar
activemq-client-5.13.3.jar
Add the .jar files to the configuration:
For IG in standalone mode, create the directory
$HOME/.openig/extra
, where$HOME/.openig
is the instance directory: and add .jar files to the directory.For IG in web container mode, add .jar files to the web container classpath. For example, in Jetty use
/path/to/jetty/webapps/ROOT/WEB-INF/lib
.
Download and install the ActiveMQ message broker from http://activemq.apache.org/. For help, see the the ActiveMQ documentation on the same site.
Create a consumer that subscribes to the
audit
topic.From the ActiveMQ installation directory, run the following command:
$
./bin/activemq consumer --destination topic://audit
Add the following route to IG:
$HOME/.openig/config/routes/30-jms.json
%appdata%\OpenIG\config\routes\30-jms.json
{ "name": "30-jms", "MyCapture" : "all", "baseURI": "http://app.example.com:8081", "condition" : "${request.uri.path == '/activemq_event_handler'}", "heap": [ { "name": "AuditService", "type": "AuditService", "config": { "eventHandlers" : [ { "class" : "org.forgerock.audit.handlers.jms.JmsAuditEventHandler", "config" : { "name" : "jms", "topics": [ "access" ], "deliveryMode" : "NON_PERSISTENT", "sessionMode" : "AUTO", "jndi" : { "contextProperties" : { "java.naming.factory.initial" : "org.apache.activemq.jndi.ActiveMQInitialContextFactory", "java.naming.provider.url" : "tcp://openam.example.com:61616", "topic.audit" : "audit" }, "topicName" : "audit", "connectionFactoryName" : "ConnectionFactory" } } } ], "config" : { } } } ], "auditService": "AuditService", "handler" : { "type" : "StaticResponseHandler", "config" : { "status" : 200, "headers" : { "Content-Type" : [ "text/plain" ] }, "reason" : "found", "entity" : "Message from audited route" } } }
When a request matches the
/activemq_event_handler
route, this configuration publishes JMS messages containing audit event data to an ActiveMQ managed JMS topic, and the StaticResponseHandler displays a message.Access the route on http://openig.example.com:8080/activemq_event_handler.
Depending on how ActiveMQ is configured, audit events are displayed on the ActiveMQ console or written to file.